Konto erstellenAnmelden

Frühere Suchanfragen

Keine früheren Suchanfragen

Suchoptionen

Nur verfügbar, wenn angemeldet.
nrw.social ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Wir sind eine freundliche Mastodon Instanz aus Nordrhein-Westfalen. Ob NRW'ler oder NRW-Sympathifanten, jeder ist hier willkommen.

Verwaltet von:

Serverstatistik:

2,9 Tsd.
aktive Profile

nrw.social: ÜberStatusProfilverzeichnisImpressum/Datenschutz

Mastodon: ÜberApp herunterladenTastenkombinationenQuellcode anzeigenv4.3.7

#OnionServices

1 Beitrag1 Beteiligte*r0 Beiträge heute
Antwortete im Thread
Öffentlich
Kevin Karhan :verified:

@koenvh #FunFact: THIS is actually real when it comes to #OnionServices on #Tor / @torproject despite (or rather because of) having a self-routing and self-administrating, self-authentificating namespace utilizing #Pubkeys for addressing.

Mine merely covers a few #BonaFide ones and there are literal #scam businesses when it comes to the kinds of sites I won't name nor list!

This is a list of substantial, commercial-or-social-good mainstream websites which provide onion services. - alecmuffett/real-world-onion-sites
GitHubreal-world-onion-sites/master.csv at master · alecmuffett/real-world-onion-sitesThis is a list of substantial, commercial-or-social-good mainstream websites which provide onion services. - alecmuffett/real-world-onion-sites
Antwortete im Thread
Öffentlich *
SkotchY

@cadey My thoughts on #Anubis after encountering it multiple times as a user:
* mascot is nice, creative and intuitive to understand
* as a user of tor it works! cloudflare and others reject me as a bot, but anubis left me through, thank you
* onion services do not require anubis protection, though, right? Since they have their own proof of work system integrated by default …
blog.torproject.org/introducin

… equi-x function based on what Tor uses?
pony.social/@cadey/11423626384

blog.torproject.orgIntroducing Proof-of-Work Defense for Onion Services | Tor ProjectToday, we are officially introducing a proof-of-work (PoW) defense for onion services designed to prioritize verified network traffic as a deterrent against denial of service (DoS) attacks with the release of Tor 0.4.8.
#OnionServices#tor#proofof
Öffentlich *
Adam - K3CAN

Trying to understand how to host an #onion site. Can someone confirm if I'm understanding this correctly and maybe fill in a gap or two?

The #tor client runs on a server and (somehow) receives requests from the network. The tor client then sends those requests to a webserver (via IP:Port), where the server does its normal thing by checking the host requested and matching it to the appropriate virtual server block. The site is served by the webserver back the tor client, who in turn sends it back out over the tor network.

Is that right? What port does the tor client actually listen to for incoming requests (what would I need to allow in my firewall)? Do tor and the webserver have to run on the same machine, or can I run tor on my reverse proxy and have it point to a webserver on another machine like a standard http site? If I have multiple clearnet and onion sites on the same server, is there any risk of one exposing the other?

#selfhost#onionservices
Antwortete im Thread
Öffentlich
Kevin Karhan :verified:

@not2b @dangillmor I mean, she's just a #cyberfacist like #Zensursula, and the only correct way to deal with these #facists is to "#EncryptHarder!" (with #XMPP+#OMEMO & #PGP/MIME) and tunnel everything through @torproject / #Tor and setup #OnionServices for everything!

#kyc#illicitactivity#pii
Antwortete im Thread
Öffentlich
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Antwortete im Thread
Öffentlich
Kevin Karhan :verified:

@ploum instead of @signalapp which also falls under #CloudAct and is also a #Proprietary, #SingleVendor & #SingleProvider solution, consider #XMPP+#OMEMO for real #E2EE with #SelfCustody of all the keys!

#email#chat#ads
Antwortete im Thread
Öffentlich *
yawnbox :rebel:

In case you don't know, @cwtch is a decentralized end to end encrypted chat app

there's no servers by default, meaning no central authority

transport is based completely on Tor onion services, which itself is decentralized and provides automatic and transparent end to end encryption

(though @torproject still hasn't deployed any post-quantum cryptography into Tor, Cwtch is not as robust as newer PQ Signal or iMessage)

the profile ID that you share with your people is based on the Tor onion address that your profile is using for communications. if you shut down Cwtch, your Tor onion address also gets shut down, so you can't receive messages while you're offline, by default

it's my opinion that using Tor onion services for chat apps is a no-brainer. everyone with a Cwtch profile is both a client and a server. you are your own server. because of how Tor onion services works, as a reverse proxy, you don't need to host a "public" service on the internet. and e2ee, key management, encryption is all automatic. you can't fuck it up! its crazy to me that apps like Matrix don't take advantage of this. Tor onion services is an extremely powerful tool and so many people ignore or think of FUD

#Tor#onionservices#anonymity
Antwortete im Thread
Öffentlich
Kevin Karhan :verified:

@cryptoparty +9001%

Außerdem geht es darum #Massenüberwachung so kostenintensiv und unrealistisch wie möglich zu machen...

Hier muss die doppelte*" Aggression"* geliefert werden die #Cyberfaschisten uns #Polizeistaat-Fans an den Tag legen!

Antwortete im Thread
Öffentlich
Kevin Karhan :verified:

@dw_innovation okay, maybe not the answer I hoped for given that this means manually dropping security in @torproject / #TorBrowser.

  • Still I'm not completely sketched out by that given #DWnews reputation, but I know this could he done better, as various websites and even stores and forums as #OnionServices showcase...

Given upcoming #accessibility requirements in #Germany I'm convinced cross-testing with #LynxBrowser over #Tor will likely be one of those things that'll necessitate changing that.

  • A potential workaround is to use an "accessibility proxy" like @ActionRetro 's #FrogFind ¹ which already comes in handy on extreme narrowband connections like #Iridium ²...
www.youtube.com - YouTubeAuf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
#frogfind#iridium
Öffentlich
Kevin Karhan :verified:

#BlamingTheUser instead of #FixingTech is just a #TechBro way of #VictimBlaming!

#FACT: #JavaScript is a clear case of everything wrong with modern tech stacks and it

Espechally when the situation is so obvious...

If your website can't be used with #LynxBrowser over #Iridium and/or #TorBrowser in it's strictest security settings, than it should be illegal!

If you need evidence for the woeful unnecessarity of JS, please go and look up all the #OnionServices that don't!

  • AS IT SHOULD BE!
hj@shigusegubu.club fractured :flag: @hj@shigusegubu.club @kkarhan @radmin @SuperDicq the only #TechIlliterate here is you. Learn how to use Adblock and/or Umatrix to block undesireable js instead of avoiding it entirely like a caveman. 29. July 2024, 11:39
hj@shigusegubu.club fractured :flag: @hj@shigusegubu.club @kkarhan @radmin @SuperDicq >WHAT ABOUT #THXBYE #EOD IS NOT CLEAR? if you #EOD then why are you continuing it? I'm continuing discussion with other people participating, you don't need to reply. >THE WHOLE #ADBLOCKING STUFF LIKE #NoScript SHOULD NOT HAVE A REASON TO EXIST TO BEGIN WITH! Much like anti-virus and other anti-malware and such, firewalls shouldn't exist, all C programs must be compiled from source and made with benign and honest intend with no malpractices and no accidents ever. >I AVOID THAT SHIT BECAUSE IT IS A NET NEGATIVE TO THE WORLD, LIKE #WINDOWS, AND THUS I WON'T WASTE TIME OR ENERGY HAVING TO CLEANUP DIGITAL FECES FROM MY TRAFFIC AFTER I GOT.IT SHIT ALL OVER THE WEB!!! you avoid it but rest of the world can't. It's all over the world, have you seen CrowdStrike outage? >THERE IS NO LEGITIMATE REASON FOR #JavaScript WHEN THERE ARE AMPLE OF RICH WEBSITES, ESPECHALLY #OnionServices SHOWING THAT THEY DON'T NEED THAT SHITE! There is legitimate reason, it's called making a GUI application. Can you please disable your cruise control (aka CapsLock)?
Comparison Meme: - Ancient Roman Road in pristine Condition: "UNIX PROGRAM WRITTEN 30 YEARS AGO" - Modern Street with huge craters and bumps in it: "JS PACKAGE WRITTEN 30 MONTHS AGO"
Antwortete im Thread
Öffentlich
Kevin Karhan :verified:

@hj @radmin @SuperDicq

  1. WHAT ABOUT #THXBYE #EOD IS NOT CLEAR?
    infosec.space/@kkarhan/1128691

  2. THE WHOLE #ADBLOCKING STUFF LIKE #NoScript SHOULD NOT HAVE A REASON TO EXIST TO BEGIN WITH!

  3. I AVOID THAT SHIT BECAUSE IT IS A NET NEGATIVE TO THE WORLD, LIKE #WINDOWS, AND THUS I WON'T WASTE TIME OR ENERGY HAVING TO CLEANUP DIGITAL FECES FROM MY TRAFFIC AFTER I GOT.IT SHIT ALL OVER THE WEB!!!

  4. THERE IS NO LEGITIMATE REASON FOR #JavaScript WHEN THERE ARE AMPLE OF RICH WEBSITES, ESPECHALLY #OnionServices SHOWING THAT THEY DON'T NEED THAT SHITE!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@hj@shigusegubu.club @radmin@limepeeps.perchinup.top @SuperDicq@minidisc.tokyo Well, no. That assumes I'd install such garbage to begin with! And yes [JS is malware]( https://mastodon.sdf.org/@gnemmi/112869080794988869 )... - There's no reason for something like that to require a fucking app when 25+ years ago a goddamn website would do just fine... But hey go live in the dystopian world where everyone but you is a #TechIlliterate #Zoomer... I've got more pressing things to do than debate bs. #thxbye #next #EOD
#thxbye#EOD#adblocking
EntdeckenLive-Feeds
Über