Stefan Sperling: > On Sun, Nov 15, 2015 at 01:32:25PM -0500, Raul Miller wrote: >> But treating this as "extremely dangerous" without offering a path >> forward means that people need to "roll their own" approaches when >> faced with related needs. > > The way forward is use tor properly to access hidden services.
Yes, that is the default method of accessing Tor hidden services. > > tor2web was conceived in 2008 to make it easier for whistleblowers > to use tor instead of nothing. Unfortunately in 2015 whistleblowers > have very good reasons to use something better than tor2web. > Not from my understanding exactly. It's not whistleblowers using Tor2Web, but rather those accessing their hidden web site. Tor2Web is mostly a method for non-Tor users to access hidden web sites. There are contexts in which the destination needs to be hidden, but user/source access isn't. Imagine a case in which disclosures are made, and a wide audience is encouraged, such as the media, yet the destination's location needs to be hidden. This discussion has started off with the wrong premise. Yes, Tor2Web doesn't hide the source IP/user. It's not meant to. It's a bridge *into* the Tor network, in most cases a hidden web site, without any illusion of giving the source IP/user anonymity. It's a clear and conscious design decision, not a mistake or something overlooked. Regardless of Pascal's decision on this, Tor2Web is a legitimate tool from the Tor Project with specific goals, somewhat distinct from the usual premises of Tor. Let's get beyond talking about the problems with it versus using Tor Browser and recognize what it's meant for. It's a *server* service that can be employed by a Tor relay. It should be an option for those who want to use a Tor relay for that explicit purpose. g
