[tor-talk] Testers Wanted: Human-meaningful onion service names via Namecoin in Tor Browser Nightly

Wed Feb 26 09:37:00 UTC 2020

Hi Tor community!

As we all know, onion services have rather unwieldy randomly derived
base32-encoded names.  This is, of course, a reasonable design, given
the design constraints that onion services have to deal with.  And it
works pretty well, all things considered.

That said, the unmemorable names are also a UX problem, especially for
users who are new to Tor and therefore are accustomed to DNS.  Many Tor
users don't consistently check .onion services' names for correctness,
which introduces the risk of phishing attacks.

So, the Namecoin developers and the Tor Browser developers are running
an experiment, and we'd love to get some feedback from the community.
The currently available Nightly builds of Tor Browser (currently only
GNU/Linux) include optional support for using Namecoin as a naming layer
for onion services.

To try it out, once you have a Nightly version of Tor Browser for
GNU/Linux installed, try running it with the environment variable
"TOR_ENABLE_NAMECOIN=1".  The following domains can be used to test the
support:

http://federalistpapers.bit/
http://onionshare.bit/
http://riseuptools.bit/
http://submit.theintercept.bit/
http://submit.wikileaks.bit/

These domains are held by Namecoin community members who are happy to
donate them to the "rightful" owners on request.  However, since they
haven't been donated *yet*, don't rely on these domains for security
(e.g. you should *not* use this to submit documents to The Intercept).

For somewhat more detailed instructions (e.g. if you don't know how to
get a Tor Browser nightly build, or if you don't know how to set
environment variables), see my workshop notes from the 36C3 Critical
Decentralization Cluster:

https://www.namecoin.org/resources/presentations/36C3/tor-workshop/

Like any experiment, this experiment is only as good as the feedback we
get.  So, if you try it out, please let us know how it goes!  Specifically:

* If it works well for you, please let us know via this thread on the
tor-talk mailing list.
* If you find a bug or otherwise have suggestions for how we could
improve it, please let us know via this thread as well.  (Or, if you're
comfortable with Trac, you can report it as a ticket on Trac; please use
the "Tor Browser" component and add "namecoin" to the keywords list so
that the right people notice the ticket.)

If you're curious about the behind-the-scenes work that went into this
(and you're not afraid of technical details), my talk at the 36C3
Critical Decentralization Cluster may be interesting to you.  See the
following links:

36C3 CDC Slides:
https://www.namecoin.org/resources/presentations/36C3/Adventures_and_Experiments_Adding_Namecoin_to_Tor_Browser_36C3_CDC.pdf

36C3 CDC Video: https://youtu.be/mc51zyflpa8?t=22638

Cheers!
-- 
-Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
moment.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20200226/cd38a1ed/attachment.sig>