Hi, the Torproject is about to launch the new Discourse based forum next week [1] https://forum.torproject.net
With this email I'd like to initiate a discussion on whether it is a good idea to externalize hosting of what might become a important platform for the tor community. I believe discourse is a great platform, but I was surprised to learn that the forum is _not_ self-hosted on torproject infrastructure. It is hosted by "Civilized Discourse Construction Kit, Inc." the company behind discourse.org. That means the torproject does not have full control over the infrastructure and its security and logging practices. Discourse's third party hosting also does not support onion services [2]. The forum privacy policy mentions that IPs get logged and stored over an extensive amount of time https://forum.torproject.net/privacy As Jérôme pointed out [5] the forum is also subject to discourse's privacy policy, so maybe it would be good to include a link to https://www.discourse.org/privacy on https://forum.torproject.net/privacy. Especially since this forum will be used for tor browser support it will also include people's IP addresses when they are unable to use tor browser to protect themselves. When you open https://forum.torproject.net in a browser it will fetch resources from multiple places: fonts.googleapis.com (Google) fonts.gstatic.com (Google) aws1.discourse-cdn.com avatars.discourse-cdn.com (proinity LLC, AS44239) forum.torprojec.net/torproject1.hosted-by-discourse.com (CNAME) Hurricane Electric LLC To quote Gaba from the gitlab ticket [3]:
If there is a risk on running this forum outside TPA infrastructure then we need to change this and host Discourse in TPA.
(TPA is the torproject admin team https://gitlab.torproject.org/tpo/tpa/team) I agree with Gaba and I'm glad anarcat (torproject admin team) is not totally against self-hosting [4] even though discourse is docker based. Self-hosting would also allow for: - better domain: forum.torproject.org (the torproject.net domain is basically unknown and I guess many people will be confused. I agree with anarcat to use the .net domain when it is not run on TPA infrastructure) - no IP logging - no external resources - no troubles for tor browser users should discourse decide to enable CAPTCHA or use a CDN that enforces CAPTCHAs in the future What is the main reasoning for using a 3rd party hosted Discourse instance instead of a self-hosted instance? (besides the obvious 'so we don't have to patch and maintain it ourselves') related gitlab ticket: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183 https://gitlab.torproject.org/tpo/web/team/-/wikis/Plan-To-Launch-Tor's-Forum kind regards, nusenu [1] https://lists.torproject.org/pipermail/tor-community-team/2021-October/000423.html [2] https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183#note_2740700 [3] https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183#note_2749919 [4] https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183#note_2750060 [5] https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183#note_2751283 -- https://nusenu.github.io -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
