Rant on Tor | Bitcointalksearch.org

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: o_e_l_e_o on July 19, 2023, 02:40:41 AM

Of course, and I'm sure theymos is more than capable of generating a suitable .onion address. Just pointing out it is easily done.

Reading into this, I realize there will be more complications. For instance, I often link to a topic by using an absolute URL instead of a relative URL (update: and even relative links get stored as absolute links after posting). All those links need to be replaced to avoid sending users from the .onion forum to the clearnet forum. The image proxy should also get a .onion entry.
Unfortunately, it's not as straight forward as I initially expected.

ranochigo

legendary

Activity: 2982

Merit: 4193

Quote from: nutildah on July 19, 2023, 03:06:02 AM

A couple months back the PoW requirement was merged into the next, forthcoming Tor update. This should work a lot of wonders as far as mitigating DDOS attacks is concerned. I think a Bitcointalk onion would be pretty useful for those who are using BTC in jurisdictions where it is frowned upon or heavily monitored... probably a safer approach than using a regular 'ol VPN, who probably keeps logs and may or may not turn them over to certain governments when requested.

Yep, but it might be quite a while before it gets released, officially. I was following the progress of it and the documentation is still in the progress I think. Bitcointalk over Tor is still somewhat usable, not really totally inaccessible.

Anyhow, CloudFlare actually allows for Onion routing as well. Allowing the site to be served over onion while still allowing for the site to piggyback on CloudFlare's CDN. I assume that there is a very good reason why this isn't used currently.

nutildah

legendary

Activity: 3010

Merit: 8114

Quote from: ranochigo on July 18, 2023, 03:23:29 AM

The core of the issue is how susceptible onion addresses are to DDOS, which is arguably harder to block due to the nature of anonymity. There's some progress with trying to resolve this issues (PoW requirement, etc) , presumably due to the massive DDOS a while back.

A couple months back the PoW requirement was merged into the next, forthcoming Tor update. This should work a lot of wonders as far as mitigating DDOS attacks is concerned. I think a Bitcointalk onion would be pretty useful for those who are using BTC in jurisdictions where it is frowned upon or heavily monitored... probably a safer approach than using a regular 'ol VPN, who probably keeps logs and may or may not turn them over to certain governments when requested.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18588

Of course, and I'm sure theymos is more than capable of generating a suitable .onion address. Just pointing out it is easily done.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: examplens on July 18, 2023, 06:34:02 PM

I think 16 random strings is the minimum (up to 56)

The shorter v2 addresses can't be used anymore, now 56 characters (v3) is the default.

Quote from: o_e_l_e_o on July 19, 2023, 02:07:43 AM

I've just generated the following, which theymos can have for free.

btctalkhfmnva2746gkwhsxpirz3w7bu3ocut7uzjlszsxlou4naruyd.onion

As always: "not your keys, not your ~~coins~~ address" applies here too.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18588

I've just generated the following, which theymos can have for free.

btctalkhfmnva2746gkwhsxpirz3w7bu3ocut7uzjlszsxlou4naruyd.onion

examplens

legendary

Activity: 3248

Merit: 3098

Quote from: dkbit98 on July 18, 2023, 03:43:08 PM

I am reading more about it now and I see there is a way of generating vanity address similar like for Bitcoin, so maybe we could create btctalk... btctlk, or something similar that doesn't have a lot of characters.

As far as I know, the .onion domain cannot be that short, and certainly not easy to remember. I think 16 random strings is the minimum (up to 56), plus if you want to add something at least a little recognizable. (like btctalk ...)

Check Sinbad for example: sinbadiovkigdbafpqvwfwjh2tfrisahtxmrskiovt62nirragcnkcad.onion 56 characters.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: LoyceMobile on July 18, 2023, 01:29:26 PM

Nothing. Onion domains are more or less like Bitcoin addresses, created from a private key.

Interesting.
I am reading more about it now and I see there is a way of generating vanity address similar like for Bitcoin, so maybe we could create btctalk... btctlk, or something similar that doesn't have a lot of characters.
Maybe what I saw before with people selling onion addresses was for this vanity addresses.

LoyceMobile

hero member

Activity: 1659

Merit: 687

LoyceV on the road. Or couch.

Quote from: dkbit98 on July 18, 2023, 01:14:56 PM

Does anyone know how much needs to be paid for long term .onion domain address?

Nothing. Onion domains are more or less like Bitcoin addresses, created from a private key.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: LoyceV on July 18, 2023, 03:04:49 AM

I'll quote myself here: Can the forum get a .onion domain for Tor users? That doesn't stop DDOS entirely, but at least it leaves an option without Cloudflare.

You mean that using Bitcointalk with onion address would remove all cloudflare and any similar boxes that needs to be checked?
That would certainly speed things up, and in theory it should improve privacy, but I think it would increase cost of purchasing and maintaining another domain.
Does anyone know how much needs to be paid for long term .onion domain address?

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: LoyceV on July 18, 2023, 03:04:49 AM

I'll quote myself here: Can the forum get a .onion domain for Tor users? That doesn't stop DDOS entirely, but at least it leaves an option without Cloudflare.

Quoting myself here too.

mocacinno

legendary

Activity: 3402

Merit: 5004

https://merel.mobi => buy facemasks with BTC/LTC

Tor can't completely mitigate all abuse, but it does make it a lot harder for an attacker tough:

https://support.torproject.org/abuse/what-about-ddos/

I've ran hidden services in the past, it's actually quite easy to setup and maintain... But in the end it's up to Theymos to see if he has the time and resources, since i can only assume that the time investment in setting up a hidden service for bitcointalk is a different magnitude than the time to setup a hidden service for a testnet faucet

ranochigo

legendary

Activity: 2982

Merit: 4193

Quote from: LoyceV on July 18, 2023, 03:04:49 AM

I'll quote myself here: Can the forum get a .onion domain for Tor users? That doesn't stop DDOS entirely, but at least it leaves an option without Cloudflare.

The core of the issue is how susceptible onion addresses are to DDOS, which is arguably harder to block due to the nature of anonymity. There's some progress with trying to resolve this issues (PoW requirement, etc) , presumably due to the massive DDOS a while back.

I assume theymos doesn't want to mess with Tor for now, and sacrifice having to deal with tons of DDOS coming in from Tor at the expense of having the user jump through loops using CloudFlare.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

I'll quote myself here: Can the forum get a .onion domain for Tor users? That doesn't stop DDOS entirely, but at least it leaves an option without Cloudflare.

drwhobox

full member

Activity: 756

Merit: 133

- hello doctor who box

I think a bump is really necessary considering the discussions already on my last topic which you can find on this url https://bitcointalksearch.org/topic/cf-keeps-banning-tor-connection-5460048

I have no use of that topic, hopefully the extended discussions on this topic will bring a new idea against CF.

Thank you.

Cøbra

full member

Activity: 123

Merit: 470

I just managed to log in now, but couldn't use the site at all yesterday. Even today it took me way too long because of the captcha (wasted so much time training Google AI to improve its spying capability Undecided

).

The initial Cloulflare page with the captcha isn't the problem, it's the log in page with the issues. I think some sort of creative solution as suggested by some is possible here. Maybe a whitelist of PGP keys? Users can put their public key in their account somewhere, and those with enough trust can log in without the captcha by signing some arbitrary text?

bluefirecorp_

full member

Activity: 574

Merit: 152

Quote from: hilariousetc on October 01, 2018, 06:13:55 AM

Quote from: theymos on September 29, 2018, 09:48:12 PM

I don't like CloudFlare. I consider it quite likely to be some sort of government-run honeypot; or if it isn't already, then it could be easily transformed into one. Far too much of the Internet goes through CloudFlare.

Why do we even use it if you think this could possibly be the case? Is it really worth the risk? How effective is CloudFlare at even stopping DDOS attacks or whatever? We've still had a few here whilst we've used it, right?

Is a better Cloudflare-like service something that could be created (I remember you briefly mentioning how you would create one somewhere)? I've suggested in the past that we could use funds that the forum could generate from things like extra ad slots and premium ranks etc for projects that would benefit the community and even the world and this surely could be one, especially with your concerns about it.

Cloudflare is like the defacto standard in anti-ddos services. Also, it's hard to beat free.

Honestly, if the web forum software were designed better, it could be built to be more resistant to DDoS attacks (proper gateways, rate limiting at multiple tiers, etc...).

I don't think the new software is going to solve this issue though. I've been considering trying to build a new forum software myself that allows high horizontal scalability rather than the traditional vertical scaling that we have now.

Welsh

staff

Activity: 3276

Merit: 4111

Quote from: hilariousetc on October 01, 2018, 06:13:55 AM

Is a better Cloudflare-like service something that could be created (I remember you briefly mentioning how you would create one somewhere)? I've suggested in the past that we could use funds that the forum could generate from things like extra ad slots and premium ranks etc for projects that would benefit the community and even the world and this surely could be one, especially with your concerns about it.

I'd prefer something like this. I would far prefer trusting theymos than that of the NSA. I'm trying to find the previous discussion on this, but can't seem to find it. If anyone can send it over that would be appreciated. I think it was a discussion related to one of the DDOS attacks we had before on the forum.

hilariousetc

legendary

Activity: 2828

Merit: 3038

Join the world-leading crypto sportsbook NOW!

Quote from: theymos on September 29, 2018, 09:48:12 PM

I don't like CloudFlare. I consider it quite likely to be some sort of government-run honeypot; or if it isn't already, then it could be easily transformed into one. Far too much of the Internet goes through CloudFlare.

Why do we even use it if you think this could possibly be the case? Is it really worth the risk? How effective is CloudFlare at even stopping DDOS attacks or whatever? We've still had a few here whilst we've used it, right?

Is a better Cloudflare-like service something that could be created (I remember you briefly mentioning how you would create one somewhere)? I've suggested in the past that we could use funds that the forum could generate from things like extra ad slots and premium ranks etc for projects that would benefit the community and even the world and this surely could be one, especially with your concerns about it.

xtraelv

legendary

Activity: 1274

Merit: 1924

฿ear ride on the rainbow slide

Quote from: The Sceptical Chymist on September 30, 2018, 10:46:48 PM

Quote from: theymos on September 29, 2018, 10:07:44 PM

I guess you'd ban Satoshi, then? Feel free to publish your browser history if you "have nothing to hide".

Even if you have nothing to hide, would you walk around nude in public? Would you live in a house with no window shades? Would you let everyone listen in on your conversations?

Really, even if you're the most righteous person in the world, would you want everyone to know every fucking detail of your life? Nobody in their right mind would. I don't use Tor, but I don't condemn those who do. Given how much less privacy we have these days because of the internet, using browsers like Tor (and eschewing social media sites like FB, Twitter, and the like) sounds like the smart thing to do.

I have nothing to show either. It isn't show and tell. What I do is none of anyone's business. The presumption that I do something illegal to want privacy is a fallacy.

For a search warrant there has to be reasonable cause. Internet snooping is done by Governments and big business without any plausible reasons.

None of them have any legitimate reason to snoop on me - yet they still do it. I fully empathize with those that want to keep their privacy.

Topic: Rant on Tor (Read 818 times)