[tor-dev] Hash Visualizations to Protect Against Onion Phishing

[ncl at cock.li]

I came across this thread from the weekly news post for this week, so
please excuse me if I've missed some from just skimming through the posts.

Having randomart/gravatars/poems/etc seems like a rather interesting
topic, but seriously adding it to tor, there seems to be a few problems
in my mind:
a) This doesn't stop someone from phishing if the target has never seen
   the hs address before. (proving identities is another issue though I
   guess, the focus on this discussion being how to implement TOFU.)
b) People's memories are imperfect and even if with a system that may
   generate wildly distinct results even with similar addresses,
   remembering a number of those will become a blur.
c) This all seems rather complicated.

Since the point seems to just be keeping a record that addresses match
once you're reasonably sure you've found the right one, wouldn't
something of an "address book" be much simpler and easier? It might not
even need to be a feature of tor/tbb, but maybe just a tip to users.

It could be something as simple as a gpg-encrypted text file if you're
worried about leaking sites you visit.
(I hope I don't get much about using "gpg" and "simple" in the same
sentence.)


Another few things popped up in my mind while thinking about this:
- Should tbb distribute hsts preload-like lists for HS's (eg
  for securedrops?)
- A set of guidelines should be published on how an HS owner should
  prove their identity. (wouldn't want another sigaint incident!)
- Can/should a system be set up to monitor HS addresses that are
  similar to existing ones?
- For HS's which do not need to be as anonymous, should a tor-specific
  CA be created, or be encouraged to try and use a CA as a means of
  extra verification?
  A tor-specific CA might be better, since an attacker might be able to
  get their phishing cert signed. If the previous point is implemented,
  more precautions could be put in place to verify an HS's identity.