[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?



Roger, glad to hear you agree on the role of onions.  :)

Thomas, don't forget there is the option of having non-hidden services
that link directly into the DHT rather than setting up a 3-hop circuit.
It's the so-called tor2web mode. I think we should rename this option
into something more intuitive (sorry, Fabio) and shamelessly advertize
it as "Tor Services." 

Maybe there are even use cases for users that don't need anonymity and
simply want Tor for the end-to-end authenticated crypto. They could
consciously want to pick single hop circuits.

grarpamp, sounds to me like it is time to fork HTTPS Everywhere and
relaunch it as "Onion Everywhere"

On Sun, May 17, 2015 at 06:46:53PM -0000, Ben wrote:
> > On the other side CAs should give out certificates for .onion freely
> > since only the owner of the private key can make any use for it.
> 
> I can think of some nastiness you could probably do if you could get
> malware onto a target's machine, and they were connecting via a tor
> router (or similar) rather than using SOCKS, but we're getting into a
> few if's and but's there (plus, if you've got malware onto their
> machine, there are better ways :) )

You mean doing MITM before the browser gets to its Tor router?
No wait, you mean browsers stupidly trying to DNS resolve .onion thus
paving the way for a MITM attack whenever Tor isn't installed?
Indeed that has to be impeded in all browser implementations.
Here's a ticket about that:

    https://trac.torproject.org/projects/tor/ticket/13410

> > But it's insulting to the superior concept of public-key based routing that the 
> > certification industry is involved in any way at all.
> 
> I agree, but I suppose that we (as an industry) have spent so long
> telling people they can't trust a site if there's no 's' that we
> probably can't complain too much about people asking for HTTPS.

Maybe around 2006 one of my PSYC devs started ranting that X.509 was
complete hopeless crap.. I clinged to it a few months longer, but then
in 2009 we released the first version of
	https://addons.mozilla.org/addon/certificate-patrol/
But I prefer websites whose public key you can pin by bookmarking them,
instead of having to do obnoxious guesswork whether a certificate change
is possibly legitimate.

So I simply tell people, .onion is more secure than https.

And if browsers weren't stupid, you could have both.

> To be fair, the IP based bans don't offer any protection against skilled
> (or very patient) attackers. If you've got an exploit that the protections won't pick up on, you only need the one request - whether that be after a ban has expired (or an IP change) or the very first request you place.

That's why I made a proper feature request to allow for pseudonymous
Tor usage so that we can be offered an alternative to the horrid
captcha madness.

    https://trac.torproject.org/projects/tor/ticket/16062

I think it's also what is needed to do proper messaging and P2P apps
over Tor. But according to the feedback I got (thanks guys!) it turns 
out somehow similar features already exist or are being coded just now -
so we are just minutes away from seeing more torness-aware applications
arise...

> > Scalability may become an issue.
> 
> Scalability is definitely my next challenge to think about. One thing
> I've scratched down to come back and consider is whether it might be
> setting up a (slightly weird) load balancing solution along the
> following lines
> 
> You -> foo.onion (load balancer)
> foo.onion -> 301 bar.onion
> 
> Where bar.onion is a mirror, so you might also end up being redirected
> to jay.onion. One thing that concerns me about that is the number of
> URLs you might end up with (if you hit bar.onion and then post the link
> somewhere, what  if I take bar.onion out of service?).  
> 
> I'm working on the assumption there that Tor is the bottleneck, of
> course, if that can be discounted then it should simply be a reverse
> proxy with multiple origins configured.
> 
> Will give it some more thought at some point

You should dig deeper into the architecture of Tor. Tor is not
necessarily THE bottleneck but rather certain ways of using it.

I don't know how well the implementation offers a way to leverage
this, but in my theoretical understanding of the HS protocol the
Tor router in charge of the registration in the DHT could hand
out an incoming circuit to some other Tor process during the
procedure of rendez-vous. I assume Facebook has played around
with that. Cloudifying Tor in a way. Not good for secrecy, but
on the cloud.. I mean.. server side of Tor there is no very
good secrecy anyhow.

Looks like this ticket is relevant:

    https://trac.torproject.org/projects/tor/ticket/16059

> > Another idea (hat tip to Blockchain.info support) is you can take the visitor's IP address, 
> > and at the time of connection, check the list of tor exit nodes (somewhere like here: 
> > https://check.torproject.org/exit-addresses ), and if it matches, redirect them to your 
> > own .onion site.
> 
> That I like as an idea. Does anyone know if Tor Browser warns when
> redirecting from a HTTPS site to HTTP (which is how it'll view it). I
> know IE historically has, but have just realised I don't know with
> Firefox/TB. Might have to check later.

Tor Browser should ship with an instance of "Onion Everywhere" so
when you type in foo.org it will automatically replace it with
fooriousbarbaz.onion

> > Don't forget the "decreasing load and reliance on exit relays" benefit,
> > in case we arrive in that dismal future where it grows increasingly hard
> > to operate exit relays in a diverse and well-dispersed set of locations.
> 
> Yes, that definitely struck me as a benefit. Don't think anyone will
> notice my traffic drop off the exits, but if enough people set something
> similar up, it could potentially be a good saving

I can imagine a relevant chunk of Tor audience that has a Tor router
running just to access the onions, not for anonymization of regular
web stuffs (which they still perceive as toooo sloooow...)


-- 
  E-mail is public! Talk to me in private using Tor.
  torify telnet loupsycedyglgamf.onion		DON'T SEND ME
          irc://loupsycedyglgamf.onion:67/lynX  PRIVATE EMAIL
         http://loupsycedyglgamf.onion/LynX/    OR FACEBOOGLE
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk