On 10/11/2015 08:57 PM, Travis Biehn wrote: > onion.link is an untrusted, upstream CDN, no?
Yes, so use Tor :) > On Sun, Oct 11, 2015 at 10:50 PM, Mirimir <[email protected]> wrote: > >> On 10/11/2015 08:31 PM, Travis Biehn wrote: >>> Your onion or your clearsite? >> >> What clearsite? One aspect of the design is that lighttpd runs in a VM >> that can't see the Internet except through a Tor-gateway VM. >> >>> How do you establish that your onion and clearsite host the same content? >> >> Running a clearsite just doesn't work for me. It would paint too big a >> target on the server. Anyone not using Tor can just use >> <http://dbshmc5frbchaum2.onion.link/>. >> >>> How do you federate changes from your onion to your clearsite? >>> What do you do if your clearsite gets seized and used to serve up TAO >>> payloads? >> >> Don't have a clearsite :) >> >>> How do you prevent your upstream from logging the IP addresses that hit >>> port 80 and 443? The size of those messages (you know the https sizing >>> attacks which can reveal which particular pages your visitors are on, >>> right)? >> >> Upstream = Tor. And sure, maybe Tor gets hosed. >> >>> How do you make your visitors aware of the above and more? How do you >>> ensure that they saw your message? >> >> Look at my front page :) >> >>> -Travis >>> >>> On Sun, Oct 11, 2015 at 10:15 PM, Mirimir <[email protected]> wrote: >>> >>>> On 10/11/2015 07:49 PM, Travis Biehn wrote: >>>>> I'd rather have what you call 'lazy' over nothing. >>>> >>>> Look, I mean no disrespect to Cryptome. But I do think that there ought >>>> to be a warning for users to protect themselves, if they don't want >>>> their access logged by everyone and their little yellow dog. >>>> >>>>> The ideal is all distribution modes available: "Keep the info off the >>>> dark >>>>> web, off the deep web and in the search indexes." >>>>> >>>>> Cryptome shows up on google searches. Your onion does not. >>>> >>>> Well, Cryptome has been around for about 20 years, so hey ;) >>>> >>>> But Google is indexing it. And it shows up well enough in relevant >>>> searches. But I haven't been promoting it very much. >>>> >>>>> -Travis >>>>> >>>>> On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <[email protected]> wrote: >>>>> >>>>>> On 10/11/2015 06:20 PM, Travis Biehn wrote: >>>>>>> A billboard doesn't need much 'security.' *shrug* >>>>>> >>>>>> Well, there are the access logs ;) >>>>>> >>>>>> It ought to be an onion service, no? No sure bet, of course, but >> better >>>>>> than nothing. In my opinion. >>>>>> >>>>>> Putting it all on users is awfully lazy, I think. >>>>>> >>>>>>> Travis >>>>>>> >>>>>>> On Sun, Oct 11, 2015, 8:18 PM John Young <[email protected]> wrote: >>>>>>> >>>>>>>> >>>>>>>>> I would not have expected Cryptome to be on shared hosting ;) But >>>> yes, >>>>>>>>> that would explain it. >>>>>>>> >>>>>>>> Shared is cheap, so are we. Shared is vuln, so are we. So are the >>>> others >>>>>>>> despite credentials and billion-dollar armaments and above all else >>>>>>>> secrecy and shallow oversight. That explains it. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> >>>> >>> >>> >>> >> > > >
