[tor-talk] Please suggest domain registrats that are Tor (and bitcoin) friendly.

Zenaan Harkness zen at freedbms.net
Sat Jun 11 10:06:41 UTC 2016


On Sat, Jun 11, 2016 at 08:55:18AM +0000, contact_tor at nirgal.com wrote:
> ng0 wrote:
> > I am not 100% sure about the tor part, but OrangeWebsite[0] supports
> > 2 kinds of coins.
> > You could get in touch with support to ask about the tor part of the question.
> 
> I strongly advise against using orangewebsite: They rent "freshly
> installed servers" with /root/.ssh/authorized_keys that is pre-seed!
> (backdoor)
> Maybe their dns service is ok however...
> 
> (It's a real pity because they use 100% renewable energy, and that was
> great.)

The following may seem cynical, resigned and fatalistic, BUT:

I am Mr ISP.

I run a few boxen and my hosting service, with some hardware level
virtualization, to provide VPSs to inspired individuals.

So my web front end takes a credit card, or some bitcoin, and configures
and spins up a brand spanking new VPS.

The customer must have an initial log in to that VPS. 

Either:
a - I do an initial Debian install, and display the SSH key on the screen
for cut and paste.
b - I offer to receive an initial public key and insert that into the VPS.
c - I somehow provide end customer access to a "lower level" VPS
installer/ console.

Is there any other option?

Assuming option c, where I really go out of my way to maximise customer
trust in my administrative honour.

Now, if I don't actually have administrative honour, the files for the VPS
(e.g. when it's rebooted) or even the current live files (let's assume a
really radical memory-only "live Qubes VPS which dies on any software or
hardware reboot") exist at the very least in memory.

This is a unix system. The VPS files are, or can be mounted somewhere by
root.

Or, I can just write a little memory scanner and look for the appropriate
location for the private keys in memory.


Here's the point: in a VPS situation, you are, absolutely, at the mercy of
the provider of the VPSes, and possibly to the providers of the data
center.


Unless I'm really really missing something obvious about computer
security, your concern is a misunderstanding.

As in, SSH in the first time, and issue/ generate yourself a new key pair
- it's not hard, but won't provide much if any benefit to you. Your
administrator --always-- has root. And that's root at the hardware level,
well below your 'root' access.


More information about the tor-talk mailing list