[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] User perception of onion service discovery

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] User perception of onion service discovery
From: Alec Muffett <alec.muffett@xxxxxxxxx>
Date: Sun, 15 Oct 2017 09:08:14 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 15 Oct 2017 04:09:12 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=uYgq5ag0SR8OELzsSFQzFzHM8P9gsc0g3TtPDOps4hg=; b=hLwnp6V2/s1rWD4lHJy6aB95xI2FHdpEqxKJqGc+RY7Zd6JCaeLrchk7i2uB2oP7ci uhlxw9QxvNb7JG1KHDSK97TH8+6a+O0VDwkW/48cyIOL2fmCPeHBgIYySGhxBfHHl0q5 rNSBLzXcV2ZgdBEAazW3SE2PeWhhwuQZBqDako9bgfkU7YuPp48D1GR1WxLPllMx62C3 /82vRE0XEo4cjoMSJEMBU+Zm46ilQMpOZPAgRprtDCJa27MhRhxEPGYerAVkjBzBMUUB zQnh9alIHYit98QdkNdxvfXk0l5P3ztO6lRIFg23L1p6DyrkxnFcKPLNtaguw3RY0Gkk LxLg==
In-reply-to: <20171014184303.GA24420@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20171004002515.pm3t74oztbq2mnvc@riseup.net> <20171014144518.nwbo3gss722rivcr@riseup.net> <20171014151205.GA12522@riseup.net> <20171014165017.GA32669@inner.h.apk.li> <20171014184303.GA24420@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 14 October 2017 at 19:43, dawuud <dawuud@xxxxxxxxxx> wrote:

Plaintext communications intermediaries like tor2web violate the end
to end principle and the principle of least authority. If we as the
Tor community are committed to human rights then it follows we would
abolish terrible things like tor2web or at least frown upon it's use.

I would recommend continuing to enable/support Tor2Web, or at least not moving to make such a solution inoperable.

Dawuud is absolutely right re: violation of E2E* and a bunch of other criticisms also apply; however I have three observations on this topic:

1) Someone invented Tor2web, therefore someone else is likely to want to reimplement it; ideas tend to persist in this way

2) (as observed above) Google *do* crawl onion sites via "onion.to", which is a fun surprise for people who insist that "The Dark Web Is Not Indexed And Is Therefore Spooky"

3) Making such a move to block Tor2web-like sites might engender false trust amongst the people who set up Onion sites: "It's Okay, Google Can't Get At Us"

I would recommend investing more effort in Tor2web/similar, because having a permeable barrier between IP-Space and OnionSpace appears useful.

At very most I might propose that:

a) OnionSites become aware of the X-Tor2web header which (from legit T2W instances, at least) permits the OnionSite operator to block or redirect the user to use a "proper" Onion network connection

b) That TheTorProject consider indexing known Tor2web sites and publish them, perhaps adding a feature to optionally block them from TorBrowser access**, thereby to prevent stupid intra-Tor deanonymisation loops

- a

*although speaking as a geek I believe that re-engineering T2W to support SSL via SNI-Sniffing would address this, it would be a gross and pointless hack, complicated still further by certificate issuance, and all reasonable use cases for which would be better addressed by running a local copy of Tor.

**the hardcore alternative of blocking them from being accessed by exit nodes causing a likely-intolerable argument.

--

http://dropsafe.crypticide.com/aboutalecm

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] User perception of onion service discovery
  - From: teor

References:
- [tor-dev] User perception of onion service discovery
  - From: Philipp Winter
- Re: [tor-dev] User perception of onion service discovery
  - From: Philipp Winter
- Re: [tor-dev] User perception of onion service discovery
  - From: dawuud
- Re: [tor-dev] User perception of onion service discovery
  - From: Andreas Krey
- Re: [tor-dev] User perception of onion service discovery
  - From: dawuud

Next by Author: Re: [tor-dev] User perception of onion service discovery
Previous by thread: Re: [tor-dev] User perception of onion service discovery
Next by thread: Re: [tor-dev] User perception of onion service discovery
Index(es):
- Author
- Thread