<div dir="ltr">The server is temporarily down due to security improvements, thank you very much for your suggestions.</div><div class="gmail_extra"><br><div class="gmail_quote">2017-03-10 21:02 GMT+01:00 simone raponi <span dir="ltr"><<a href="mailto:raponi.1539620@studenti.uniroma1.it" target="_blank">raponi.1539620@studenti.uniroma1.it</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">2017-03-10 21:13 GMT+01:00 ng0 <span dir="ltr"><<a href="mailto:contact.ng0@cryptolab.net" target="_blank">contact.ng0@cryptolab.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Massimo La Morgia transcribed 6.7K bytes:<br>
<div><div class="m_-8993090501787817188gmail-h5">> On Fri, Mar 10, 2017 at 5:39 PM, David Fifield <<a href="mailto:david@bamsoftware.com" target="_blank">david@bamsoftware.com</a>><br>
> wrote:<br>
><br>
> > On Fri, Mar 10, 2017 at 12:58:55PM +0100, Massimo La Morgia wrote:<br>
> > > we are a research group at Sapienza University, Rome, Italy. We do<br>
> > research on<br>
> > > distributed systems, Tor, and the Dark Web. As part of our work, we have<br>
> > > developed OnionGatherer, a service that gives up-to-date information<br>
> > about Dark<br>
> > > Web hidden services to Tor users.<br>
> ><br>
> > ...and presumably helps you build a crowdsourced list of onion services<br>
> > that you plan to use for some other research purpose?<br>
> ><br>
><br>
> yes, of course in this way we are building a crowdsourced list of onion<br>
> services, but is not really different from onion directories.<br>
> At this time we have no plan for other research that use this crowdsourced<br>
> list.<br>
><br>
><br>
> ><br>
> > If you're planning a research project on Tor users, you should write to<br>
> > the research safety board and get ideas about how ot do it in a way that<br>
> > minimizes risk.<br>
> > <a href="https://research.torproject.org/safetyboard.html" rel="noreferrer" target="_blank">https://research.torproject.or<wbr>g/safetyboard.html</a><br>
> ><br>
> ><br>
> thank you for the suggestion.<br>
><br>
><br>
> > This idea seems, to me, to have a lot of privacy problems. You're asking<br>
> > people to use Chrome instead of Tor Browser, which means they will be<br>
> > vulnerable to a lot of fingerprinting and trivial deanonymization<br>
> > attacks.<br>
><br>
><br>
> No we are not asking people to use chrome for browsing on tor, but we are<br>
> offering a service that can help them to know if a onion address is up<br>
> before start to surf with Tor Browser<br>
<br>
</div></div>Having only an extension for Chrome based browsers implies asking users<br>
to use Chrome based browsers. If there were a choice between Firefox and<br>
Chrome extensions, it would be less clear and not implying.<br></blockquote><div><br></div></div></div><div>Yes, you're right, but we have created this extension in order to offer a service to people. </div><div>We chose to start with Chrome because it has a greater number of users.</div><div>We would be happy if it will be used and also developed for Firefox.</div><span class=""><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="m_-8993090501787817188gmail-"><br>
> > Your extension reports not only the onion domains that it<br>
> > finds, but also the URL of the page you were browsing at the time:<br>
> > var onionsJson = JSON.stringify({onions:onions, website:<br>
> > window.location.href});<br>
> > You need to at least inform your research subjects/users what of their<br>
> > private data you are storing and what you are doing with it.<br>
> ><br>
><br>
> As you can see from the source code we are not storing any sensitive data<br>
> like ip or users information. do you think that only URL page can damage<br>
> user privacy?<br>
<br>
</span>This aside, do you just check if the page still exists or the top level<br>
onion domain you found this page on? If so, this would be an improvement<br>
I'd suggest, to only use the toplevel domain.<br>
I have not looked at your code.<br></blockquote><div><br></div></span><div>Thank you for the suggestion, we'll improve the website's URL management asap.</div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="m_-8993090501787817188gmail-im m_-8993090501787817188gmail-HOEnZb"><br>
><br>
><br>
><br>
> > You're using two different regexes for onion URLs that aren't the same.<br>
> > The one used during replacement doesn't match "https", so I guess it<br>
> > will fail on URLs like <a href="https://facebookcorewwwi.onion/" rel="noreferrer" target="_blank">https://facebookcorewwwi.onion<wbr>/</a>.<br>
> > /^(http(s)?:\/\/)?.{16}(\.oni<wbr>on)\/?.*$/<br>
> > /(http:\/\/)?\b[\w\d]{16}\.on<wbr>ion(\/[\S]*|)/<br>
> ><br>
><br>
> Yes, you right, thank you for the feedback.<br>
<br>
</span><div class="m_-8993090501787817188gmail-HOEnZb"><div class="m_-8993090501787817188gmail-h5">> ______________________________<wbr>_________________<br>
> tor-dev mailing list<br>
> <a href="mailto:tor-dev@lists.torproject.org" target="_blank">tor-dev@lists.torproject.org</a><br>
> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" rel="noreferrer" target="_blank">https://lists.torproject.org/c<wbr>gi-bin/mailman/listinfo/tor-de<wbr>v</a><br>
<br>
</div></div></blockquote></span></div><br></div></div>
</blockquote></div><br></div>