[tor-talk] Giving Hidden Services some love

[Katya Titov]

Thomas White:
> As per Nick's post, I fully agree that hidden services do need some
> work, but I imagine the vast majority of people on this list are not
> skilled in the languages and areas required to do any kind of
> technical reform to them. However, technical reform of them is only
> one aspect.
> 
> I've been launching a few of my own hidden services recently with some
> useful things such as Tor project mirrors, as well as my own
> client-side encrypted file host/sync which I've currently got in
> private beta (email me privately if you want to give it a test drive).
> In order to make hidden services a bigger priority and to potentially
> attract more funding from sponsors to Tor Project, I think we as a
> community need to make better use of them. They are end to end
> encryption, thus have held up very well against nation state attackers
> like the NSA and GCHQ, and they do not require exits and that makes
> use of the underutilised capacity of the non-exit relays in the
> network.
> 
> If anyone has any thoughts on what they would like to see as a hidden
> service, I am all ears to suggestion. Whether you can build it or not
> (so yeah, even if it is just an idea throw it at me) I'd love to know
> what you want to see in hidden services.
> 
> One of the primary ideas in the works right now for myself is a shared
> host environment which I and a few others are experimenting with ideas
> for, but the premise is each person would be assigned a small virtual
> machine and they could host Wordpress blogs for example, or whatever
> else that would make people more comfortable using hidden services.
> 
> So to conclude - if you've got ideas, I'd love to hear them!

Hi Thomas,

It would be interesting to see big sites out there providing more
resources within the Tor network, i.e. offering hidden services
themselves. Maybe this could be an area of exploration: rather than
hosting sites yourself, provide information, encouragement and advice
to others to run their own HS. Maybe run a HS which is just a proxy
into their clear web site, with their permission, as an initial step?

This could be combined with a change to HTTPS Everywhere to prefer HS
sites over clear web sites, just as it prefers HTTPS over HTTP. (I
think this has been mentioned before?)

This would lead towards an environment where there is less need to
leave the Tor network itself. Many providers are completing the
end-to-end model and also encrypting their internal links, the next
logical step may be to operate within an environment which is outside
the reach of state monitoring, or at least further from their grasp.

(This could lead to further Balkanisation of the Internet, and could
also lead to more direct competition between Tor and I2P ... but I'd
wager that this won't increase the likelihood of Balkanisation, and
competition should be good for both projects.)

Slightly off-topic: if use of hidden services is going to expand then
this may be an opportune time to ensure that they will continue to work
into the future, e.g. who is going to own the .onion TLD? Should the
Tor Project make a bid for it? Should HS change the way they are
addressed? I don't know how the code works now, but I assume that there
is something which stops DNS lookups of .onion domains and just
redirects them toward a HS lookup. What happens when the Oxnard Chamber
of Commerce claims that TLD?
-- 
kat