[tor-talk] Tor official list of new .onion addresses?

Nathaniel Suchy me at lunorian.is
Tue Dec 4 22:26:52 UTC 2018


I'll change to v3 Onion Services in the very near future. I hear that there are so many security improvements with v3 Onion Services and can't wait to give them a try :)

Also I agree with the wider point. You are attacking the network and likely violating the Tor Research Ethics Policy that was set out a while back. Publishing a master list is a very bad idea and I hope this never happens.

I like the idea of opt-in lists, but I shouldn't have to speak to opt-out of a list, just remain quiet and not opt-in.

Cordially,
Nathaniel Suchy



Dec 4, 2018, 1:43 PM by meejah at meejah.ca:

> Nathaniel Suchy <> me at lunorian.is <mailto:me at lunorian.is>> > writes:
>
>> It's true that someone malicious can run a HSDir and get some (but not
>> all) of the Onion Addresses however this would assume that your onion
>> address ends up in a malicious HSDir (last time I checked it's
>> published to 5 different HSDirs?).
>>
>
> v3 onions get rid of this enumeration attack entirely. They can be used
> now with a recent Tor.
>
> A wider point here is that "enumerate all .onions" *is* considered an
> attack on the Tor network, so any "list of onion addresses" would have
> to be strictly opt-in.
>
> Anyone can therefore offer such a service (and people have over the
> years done just that).
>
> -- 
> meejah
>
> -- 
> tor-talk mailing list - > tor-talk at lists.torproject.org <mailto:tor-talk at lists.torproject.org>
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
>



More information about the tor-talk mailing list