> This could be combined with a change to HTTPS Everywhere to prefer HS > sites over clear web sites, just as it prefers HTTPS over HTTP. (I > think this has been mentioned before?) You mean like what we've been doing over on https://github.com/chris-barr/darkweb-everywhere? :) The above tool (granted I have a *very* clear bias) is why I am not a fan of the "make a hidden service be a reverse proxy to another website". I'm not comfortable with transferring expected ownership of a website for a number of reasons, which is is why we try to vet every site included. I'm very big on asking websites, especially those that are censored, to run a hidden service as a way to protect their users and as a way to make them more censor resistant. I think the lack of interest has started to go away now that Blockchain and Facebook have implemented one, since I haven't been getting the usial "Well we don't block Tor..." response. Maybe we can get a big news organization to run one for a proof of concept? Colin Katya Titov: > Thomas White: >> As per Nick's post, I fully agree that hidden services do need some >> work, but I imagine the vast majority of people on this list are not >> skilled in the languages and areas required to do any kind of >> technical reform to them. However, technical reform of them is only >> one aspect. >> >> I've been launching a few of my own hidden services recently with some >> useful things such as Tor project mirrors, as well as my own >> client-side encrypted file host/sync which I've currently got in >> private beta (email me privately if you want to give it a test drive). >> In order to make hidden services a bigger priority and to potentially >> attract more funding from sponsors to Tor Project, I think we as a >> community need to make better use of them. They are end to end >> encryption, thus have held up very well against nation state attackers >> like the NSA and GCHQ, and they do not require exits and that makes >> use of the underutilised capacity of the non-exit relays in the >> network. >> >> If anyone has any thoughts on what they would like to see as a hidden >> service, I am all ears to suggestion. Whether you can build it or not >> (so yeah, even if it is just an idea throw it at me) I'd love to know >> what you want to see in hidden services. >> >> One of the primary ideas in the works right now for myself is a shared >> host environment which I and a few others are experimenting with ideas >> for, but the premise is each person would be assigned a small virtual >> machine and they could host Wordpress blogs for example, or whatever >> else that would make people more comfortable using hidden services. >> >> So to conclude - if you've got ideas, I'd love to hear them! > > Hi Thomas, > > It would be interesting to see big sites out there providing more > resources within the Tor network, i.e. offering hidden services > themselves. Maybe this could be an area of exploration: rather than > hosting sites yourself, provide information, encouragement and advice > to others to run their own HS. Maybe run a HS which is just a proxy > into their clear web site, with their permission, as an initial step? > > This could be combined with a change to HTTPS Everywhere to prefer HS > sites over clear web sites, just as it prefers HTTPS over HTTP. (I > think this has been mentioned before?) > > This would lead towards an environment where there is less need to > leave the Tor network itself. Many providers are completing the > end-to-end model and also encrypting their internal links, the next > logical step may be to operate within an environment which is outside > the reach of state monitoring, or at least further from their grasp. > > (This could lead to further Balkanisation of the Internet, and could > also lead to more direct competition between Tor and I2P ... but I'd > wager that this won't increase the likelihood of Balkanisation, and > competition should be good for both projects.) > > Slightly off-topic: if use of hidden services is going to expand then > this may be an opportune time to ensure that they will continue to work > into the future, e.g. who is going to own the .onion TLD? Should the > Tor Project make a bid for it? Should HS change the way they are > addressed? I don't know how the code works now, but I assume that there > is something which stops DNS lookups of .onion domains and just > redirects them toward a HS lookup. What happens when the Oxnard Chamber > of Commerce claims that TLD? >
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk