Forum at a tor hidden service | Bitcointalksearch.org

fonenumba

full member

Activity: 411

Merit: 100

Quote from: dserrano5 on February 06, 2015, 08:11:40 PM

Quote from: fonenumba on February 06, 2015, 08:02:31 PM

.bit domains are used via NMC. This is bitcointalk.org.

Ah, then it can't run on SMF, or nginx or linux because, well, none of those are bitcoin.

Well the .bit domain system is very much using an altcoin. There is no SMF coin.

The real benefit of using a .bit domain over a "traditional" is anonymity, however theymos's identity is already publicly known (I assume the same is true for Sirius, however I have not actually seen his dox) therefore operating a .bit domain becomes a moot point

Quote from: dserrano5 on February 06, 2015, 08:11:40 PM

Quote

Wouldn't it be somewhat of a moot point to access the forum via a hidden service if you are not logged in?

The most paranoid among us would answer "Even if you're not logged in, they know who you are and what threads you spend most time in". I'm not in this group, although I can conceive some people thinking along these lines.

These people can still connect to bitcointalk.org via tor, but would not be subject to the same MITM attacks that people who are logged in via tor are subject to.

dserrano5

legendary

Activity: 1974

Merit: 1029

Quote from: fonenumba on February 06, 2015, 08:02:31 PM

.bit domains are used via NMC. This is bitcointalk.org.

Ah, then it can't run on SMF, or nginx or linux because, well, none of those are bitcoin.

Quote

Wouldn't it be somewhat of a moot point to access the forum via a hidden service if you are not logged in?

The most paranoid among us would answer "Even if you're not logged in, they know who you are and what threads you spend most time in". I'm not in this group, although I can conceive some people thinking along these lines.

BCwinning

hero member

Activity: 770

Merit: 500

Quote from: fonenumba on February 06, 2015, 08:02:31 PM

Quote from: BCwinning on February 06, 2015, 07:58:05 PM

personally I'm surprised this forum isn't hosted on a .bit domain for decentralized dns.

Quote from: HeroC on February 06, 2015, 05:52:22 PM

Thanks for the reply theymos, if not .onion, possibly a .bit domain? Seems to be perfect for this forum, and it has to do with bitcoin. None of the privacy of tor, but still would be cool.

.bit domains are used via NMC. This is bitcointalk.org. I don't see any real value that a .bit domain would give the forum, especially since it cannot host anonymously (the public already knows the identity of the people that run/own it)

yes I'm aware it's bitcointalk but does that stop all the altcoins from posting on here? NO
it's a crypto forum basically at this point. So why not support what the crypto coins are trying to do?
whats your animosity to namecoin? It isn't even about being hosted anonymously which is what the hiddenservice suggestion is more about than mine.
personally you sound like a fed trying to prevent users from exercising their right to privacy.

fonenumba

full member

Activity: 411

Merit: 100

Quote from: BCwinning on February 06, 2015, 07:58:05 PM

personally I'm surprised this forum isn't hosted on a .bit domain for decentralized dns.

Quote from: HeroC on February 06, 2015, 05:52:22 PM

Thanks for the reply theymos, if not .onion, possibly a .bit domain? Seems to be perfect for this forum, and it has to do with bitcoin. None of the privacy of tor, but still would be cool.

.bit domains are used via NMC. This is bitcointalk.org. I don't see any real value that a .bit domain would give the forum, especially since it cannot host anonymously (the public already knows the identity of the people that run/own it)

BCwinning

hero member

Activity: 770

Merit: 500

personally I'm surprised this forum isn't hosted on a .bit domain for decentralized dns.

fonenumba

full member

Activity: 411

Merit: 100

Wouldn't it be somewhat of a moot point to access the forum via a hidden service if you are not logged in? I don't see any real downsides to connecting to bitcointalk.org via TOR if you are just browsing (and do not log in). However once you are logged in via TOR, you are subject to a number of MITM attacks.

One possible solution to DDoS concerns with running a hidden service would be to force users to log into their account when accessing the hidden service (a captcha could be used to avoid someone spamming login attempts), and then the time limits that are imposed to the IP address can be replaced with the username in question (you could also do things like disable search to users under a certain activity level when accessing the forum via a hidden service).

Actions that are time restricted really should be linked to your username anyway as someone could simply change their IP address (maybe via connecting to a different VPN gateway) to get around time restrictions.

HeroC

legendary

Activity: 858

Merit: 1000

Thanks for the reply theymos, if not .onion, possibly a .bit domain? Seems to be perfect for this forum, and it has to do with bitcoin. None of the privacy of tor, but still would be cool.

theymos

administrator

Activity: 5222

Merit: 13032

The problem with that is that many of the current anti-DoS measures distinguish between users by looking at their IP address. For example, if you're not logged in then your IP is limited to one search every 100 seconds (or something like that -- I don't remember the exact number) to prevent you from overloading the server. IMO Tor needs to add some configurable proof-of-work mechanism to hidden services for them to be widely usable. For example, one thing that comes to mind is that the client could prove that he's holding x GB of data unique to a certain hidden service, and after verifying this, Tor could pass a unique private IP for that client (eg. 10.1.2.3) to the hidden service's web server. (The IP would be different per hidden service, so it would only be a minor reduction in privacy -- the hidden service would only be able to track you across its own pages.) Then the standard idea of "block IPs that abuse the server" could be used by the hidden service.

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

I also agree with the dserrano5's idea, would it be easy to add or not ?

ColderThanIce

sr. member

Activity: 373

Merit: 252

i think a tor site would be great. i too hope to see it when the new forum releases, it sounds like it has been development for quite a while now.

Quickseller

copper member

Activity: 2996

Merit: 2374

+1 on this. Or at least have the ability to access the forum via a hidden service in a similar way that blockchain.info allows access via a hidden service (they actually force access via the hidden service when connecting via tor)

MichaelBliss

hero member

Activity: 526

Merit: 500

Quote from: HeroC on February 02, 2015, 05:32:38 PM

I don't use Tor that often, but I agree, it may be nice to have for the more privacy concerned.

I thought Tor was broken a while back and using it only arouses suspicion and brings attention to you?

HeroC

legendary

Activity: 858

Merit: 1000

I don't use Tor that often, but I agree, it may be nice to have for the more privacy concerned.

dserrano5

legendary

Activity: 1974

Merit: 1029

Well the subject line pretty much says it all. Any chance that the new forum could be hosted at an .onion URL to prevent TLAs from snooping the SSL traffic?

Topic: Forum at a tor hidden service (Read 2180 times)