Virgil Griffith i@virgil.gr writes:
- Opt-in HS indexing service
I offer to captain and lead development of this one.
Thanks for offering to help!
My main goal with this project would be to increase visibility of Hidden Services: make it easy for people to find Hidden Services that want to be found.
Search engines are very important for this, since they basically make the Internet easy and fast to navigate [0].
However, I see a few advantages of doing this directly on the Tor client instead of relying exclusively on HS search engines:
a) Currently, an HS operator that wants to get more visitors has to find an HS search engine and insert her HS in there. Or advertise in forums. Or hope that the HS gets noticed and linked from somewhere (and that existing HS search engines crawl links).
This future would allow the HS operator to add: PublicHiddenService 1 in her torrc, and automatically the HS would register itself somewhere and search engines would auto-learn about it [1].
b) By baking this feature in the Tor client, you can do digital signatures using the HS identity key which might allow secure naming systems to be built.
For example, you could send to the HS authority a signed name for your HS and a signed HS descriptor. And the HS authority could maintain a {petname : signed descriptor} map that would give assurance to clients that the name was actually chosen by the HS with that descriptor.
But to be honest, I haven't really thought about this topic and I don't believe strongly in my arguments above.
What I would do as the first step here would be to understand whether this idea has value. Maybe it's something that adds extra complexity, and HS operators should just do manually. To do that I think we should enumerate the various use cases and solutions that can be offered.
Use case examples: - HS Social network that wants to increase its userbase - IRC network that wants to increase its userbase - HS website that suffers from phishing and vanity key attacks. - ...
Notice that some use cases want visibility and other might want security. Can an Opt-In HS indexing service help them?
What solutions could be offered:
- An HS authority that archives HS names or descriptor. HS search engines and clients can look up descriptors. What's the threat model of the authority? Should it be hosted by Tor or not necessarily?
- An HS authority that facilitates some sort of petname scheme. But with what interface? A TBB plugin? How are the I2P guys doing it?
- Output a file in DataDirectory that people are supposed to submit to an HS authority if they want.
- A GNS setup that offers secure/decentralized/human-memorable naming system. But what to do with all those zones and master zones and stuff? I don't know how to make that usable (both for clients and HS operators).
- Maybe none of these things should happen, and this is entirely a bad idea that adds more code to Tor, has dangerous misconfiguration consequences, has dangerous phishing potential and doesn't really add any value.
- More ideas.
This is more of a braindump, but a more structured response would need to wait many days, so release early release often :)
Let me know if you find this interesting and what are your thoughts :)
[0]: See https://moderncrypto.org/mail-archive/messaging/2014/000944.html for an analysis on why people use search engines instead of the address bar.
[1]: Let's leave bikeshedding about the name of the torrc option and how alarmist it should be for later.