[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Testers Wanted: Human-meaningful onion service names via Namecoin in Tor Browser Nightly

Jeremy Rand:
> Hi Tor community!
> As we all know, onion services have rather unwieldy randomly derived
> base32-encoded names.  This is, of course, a reasonable design, given
> the design constraints that onion services have to deal with.  And it
> works pretty well, all things considered.
> That said, the unmemorable names are also a UX problem, especially for
> users who are new to Tor and therefore are accustomed to DNS.  Many Tor
> users don't consistently check .onion services' names for correctness,
> which introduces the risk of phishing attacks.
> So, the Namecoin developers and the Tor Browser developers are running
> an experiment, and we'd love to get some feedback from the community.
> The currently available Nightly builds of Tor Browser (currently only
> GNU/Linux) include optional support for using Namecoin as a naming layer
> for onion services.
> To try it out, once you have a Nightly version of Tor Browser for
> GNU/Linux installed, try running it with the environment variable
> "TOR_ENABLE_NAMECOIN=1".  The following domains can be used to test the
> support:
> http://federalistpapers.bit/
> http://onionshare.bit/
> http://riseuptools.bit/
> http://submit.theintercept.bit/
> http://submit.wikileaks.bit/
> These domains are held by Namecoin community members who are happy to
> donate them to the "rightful" owners on request.  However, since they
> haven't been donated *yet*, don't rely on these domains for security
> (e.g. you should *not* use this to submit documents to The Intercept).
> For somewhat more detailed instructions (e.g. if you don't know how to
> get a Tor Browser nightly build, or if you don't know how to set
> environment variables), see my workshop notes from the 36C3 Critical
> Decentralization Cluster:
> https://www.namecoin.org/resources/presentations/36C3/tor-workshop/
> Like any experiment, this experiment is only as good as the feedback we
> get.  So, if you try it out, please let us know how it goes!  Specifically:
> * If it works well for you, please let us know via this thread on the
> tor-talk mailing list.
> * If you find a bug or otherwise have suggestions for how we could
> improve it, please let us know via this thread as well.  (Or, if you're
> comfortable with Trac, you can report it as a ticket on Trac; please use
> the "Tor Browser" component and add "namecoin" to the keywords list so
> that the right people notice the ticket.)
> If you're curious about the behind-the-scenes work that went into this
> (and you're not afraid of technical details), my talk at the 36C3
> Critical Decentralization Cluster may be interesting to you.  See the
> following links:
> 36C3 CDC Slides:
> https://www.namecoin.org/resources/presentations/36C3/Adventures_and_Experiments_Adding_Namecoin_to_Tor_Browser_36C3_CDC.pdf
> 36C3 CDC Video: https://youtu.be/mc51zyflpa8?t=22638
> Cheers!

Relaying a couple of test reports from other venues to this tor-talk
thread so that the right people see them.

Masayuki Hatta tested the Namecoin support at 36C3 and posted feedback
(including a demo video) on Twitter:

LinuxReviews.org posted an article in February about the Namecoin
support, including a screenshot they took of it working.

More test reports would be very helpful; if anyone on this list would
like to test it out and report back (even if it's as short a report as
"it works fine"), it would be greatly appreciated.

-Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile@xxxxxxxxxx
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy@xxxxxxxxxxx is having technical issues at the

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to