[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Giving Hidden Services some love

> This could be combined with a change to HTTPS Everywhere to prefer HS
> sites over clear web sites, just as it prefers HTTPS over HTTP. (I
> think this has been mentioned before?)

You mean like what we've been doing over on
https://github.com/chris-barr/darkweb-everywhere? :)

The above tool (granted I have a *very* clear bias) is why I am not a
fan of the "make a hidden service be a reverse proxy to another
website". I'm not comfortable with transferring expected ownership of a
website for a number of reasons, which is is why we try to vet every
site included.

I'm very big on asking websites, especially those that are censored, to
run a hidden service as a way to protect their users and as a way to
make them more censor resistant. I think the lack of interest has
started to go away now that Blockchain and Facebook have implemented
one, since I haven't been getting the usial "Well we don't block Tor..."
response. Maybe we can get a big news organization to run one for a
proof of concept?


Katya Titov:
> Thomas White:
>> As per Nick's post, I fully agree that hidden services do need some
>> work, but I imagine the vast majority of people on this list are not
>> skilled in the languages and areas required to do any kind of
>> technical reform to them. However, technical reform of them is only
>> one aspect.
>> I've been launching a few of my own hidden services recently with some
>> useful things such as Tor project mirrors, as well as my own
>> client-side encrypted file host/sync which I've currently got in
>> private beta (email me privately if you want to give it a test drive).
>> In order to make hidden services a bigger priority and to potentially
>> attract more funding from sponsors to Tor Project, I think we as a
>> community need to make better use of them. They are end to end
>> encryption, thus have held up very well against nation state attackers
>> like the NSA and GCHQ, and they do not require exits and that makes
>> use of the underutilised capacity of the non-exit relays in the
>> network.
>> If anyone has any thoughts on what they would like to see as a hidden
>> service, I am all ears to suggestion. Whether you can build it or not
>> (so yeah, even if it is just an idea throw it at me) I'd love to know
>> what you want to see in hidden services.
>> One of the primary ideas in the works right now for myself is a shared
>> host environment which I and a few others are experimenting with ideas
>> for, but the premise is each person would be assigned a small virtual
>> machine and they could host Wordpress blogs for example, or whatever
>> else that would make people more comfortable using hidden services.
>> So to conclude - if you've got ideas, I'd love to hear them!
> Hi Thomas,
> It would be interesting to see big sites out there providing more
> resources within the Tor network, i.e. offering hidden services
> themselves. Maybe this could be an area of exploration: rather than
> hosting sites yourself, provide information, encouragement and advice
> to others to run their own HS. Maybe run a HS which is just a proxy
> into their clear web site, with their permission, as an initial step?
> This could be combined with a change to HTTPS Everywhere to prefer HS
> sites over clear web sites, just as it prefers HTTPS over HTTP. (I
> think this has been mentioned before?)
> This would lead towards an environment where there is less need to
> leave the Tor network itself. Many providers are completing the
> end-to-end model and also encrypting their internal links, the next
> logical step may be to operate within an environment which is outside
> the reach of state monitoring, or at least further from their grasp.
> (This could lead to further Balkanisation of the Internet, and could
> also lead to more direct competition between Tor and I2P ... but I'd
> wager that this won't increase the likelihood of Balkanisation, and
> competition should be good for both projects.)
> Slightly off-topic: if use of hidden services is going to expand then
> this may be an opportune time to ensure that they will continue to work
> into the future, e.g. who is going to own the .onion TLD? Should the
> Tor Project make a bid for it? Should HS change the way they are
> addressed? I don't know how the code works now, but I assume that there
> is something which stops DNS lookups of .onion domains and just
> redirects them toward a HS lookup. What happens when the Oxnard Chamber
> of Commerce claims that TLD?

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to