[tor-talk] Testers Wanted: Human-meaningful onion service names via Namecoin in Tor Browser Nightly
jeremyrand at airmail.cc
Mon Mar 16 16:32:00 UTC 2020
> Hi Tor community!
> As we all know, onion services have rather unwieldy randomly derived
> base32-encoded names. This is, of course, a reasonable design, given
> the design constraints that onion services have to deal with. And it
> works pretty well, all things considered.
> That said, the unmemorable names are also a UX problem, especially for
> users who are new to Tor and therefore are accustomed to DNS. Many Tor
> users don't consistently check .onion services' names for correctness,
> which introduces the risk of phishing attacks.
> So, the Namecoin developers and the Tor Browser developers are running
> an experiment, and we'd love to get some feedback from the community.
> The currently available Nightly builds of Tor Browser (currently only
> GNU/Linux) include optional support for using Namecoin as a naming layer
> for onion services.
> To try it out, once you have a Nightly version of Tor Browser for
> GNU/Linux installed, try running it with the environment variable
> "TOR_ENABLE_NAMECOIN=1". The following domains can be used to test the
> These domains are held by Namecoin community members who are happy to
> donate them to the "rightful" owners on request. However, since they
> haven't been donated *yet*, don't rely on these domains for security
> (e.g. you should *not* use this to submit documents to The Intercept).
> For somewhat more detailed instructions (e.g. if you don't know how to
> get a Tor Browser nightly build, or if you don't know how to set
> environment variables), see my workshop notes from the 36C3 Critical
> Decentralization Cluster:
> Like any experiment, this experiment is only as good as the feedback we
> get. So, if you try it out, please let us know how it goes! Specifically:
> * If it works well for you, please let us know via this thread on the
> tor-talk mailing list.
> * If you find a bug or otherwise have suggestions for how we could
> improve it, please let us know via this thread as well. (Or, if you're
> comfortable with Trac, you can report it as a ticket on Trac; please use
> the "Tor Browser" component and add "namecoin" to the keywords list so
> that the right people notice the ticket.)
> If you're curious about the behind-the-scenes work that went into this
> (and you're not afraid of technical details), my talk at the 36C3
> Critical Decentralization Cluster may be interesting to you. See the
> following links:
> 36C3 CDC Slides:
> 36C3 CDC Video: https://youtu.be/mc51zyflpa8?t=22638
Relaying a couple of test reports from other venues to this tor-talk
thread so that the right people see them.
Masayuki Hatta tested the Namecoin support at 36C3 and posted feedback
(including a demo video) on Twitter:
LinuxReviews.org posted an article in February about the Namecoin
support, including a screenshot they took of it working.
More test reports would be very helpful; if anyone on this list would
like to test it out and report back (even if it's as short a report as
"it works fine"), it would be greatly appreciated.
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the tor-talk