[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
From: "l.m" <ter.one.leeboi@xxxxxxxx>
Date: Tue, 19 May 2015 08:24:10 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 19 May 2015 08:24:24 -0400
In-reply-to: <20150519120156.DF4ACA2912@xxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20150519112619.7FE4CA2914@xxxxxxxxxxxxxxxxx> <20150519110354-728-27597-mailpile@mailpile-home> <20150519120156.DF4ACA2912@xxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

>You plan to
>deploy on a locally run user site yet you claim to be conscious of
>breaking the production server. It does not follow.

More typo. You stated somewhere you intend to deploy to a test site
run locally. Something to that effect. I hope I'm not quoting you out
of context. Which would mean you have both a production server and
development server on which to take measurements and instrument as you
please. Those measurements are what gets it done.

And while I'm here:
So you're running both via some sort of multi-homing. As you've said
you don't care about hiding the server. Great, that simplifies your
deployment. You just need to be concerned with ensuring trust of your
site by not doing anything silly. Such as selling their data,
embedding exploitable code, not caring that your client really doesn't
want to use javascript, etc. All the things you would do with a HS
anyway. Without the constraint of hiding like the worst of tor.
Congratulations on giving your clients a choice and for being a good
model of tor use.

A counter example where you might actually want to hide the HS origin:
I was thinking of setting up a Christianity oriented site accessible
by onion in [redacted]. Although I don't care about attacks on the
www-front, I definitely don't want to have traffic on the HS be
correlated by side channel attack on www-front. Because then the
people who use the HS might experience severe persecution not just
(potentially) for using obfuscated bridges but also because of the
content. I'm glad this doesn't apply to you though.

--leeroy
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
  - From: Ben

References:
- Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
  - From: l.m
- Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
  - From: Ben
- Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
  - From: l.m

Prev by Author: Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
Next by Author: Re: [tor-talk] New Astoria Tor client is said to be better than plain Tor
Previous by thread: Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
Next by thread: Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?
Index(es):
- Author
- Thread