-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Moritz,
Payments are already covered. Accepting bitcoin is the first platform to look to, as well as Darkcoin possibly, but that only provides a pseudo-anonymous means of security. Instead payments will be tokenised, so that a person without needing to login may purchase a token, which is stored as a hash on the database. A user can then redeem any token to add credit to their account, but no log of whom the token was redeemed by would be kept, nor would I be able to see what tokens any individual account has used, therefore even using a tracable means of payment like a debit card, I could not associate that payment to a particular account or person using the system. Regarding what is hosted, I feel getting too complex on the matter will open up insecurities in some ways and would require significantly more investment (thus more cost) and probably confuse the heck out of people wanting to use it. My personal policy, which will be transferred into the business policy, is never to hand over data unless I am legally obliged to. For a warrant to be served in the UK, there must be a degree of proof that I host the site concerned. As I will not be publishing how many customers I will have, or what sites I serve, I owe no obligation to monitor or report domains under my control without a court order to do so. I feel good technology will solve this problem, but I feel it is beyond my current capabilities to design. So for now I am sticking to the one method I can rely on against intrusive surveillance and law enforcement bullying: standing my ground against every adversary and hold as little information on customers as possible. The big problem right now is the dispute I am having with tax authorities. Under new EU VAT rules (VAT MOSS) I am required as a VAT registered business to obtain 2 "proofs" of which country a client is located in, so I can charge the correct rate of VAT. This is not a privacy friendly regulation and whereas you can usually use just an IP if no other source is available, I will not even have access to that as a hidden service portal. Thus I am in the process of negotiating and getting legal clarifications on the situation from the UK's professional representing body for accountants. So many battles to fight in this project, not to mention a new Tory government to keep an eye on. Tom On 28/05/2015 15:53, Moritz Bartl wrote: > Hi Thomas, > > Great! I've been toying with the idea for quite a while now, too. > Glad that someone is picking it up. :-) It would be ideal to find a > way to make it hard even for yourself to find out whether a > particular hidden service is hosted by you. I didn't really spend > too much time thinking about it, but one idea I've had is to spin > up and bootstrap 'remote' VM instances (on servers maintained by > third parties) that you than hand over to individuals, complete > with an interface for users to easily generate more > hostnames/virtual hosts on 'their' VM. Apart from some update > channels you could lock down the systems so you don't have easy > access. You could still check whether a certain VM has been paid > for, but you don't have to know about the hostnames generated on > the VMs. > > I don't see a good way to achieve this if you maintain the VM > hosts yourself. Maybe one can built it so users decrypt their > hidden services (keys) on reboot so they're only available in RAM. > > If we think hard enough, there's probably a nice way to keep the > relationship of users (and their payments) and running hidden > services separate (or at least hard/expensive to recover). > > Good luck! > - -- Activist, anarchist and a bit of a dreamer. Keybase: https://keybase.io/thomaswhite PGP Keys: https://www.thecthulhu.com/pgp-keys/ Current Fingerprint: BA81 407C BD61 CD15 E5D9 ADA9 5FA2 426F F34E 0FD4 Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0 Twitter: @CthulhuSec XMPP: thecthulhu at jabber.ccc.de XMPP-OTR: 77E6C8C6 95FDE863 1172A1E1 8C114C01 691398AC -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJVZy/vAAoJEF+iQm/zTg/UYz0QAI4tPJNbBbeBzFfdDqHJPOPG JA6M1aVBOF2gFw7myp0AW4D8+KD+xcr2oKw6SHn4GcBdiMo/virDOKhMLFO4WwNn NGC5dyxV+bdLO0Z4Ydv5XmhPktz9cX7Il9aUzF7kTsbI2GYL5RJIdg+oPemh7b86 QgfNNN9vXeSI97ZYjM5jgDP6A4Pex+fbe93d8mRnQPK5T89cx5+BasHyRiqd/DKb wVqz1gajS0dBopBk3zbge+y5yvAxcjjZYddYlqrUI6wSlcHcMmzqDXuqSDcravMz 6Zmi9Q5YQNwRzPeMvQ0anIvmDCUt9yL7bnWwo4hdrlC1Lqc15JPQs6JJXlmiCE5r wZIQGc3RsbDRbFlzLLiYRwDufcWt1q4EFYOeCQBCFn/Ah7AjYVLBkEabD3B02ZFl /6qrM852jLdwglhzFLikPSfPs1w5Qxo/62qmZbY4AiYoJVsrEdR8PnUfSKtyZHmE pQBio5/4/lp3UfqW1dEqnBHEqZEZ0a++jUqqZG7d7zTR83m/4sCH2q8aRONOd42Q dNBi1JpvfdQlZP923kCiHGdw8EpnCOJJ7Z7NhX7XJeyr1TD68Ki1L7hvH5v8ppBt AWQ0jiA1yrE2ZfPP4Bl3jcPMXyrUozImCypdJSo0f/Yepagb4SBSjOyXRRuywD+7 r19LnQctuyAsSY+ReY0t =y2iR -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
