On Tue, Dec 04, 2018 at 04:14:46PM +, iwanle...@cock.li wrote:
> The descriptors seem to indicate onion addresses. So if I act a relay, I
> seem to be able to get the addresses. Then how? ... Could someone skilled
> try to get the lists? :D
Please don't.
In particular, if we notice that your
[Typo in onion list address, fixed and resent herein]
> The descriptors seem to indicate onion addresses. So if I act a relay, I
> seem to be able to get the addresses. Then how? ... Could someone
> skilled try to get the lists? :D
Yes, many services, researchers, and privates routinely do this.
> with OnionCat to yield IPv6 and UDP transport among tor's P2P
> That's simply not possible with v3's no-IP TCP only onions.
That is to say, it's not possible with code that exists today...
the various possible solutions, and others yet to be proposed,
that could provide those things with v3
> The descriptors seem to indicate onion addresses. So if I act a relay, I
> seem to be able to get the addresses. Then how? ... Could someone
> skilled try to get the lists? :D
Yes, many services, researchers, and privates routinely do this.
The code exists in some repositories, or you can write
On 12/04/2018 08:41 AM, Aaron Johnson wrote:
> If you want to keep your onion address hidden, you should run a v3 onion
> service. An improvement of v3 over v2 is that Hidden Service Directories can
> no longer identify the onion address of the onion-service descriptors they
> store. As a
I'll change to v3 Onion Services in the very near future. I hear that there are
so many security improvements with v3 Onion Services and can't wait to give
them a try :)
Also I agree with the wider point. You are attacking the network and likely
violating the Tor Research Ethics Policy that
Nathaniel Suchy writes:
> It's true that someone malicious can run a HSDir and get some (but not
> all) of the Onion Addresses however this would assume that your onion
> address ends up in a malicious HSDir (last time I checked it's
> published to 5 different HSDirs?).
v3 onions get rid of
If you want to keep your onion address hidden, you should run a v3 onion
service. An improvement of v3 over v2 is that Hidden Service Directories can no
longer identify the onion address of the onion-service descriptors they store.
As a result, there is no point in any Tor protocol at which a
Tor does NOT have responsibility that the lists make onion sites
good/bad.
Who publishes the lists may have... a part of the responsibility?
Anyway I want the lists!
Then I studied below:
https://www.torproject.org/docs/onion-services
From this, DB (relay?) can get onion service descriptors.
On 12/03/2018 10:42 PM, Nathaniel Suchy wrote:
> You mentioned "HiddenServiceAuthorizeClient", a feature I did not know about.
> I'm going to figure out if this is possible to implement on the SSH System as
> that would solve some concerns about a leaked onion address. Could you
> elaborate
I'm interested in information on the security benefits and risks that this
functionality offers as well might be helpful in blocking of some unsolicited
traffic if someone finds a way to publish a list of every onion address :|
Cordially,
Nathaniel Suchy
Dec 3, 2018, 8:42 PM by
Hi,
The implementation details of the SSH thing I talked about in my last email may
of been unclear. When I said it's an security by advanced obscurity, I did not
mean it's the only security. Other forms of access control are still in place.
However keeping it only accessible over Onion
On 12/03/2018 02:35 PM, s7r wrote:
> There are other techniques lower at little-t-tor protocol level that
> suite your concerns, like HiddenServiceAuthorizeClient - you should
> better look into those if you are concerned about someone trying to
> connect to your onion address.
I use that,
Hello,
Nathaniel Suchy wrote:
> Consider the consequences of publishing the actual addresses. The number of
> addresses is fine but the actual addresses should stay private for privacy
> and security reasons.
>
> I’m aware there are crawers looking for new services to show however if the
>
Consider the consequences of publishing the actual addresses. The number of
addresses is fine but the actual addresses should stay private for privacy
and security reasons.
I’m aware there are crawers looking for new services to show however if the
address is kept private only rouge HSDIRs are an
Can the Tor Project publish the list? Some sites have published lists of
new .onion addresses, for example:
http://onionsnjajzkhm5g.onion/onions.php?cat=20=1=en
http://zlal32teyptf4tvi.onion/
http://56wr4dvq3abd2ivkf5z36nortvu7dgona55zqsihfaqo2aeg5er4moid.onion/
There may be no reason that the
16 matches
Mail list logo