[tor-onions] web service onionification
Tim Wilson-Brown - teor
teor2345 at gmail.com
Thu Jan 28 20:06:18 UTC 2016
> On 28 Jan 2016, at 00:06, Andreas Krey <a.krey at gmx.de> wrote:
>
> (It also occurred to me that you don't actually
> need to be the clearservice org to be able
> to set up an onion for them, as long as there
> is no https enforced/needed on the onion side.)
Yes, which is a bit of a security nightmare.
Malicious onion sites proxying clearnet or onion sites is a known issue.
There was a post on tor-talk about it recently:
https://lists.torproject.org/pipermail/tor-talk/2016-January/040038.html
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP 968F094B
teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20160129/088333b1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20160129/088333b1/attachment.sig>
More information about the tor-onions
mailing list