[tor-talk] Not comfortable with the new single-hop system merged into Tor

Mirimir mirimir at riseup.net
Thu Dec 22 13:25:18 UTC 2016 

On 12/22/2016 06:00 AM, laurelai bailey wrote:
> Then i completely misread the previous threads. That happens sometimes o_o

Well, you didn't _completely_ misread the thread.

By default, users will be installing a version of Tor which can be
configured to run single-hop onion services. Alternatively, there could
be separate versions. Perhaps someone could explain why that option was
rejected.

> On Thu, Dec 22, 2016 at 6:54 AM, Alec Muffett <alec.muffett at gmail.com>
> wrote:
> 
>> On 22 December 2016 at 11:21, laurelai bailey <laurelaistorm at gmail.com>
>> wrote:
>>>
>>> Which is exactly why you should have this feature as it is. You say its
>>> insulting to users, we say the actual reality of the situation is that
>>> people use TOR who arent computer experts and sane defaults are a needed
>>> thing, to help keep people safe. Dissidents and vulnerable people use
>> this
>>> service, you cant expect them all to be experts and you cant treat them
>>> like they are, because they arent.
>>>
>>
>> Hi Laureai,
>>
>> This is a server-side feature, not a tor-browser feature, so will not be
>> seen nor touched by >99% of Tor users.
>>
>> The default is "off".
>>
>> The enablement means hand-editing a flat text file, and adding two,
>> separate, magical commands to it.
>>
>> Both of which are named to suggest "this feature is about making the
>> webserver that you are about to set up, somewhat less anonymous".
>>
>> And which doubtless will be documented as such.
>>
>> Given this, I believe that the bigger issue, server side, is highlighted by
>> Sarah Jamie Lewis' tweetstorm, earlier today, which I highly recommend,
>> albeit a long read across multiple tweets:
>>
>>     https://twitter.com/SarahJamieLewis/status/811769153220509700
>>
>> ...that a substantial, perhaps overwhelming, source of security risk is
>> from people using software in "default" configurations.
>>
>> Rather than "extremely non-default configurations" as above.
>>
>> I am trying to help fix this latter issue.  Would you like to help, assist,
>> or provide aid, and thereby benefit the people who use Tor?
>>
>> For instance, set up an onion site using the above basic configuration, and
>> test it?
>>
>>     - alec
>>
>> *
>> https://github.com/alecmuffett/the-onion-diaries/
>> blob/master/basic-production-onion-server.md
>>
>>
>>
>> --
>> http://dropsafe.crypticide.com/aboutalecm
>> --
>> tor-talk mailing list - tor-talk at lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>

More information about the tor-talk mailing list