[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Warning: 37 new booby trapped onion sites
Juha, thank you for identifying the real and fake sites.
This re-raises the question, when you get a URL from somewhere, how do you
know it's the real one? Which upon further thought requires definition of
"the real one." If two guys on the internet both claim to be John Doe, how is
it possible to know which one is the real John Doe, or is there more than
one, etc.
If directories such as https://thehiddenwiki.org are going to publish .onion
URL's, it would be useful to also publish user-verifiable information on why
they believe it's the valid one. For example, it's been pointed out here,
that you can search duckduckgo for their hidden URL on the regular internet.
In which case, you're placing trust in the CA. (An attacker who can
impersonate https://duckduckgo.com could feed you a fake result in order to
add validity to the fake URL they've published on some site like
thehiddenwiki).
If somebody hosts a dark website, that doesn't have a verifiable external way
to lookup their URL, then the only way you can verify them is to talk with a
bunch of other people, web-of-trust style. Which also has a bunch of ways it
can be undermined.
In any event, Juha, in your list, how do you know which ones are real and
fake?
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk