- tor-onions - lists.torproject.org

Probably-stupid question about Circuit IDs
by Alec Muffett 23 Sep '18

23 Sep '18

Hi All, I'm just skimming Mahrud's patch at https://github.com/mahrud/tor/commit/a81eac6d0c0a35adc6036e736565f4a8e2f806… ...referenced from elsewhere, and also from the blog post: https://blog.cloudflare.com/cloudflare-onion-service/ Luckily for us, the IPv6 space is so vast that we can encode the Tor > circuit number as an IP address in an unused range and use the Proxy > Protocol to send it to the server. Here is an example of the header that > our Tor daemon would insert in the connection: ...and it makes me wonder how far back up the chain of hops towards the client, that the circuit ID is visible to a malicious relay? Is it mostly-hidden several onion-skins down? I presume it's not trackable all the way from the client's guard? Am thinking about the necessary scope for a correlation attack. -a -- http://dropsafe.crypticide.com/aboutalecm

4 5

Draft: Different Ways To Add Tor Onion Addresses To Your Website
by Alec Muffett 22 Sep '18

22 Sep '18

I've spent the morning pulling together a bunch of draft thoughts regards the technical pros/cons of differing forms of site onionification; thoughts, comments & feedback are warmly welcomed: https://medium.com/@alecmuffett/different-ways-to-add-tor-onion-addresses-t… - alec (ps: apologies if you see 2+ copies of this, I am treating maillists separately) -- http://dropsafe.crypticide.com/aboutalecm

1 0

TBB 8 alt-svc and redirecting alt-svc'd users to navigate via the .onion
by Mike Tigas 21 Sep '18

21 Sep '18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hey y'all, Copying this over from a reply I made to tor-talk (since I mentioned it over in the #tor-onions IRC channel). Basically 1) confirming that alt-svc does seem to work consistently in newer TBB, and 2) a fun accident in sending a HTTP 302 to folks that get to the onion via alt-svc. > [...] > In any case, I did a quick test on propublica.org *not* using cloudflare's built-in onion service feature (since we're running our own with our own EV cert anyway), and wanted to mention it here: > > Set `alt-svc: h2="www.propub3r6espa33w.onion:443"; ma=300`, and looks like TBB (8.5a1) actually did silently switch over to using the onion for the connection. As above, there'd generally be no outward indication to the user that this has happened, except I'd actually configured the onion proxying bits (right now running nginx) to throw the browser a 302 redirect to the onion domain if the HTTP Host header isn't the onion domain. So, I'd inadvertently set this up to work where the user actually > does get fully redirected over to the onion. > > (I've since taken off the alt-svc header, since that was just a quick test and I'll need to figure out if that's behavior we want in lieu of the TBB UI getting an explicit user interaction before moving to the alt-svc. But figured that's worth mentioning for folks who _do_ want to easily make a clearnet domain redir TBB to an onion domain.) > > [1]: https://trac.torproject.org/projects/tor/ticket/27590 > [2]: https://trac.torproject.org/projects/tor/attachment/ticket/21952/21952.png Anyway, that was a fun and awesome surprise. Perhaps should be obvious, but honestly I had no idea how the alt-svc behavior was going to work. Hopefully this is helpful to others? - -- Mike Tigas https://mike.tig.as/ -----BEGIN PGP SIGNATURE----- Comment: https://mike.tig.as/pgp/ Comment: http://tigas3l7uusztiqu.onion/pgp/ iQIzBAEBCgAdFiEEGzfVMu3Uhpsce8OaFLh4upXaaEoFAluley0ACgkQFLh4upXa aEp25g//ZvfORMnDMc4kf0OicTYRsv0mJUA/QS7GAqtpNX4Su5iqQWRYN8yE80iU a3u06z+V1lVCLW5GKjGdPZjcxtAaRmq+fezR9ScUhxIg+BdeApQHUpYgf7DABZtL ImYNx8dO3gkFjbmA0P6Cpxzf5Fl8nYMuyH40LivlufWERapYX9r6YKTR0o0zmkzj 06A9E7wPGeJxnbD+pc8XxSdtCJhxFRGVqoT9MqnRkiMTRU1Dh2Fbriyaqx1iHj/H CjCGIE3A9WmGdUKlRgcJzMFoRz/GXLnxGzEjT3eOu56BA3CY/ShYyUMmUf3ILj0s 8L5UHs7zlzSWFpfqO7kYrm0IJForS32DxtsQHGcVyz6Hi+UHBHoWob+1caukWX4G CI7sC+rw//M3iGxJddRUYHTNh8ZJSpglDAP0mBd3qBCTvBHTDuqBopfLr4/Vs3MY DKTYmjT+vp2HeXu3gT7S8E+aF40WmFNmQLBvnxqb0PclbhRxXhd+5UxAfzv6EW0L oZgL4vQzuEjV4j15vozqlojTInIlrpLdWAmx0xAhRfQIdjSHlWWXhkKdGIl12H76 wswRkBi2LHBzPANx7VkMT7FItF7+Hcw5MwEsZ8NJV7P6mWZ8CtT8fUJaPLAAYaBX q0UELMhkXQi6XoX7M8WRfY/d8R71fNUgzJTUNffktE3yBpxdliWIuAQBEwoAHRYh BOk8LVk3LzcQmzAuvZFvvD/f12DEBQJbpXstAAoJEJFvvD/f12DE4fkCCM54+/b8 Z3qI9XBUC2iNgjaFuVYd8IgS0ikl5xLMePJTZVp1FxrNhBmqd0G8JwhRxOq6PNWf tPH7VLpv1jtPX/AGAgkBqemkYIZnEGujCdQuiYjyHDsiWofIjcycX3ei593IDMXp NqdrFz2/auLeZYHBPKaH5ts4Vj+xIAW4Zk0DBafmQfM= =XpLQ -----END PGP SIGNATURE-----

3 5

Privacy Audits for Onion Services
by Jason S. Evans 20 Sep '18

20 Sep '18

Hi all, How can I best audit an onion service to make sure that my IP can not easily be compromised? Is there a list of things to do to try to hack my own site to try to find the IP? Thanks! Jason

9 9

(no subject)
by Michael Rex 08 Jul '18

08 Jul '18

???? what is this?

3 3

(no subject)
by Michael Rex 07 Jul '18

07 Jul '18

How do i see anything?

1 0

qmail as MTA to .onion emails
by copyleftie 20 Jun '18

20 Jun '18

Hello tor-onions, I've been trying to set up email behind an onion service with (net)qmail. Receiving works, but I'd like to send mail to .onion addresses, using qmail as my MTA if possible. `torsocks sendmail` doesn't work here because qmail's `sendmail`-like doesn't do SMTP (see [1]). Has anyone tried this? Would hacking a `qmail-remote` wrapper to exec `torsocks qmail-remote.original` work? Would transparent proxying be a bad idea? It isn't critical that I get this to work. I just think it would be cool. Thanks, copyleftie [1] https://cr.yp.to/qmail/pictures/PIC.local2rem

2 1

Re: [tor-onions] tor-onions Digest, Vol 21, Issue 3
by DAVE 19 Jun '18

19 Jun '18

Hi, I am not sure how important the set up of new email would be. I have a question as a new person to tor-onion and cryptocurrency. I started with coinbase, I added my bank and account. I was told it takes 7 days to get bitcoin. Is this normal and every time I want to load money go through that process? Or is there A easier way? thanks for the help. On Tue, Jun 19, 2018 at 8:00 AM, <tor-onions-request(a)lists.torproject.org> wrote: > Send tor-onions mailing list submissions to > tor-onions(a)lists.torproject.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions > or, via email, send a message with subject or body 'help' to > tor-onions-request(a)lists.torproject.org > > You can reach the person managing the list at > tor-onions-owner(a)lists.torproject.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-onions digest..." > > > Today's Topics: > > 1. qmail as MTA to .onion emails (copyleftie) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 19 Jun 2018 06:29:05 -0400 > From: copyleftie <copyleftie(a)protonmail.com> > To: "tor-onions(a)lists.torproject.org" > <tor-onions(a)lists.torproject.org> > Subject: [tor-onions] qmail as MTA to .onion emails > Message-ID: > <OqhWEEsBaFPec2wd5YVrBGCT3RJO0aUF3QRTaQvr9zAZTL3ih8WNF4jlsNM3bxM_0wDkCGmAYEHmrYpM38_Q3NXpxm0X9_aI53m0F-NZmbI=(a)protonmail.com> > > Content-Type: text/plain; charset=UTF-8 > > Hello tor-onions, > > I've been trying to set up email behind an onion service with > (net)qmail. Receiving works, but I'd like to send mail to .onion > addresses, using qmail as my MTA if possible. `torsocks sendmail` > doesn't work here because qmail's `sendmail`-like doesn't do SMTP > (see [1]). > > Has anyone tried this? Would hacking a `qmail-remote` wrapper to exec > `torsocks qmail-remote.original` work? Would transparent proxying be > a bad idea? > > It isn't critical that I get this to work. I just think it would be cool. > > Thanks, > copyleftie > > [1] https://cr.yp.to/qmail/pictures/PIC.local2rem > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > tor-onions mailing list > tor-onions(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions > > > ------------------------------ > > End of tor-onions Digest, Vol 21, Issue 3 > *****************************************

1 0

Best tool for Mining V3 Addresses? (Quick Answer Preferred)
by Alec Muffett 10 Jun '18

10 Jun '18

Hello All! A friend was asking me what the current preferred tool(s) are for mining V3 onion addresses; I am aware of mkp224o but am dimly aware of something that Yawning hacked-up a while ago; but I don't know of much else? -a -- http://dropsafe.crypticide.com/aboutalecm

3 3

HS/Relay Multitenancy
by Gareth Llewellyn 07 Jun '18

07 Jun '18

Leading on from a discussion on Reddit's /r/onions; Given an operator who is "dual stacking" their website on both example.com and example.onion yet finds themselves with spare CPU/RAM/bandwidth and wants to operate a relay too what is the current community opinion of this? (given the caveats / conditions detailed below) On the inverse I operate a set of Exits [1] but these servers also have secondary services (ssh, grafana, httpd) that are exposed with onion services. There are recommendations for running multiple relays on the same host to maximize the CPU/bandwidth etc so I'd be interested if the community still opposes the running of HS' and Relays given the following conditions; 1. No anonymity concerns from downtime correlation (example.com == example.onion) 2. Relay daemon is a separate instance to HS daemon 3. Relay daemon and HS daemon bind to different IPs 1. https://metrics.torproject.org/rs.html#search/flag:exit%20as:AS28715

3 3