onion.link is an untrusted, upstream CDN, no? On Sun, Oct 11, 2015 at 10:50 PM, Mirimir <[email protected]> wrote:
> On 10/11/2015 08:31 PM, Travis Biehn wrote: > > Your onion or your clearsite? > > What clearsite? One aspect of the design is that lighttpd runs in a VM > that can't see the Internet except through a Tor-gateway VM. > > > How do you establish that your onion and clearsite host the same content? > > Running a clearsite just doesn't work for me. It would paint too big a > target on the server. Anyone not using Tor can just use > <http://dbshmc5frbchaum2.onion.link/>. > > > How do you federate changes from your onion to your clearsite? > > What do you do if your clearsite gets seized and used to serve up TAO > > payloads? > > Don't have a clearsite :) > > > How do you prevent your upstream from logging the IP addresses that hit > > port 80 and 443? The size of those messages (you know the https sizing > > attacks which can reveal which particular pages your visitors are on, > > right)? > > Upstream = Tor. And sure, maybe Tor gets hosed. > > > How do you make your visitors aware of the above and more? How do you > > ensure that they saw your message? > > Look at my front page :) > > > -Travis > > > > On Sun, Oct 11, 2015 at 10:15 PM, Mirimir <[email protected]> wrote: > > > >> On 10/11/2015 07:49 PM, Travis Biehn wrote: > >>> I'd rather have what you call 'lazy' over nothing. > >> > >> Look, I mean no disrespect to Cryptome. But I do think that there ought > >> to be a warning for users to protect themselves, if they don't want > >> their access logged by everyone and their little yellow dog. > >> > >>> The ideal is all distribution modes available: "Keep the info off the > >> dark > >>> web, off the deep web and in the search indexes." > >>> > >>> Cryptome shows up on google searches. Your onion does not. > >> > >> Well, Cryptome has been around for about 20 years, so hey ;) > >> > >> But Google is indexing it. And it shows up well enough in relevant > >> searches. But I haven't been promoting it very much. > >> > >>> -Travis > >>> > >>> On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <[email protected]> wrote: > >>> > >>>> On 10/11/2015 06:20 PM, Travis Biehn wrote: > >>>>> A billboard doesn't need much 'security.' *shrug* > >>>> > >>>> Well, there are the access logs ;) > >>>> > >>>> It ought to be an onion service, no? No sure bet, of course, but > better > >>>> than nothing. In my opinion. > >>>> > >>>> Putting it all on users is awfully lazy, I think. > >>>> > >>>>> Travis > >>>>> > >>>>> On Sun, Oct 11, 2015, 8:18 PM John Young <[email protected]> wrote: > >>>>> > >>>>>> > >>>>>>> I would not have expected Cryptome to be on shared hosting ;) But > >> yes, > >>>>>>> that would explain it. > >>>>>> > >>>>>> Shared is cheap, so are we. Shared is vuln, so are we. So are the > >> others > >>>>>> despite credentials and billion-dollar armaments and above all else > >>>>>> secrecy and shallow oversight. That explains it. > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>> > >>> > >>> > >>> > >> > > > > > > > -- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
