Pages:
Author

Topic: Rant on Tor (Read 875 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 19, 2023, 02:31:35 AM
#37
Of course, and I'm sure theymos is more than capable of generating a suitable .onion address. Just pointing out it is easily done.
Reading into this, I realize there will be more complications. For instance, I often link to a topic by using an absolute URL instead of a relative URL (update: and even relative links get stored as absolute links after posting). All those links need to be replaced to avoid sending users from the .onion forum to the clearnet forum. The image proxy should also get a .onion entry.
Unfortunately, it's not as straight forward as I initially expected.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
July 19, 2023, 02:25:15 AM
#36
A couple months back the PoW requirement was merged into the next, forthcoming Tor update. This should work a lot of wonders as far as mitigating DDOS attacks is concerned. I think a Bitcointalk onion would be pretty useful for those who are using BTC in jurisdictions where it is frowned upon or heavily monitored... probably a safer approach than using a regular 'ol VPN, who probably keeps logs and may or may not turn them over to certain governments when requested.
Yep, but it might be quite a while before it gets released, officially. I was following the progress of it and the documentation is still in the progress I think. Bitcointalk over Tor is still somewhat usable, not really totally inaccessible.

Anyhow, CloudFlare actually allows for Onion routing as well. Allowing the site to be served over onion while still allowing for the site to piggyback on CloudFlare's CDN. I assume that there is a very good reason why this isn't used currently.
legendary
Activity: 3010
Merit: 8114
July 19, 2023, 02:06:02 AM
#35
The core of the issue is how susceptible onion addresses are to DDOS, which is arguably harder to block due to the nature of anonymity. There's some progress with trying to resolve this issues (PoW requirement, etc) , presumably due to the massive DDOS a while back.

A couple months back the PoW requirement was merged into the next, forthcoming Tor update. This should work a lot of wonders as far as mitigating DDOS attacks is concerned. I think a Bitcointalk onion would be pretty useful for those who are using BTC in jurisdictions where it is frowned upon or heavily monitored... probably a safer approach than using a regular 'ol VPN, who probably keeps logs and may or may not turn them over to certain governments when requested.
legendary
Activity: 2268
Merit: 18771
July 19, 2023, 01:40:41 AM
#34
Of course, and I'm sure theymos is more than capable of generating a suitable .onion address. Just pointing out it is easily done.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 19, 2023, 01:30:20 AM
#33
I think 16 random strings is the minimum (up to 56)
The shorter v2 addresses can't be used anymore, now 56 characters (v3) is the default.

I've just generated the following, which theymos can have for free. Smiley

btctalkhfmnva2746gkwhsxpirz3w7bu3ocut7uzjlszsxlou4naruyd.onion
As always: "not your keys, not your coins address" applies here too.
legendary
Activity: 2268
Merit: 18771
July 19, 2023, 01:07:43 AM
#32
I've just generated the following, which theymos can have for free. Smiley

btctalkhfmnva2746gkwhsxpirz3w7bu3ocut7uzjlszsxlou4naruyd.onion
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
July 18, 2023, 05:34:02 PM
#31
I am reading more about it now and I see there is a way of generating vanity address similar like for Bitcoin, so maybe we could create btctalk... btctlk, or something similar that doesn't have a lot of characters.

As far as I know, the .onion domain cannot be that short, and certainly not easy to remember. I think 16 random strings is the minimum (up to 56), plus if you want to add something at least a little recognizable. (like btctalk ...)

Check Sinbad for example: sinbadiovkigdbafpqvwfwjh2tfrisahtxmrskiovt62nirragcnkcad.onion 56 characters.
legendary
Activity: 2212
Merit: 7064
July 18, 2023, 02:43:08 PM
#30
Nothing. Onion domains are more or less like Bitcoin addresses, created from a private key.
Interesting.
I am reading more about it now and I see there is a way of generating vanity address similar like for Bitcoin, so maybe we could create btctalk... btctlk, or something similar that doesn't have a lot of characters.
Maybe what I saw before with people selling onion addresses was for this vanity addresses.
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
July 18, 2023, 12:29:26 PM
#29
Does anyone know how much needs to be paid for long term .onion domain address?
Nothing. Onion domains are more or less like Bitcoin addresses, created from a private key.
legendary
Activity: 2212
Merit: 7064
July 18, 2023, 12:14:56 PM
#28
I'll quote myself here: Can the forum get a .onion domain for Tor users? That doesn't stop DDOS entirely, but at least it leaves an option without Cloudflare.
You mean that using Bitcointalk with onion address would remove all cloudflare and any similar boxes that needs to be checked?
That would certainly speed things up, and in theory it should improve privacy, but I think it would increase cost of purchasing and maintaining another domain.
Does anyone know how much needs to be paid for long term .onion domain address?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 18, 2023, 06:21:15 AM
#27
I'll quote myself here: Can the forum get a .onion domain for Tor users? That doesn't stop DDOS entirely, but at least it leaves an option without Cloudflare.

Quoting myself here too.
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
July 18, 2023, 02:39:20 AM
#26
Tor can't completely mitigate all abuse, but it does make it a lot harder for an attacker tough:

https://support.torproject.org/abuse/what-about-ddos/

I've ran hidden services in the past, it's actually quite easy to setup and maintain... But in the end it's up to Theymos to see if he has the time and resources, since i can only assume that the time investment in setting up a hidden service for bitcointalk is a different magnitude than the time to setup a hidden service for a testnet faucet Smiley
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
July 18, 2023, 02:23:29 AM
#25
I'll quote myself here: Can the forum get a .onion domain for Tor users? That doesn't stop DDOS entirely, but at least it leaves an option without Cloudflare.
The core of the issue is how susceptible onion addresses are to DDOS, which is arguably harder to block due to the nature of anonymity. There's some progress with trying to resolve this issues (PoW requirement, etc) , presumably due to the massive DDOS a while back.

I assume theymos doesn't want to mess with Tor for now, and sacrifice having to deal with tons of DDOS coming in from Tor at the expense of having the user jump through loops using CloudFlare.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 18, 2023, 02:04:49 AM
#24
I'll quote myself here: Can the forum get a .onion domain for Tor users? That doesn't stop DDOS entirely, but at least it leaves an option without Cloudflare.
full member
Activity: 756
Merit: 133
- hello doctor who box
July 17, 2023, 03:17:48 PM
#23
I think a bump is really necessary considering the discussions already on my last topic which you can find on this url https://bitcointalksearch.org/topic/cf-keeps-banning-tor-connection-5460048

I have no use of that topic, hopefully the extended discussions on this topic will bring a new idea against CF.

Thank you.
full member
Activity: 123
Merit: 474
October 02, 2018, 05:51:39 PM
#22
I just managed to log in now, but couldn't use the site at all yesterday.  Even today it took me way too long because of the captcha (wasted so much time training Google AI to improve its spying capability  Undecided).

The initial Cloulflare page with the captcha isn't the problem, it's the log in page with the issues.  I think some sort of creative solution as suggested by some is possible here.  Maybe a whitelist of PGP keys?  Users can put their public key in their account somewhere, and those with enough trust can log in without the captcha by signing some arbitrary text?
full member
Activity: 574
Merit: 152
October 01, 2018, 09:37:05 AM
#21
I don't like CloudFlare. I consider it quite likely to be some sort of government-run honeypot; or if it isn't already, then it could be easily transformed into one. Far too much of the Internet goes through CloudFlare.

Why do we even use it if you think this could possibly be the case? Is it really worth the risk? How effective is CloudFlare at even stopping DDOS attacks or whatever? We've still had a few here whilst we've used it, right?

Is a better Cloudflare-like service something that could be created (I remember you briefly mentioning how you would create one somewhere)? I've suggested in the past that we could use funds that the forum could generate from things like extra ad slots and premium ranks etc for projects that would benefit the community and even the world and this surely could be one, especially with your concerns about it.



Cloudflare is like the defacto standard in anti-ddos services. Also, it's hard to beat free.

Honestly, if the web forum software were designed better, it could be built to be more resistant to DDoS attacks (proper gateways, rate limiting at multiple tiers, etc...).

I don't think the new software is going to solve this issue though. I've been considering trying to build a new forum software myself that allows high horizontal scalability rather than the traditional vertical scaling that we have now.
staff
Activity: 3304
Merit: 4115
October 01, 2018, 09:32:22 AM
#20
Is a better Cloudflare-like service something that could be created (I remember you briefly mentioning how you would create one somewhere)? I've suggested in the past that we could use funds that the forum could generate from things like extra ad slots and premium ranks etc for projects that would benefit the community and even the world and this surely could be one, especially with your concerns about it.


I'd prefer something like this. I would far prefer trusting theymos than that of the NSA. I'm trying to find the previous discussion on this, but can't seem to find it. If anyone can send it over that would be appreciated. I think it was a discussion related to one of the DDOS attacks we had before on the forum.
legendary
Activity: 2968
Merit: 3061
Join the world-leading crypto sportsbook NOW!
October 01, 2018, 05:13:55 AM
#19
I don't like CloudFlare. I consider it quite likely to be some sort of government-run honeypot; or if it isn't already, then it could be easily transformed into one. Far too much of the Internet goes through CloudFlare.

Why do we even use it if you think this could possibly be the case? Is it really worth the risk? How effective is CloudFlare at even stopping DDOS attacks or whatever? We've still had a few here whilst we've used it, right?

Is a better Cloudflare-like service something that could be created (I remember you briefly mentioning how you would create one somewhere)? I've suggested in the past that we could use funds that the forum could generate from things like extra ad slots and premium ranks etc for projects that would benefit the community and even the world and this surely could be one, especially with your concerns about it.

legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
October 01, 2018, 04:32:48 AM
#18
I guess you'd ban Satoshi, then? Feel free to publish your browser history if you "have nothing to hide".
Even if you have nothing to hide, would you walk around nude in public?  Would you live in a house with no window shades?  Would you let everyone listen in on your conversations?

Really, even if you're the most righteous person in the world, would you want everyone to know every fucking detail of your life?  Nobody in their right mind would.  I don't use Tor, but I don't condemn those who do.  Given how much less privacy we have these days because of the internet, using browsers like Tor (and eschewing social media sites like FB, Twitter, and the like) sounds like the smart thing to do.

I have nothing to show either. It isn't show and tell. What I do is none of anyone's business. The presumption that I do something illegal to want privacy is a fallacy.

For a search warrant there has to be reasonable cause. Internet snooping is done by Governments and big business without any plausible reasons.

None of them have any legitimate reason to snoop on me - yet they still do it. I fully empathize with those that want to keep their privacy.
Pages:
Jump to: