[tor-talk] torproject forum hosted by 3rd party?

nusenu nusenu-lists at riseup.net
Fri Oct 29 14:00:50 UTC 2021


the Torproject is about to launch the new Discourse based forum next week [1]

With this email I'd like to initiate a discussion on whether it is a good idea to externalize
hosting of what might become a important platform for the tor community.

I believe discourse is a great platform, but
I was surprised to learn that the forum is _not_ self-hosted on torproject infrastructure.
It is hosted by "Civilized Discourse Construction Kit, Inc." the company behind discourse.org.
That means the torproject does not have full control over the infrastructure and its security and logging practices.
Discourse's third party hosting also does not support onion services [2].

The forum privacy policy mentions that IPs get logged and stored over an extensive amount of time
As Jérôme pointed out [5] the forum is also subject to discourse's privacy policy, so maybe it would be good to include a link
to https://www.discourse.org/privacy on https://forum.torproject.net/privacy.

Especially since this forum will be used for tor browser support it will also include people's IP addresses
when they are unable to use tor browser to protect themselves.

When you open https://forum.torproject.net in a browser it will fetch resources from multiple places:

fonts.googleapis.com (Google)
fonts.gstatic.com (Google)
avatars.discourse-cdn.com (proinity LLC, AS44239)
forum.torprojec.net/torproject1.hosted-by-discourse.com (CNAME)  Hurricane Electric LLC

To quote Gaba from the gitlab ticket [3]:
> If there is a risk on running this forum outside TPA infrastructure then we need to change this and host Discourse in TPA.

(TPA is the torproject admin team https://gitlab.torproject.org/tpo/tpa/team)

I agree with Gaba and I'm glad anarcat (torproject admin team) is not totally against self-hosting [4] even though
discourse is docker based.

Self-hosting would also allow for:

- better domain: forum.torproject.org (the torproject.net domain is basically unknown and I guess many people
will be confused. I agree with anarcat to use the .net domain when it is not run on TPA infrastructure)
- no IP logging
- no external resources
- no troubles for tor browser users should discourse decide to enable CAPTCHA or use a CDN that enforces CAPTCHAs in the future

What is the main reasoning for using a 3rd party hosted Discourse instance instead of a self-hosted instance?
(besides the obvious 'so we don't have to patch and maintain it ourselves')

related gitlab ticket:

kind regards,

[1] https://lists.torproject.org/pipermail/tor-community-team/2021-October/000423.html
[2] https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183#note_2740700
[3] https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183#note_2749919
[4] https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183#note_2750060
[5] https://gitlab.torproject.org/tpo/tpa/team/-/issues/40183#note_2751283


More information about the tor-talk mailing list