Ethical Tor

Juan juan.g71 at gmail.com
Wed Nov 11 20:32:59 PST 2015


On Wed, 11 Nov 2015 20:54:21 -0700
Mirimir <mirimir at riseup.net> wrote:

> 
> Anyway, CMU's attack did manage to compromise some onion services,
> most notably SR2.[0] And I'm not impressed with the Tor Project's
> performance. 

	Well, you are not alone. 


	"Recently research had come that shed some light on
	vulnerabilities in Tor Hidden Services protocol which could
	help to deanonymize server locations. Most of the new and
	previously known methods do require substantial resources to be
	executed, but the new research shows that the amount of
	resources could be much lower than expected, and in our case we
	do believe we have interested parties who possess such
	resources.

We have a solution in the works which will require big changes into our
software stack which we believe will mitigate such problems, but
unfortunately it will take time to implement. Additionally, we have
recently been discovering suspicious activity around our servers which
led us to believe that some of the attacks described in the research
could be going on and we decided to move servers once again, however
this is only a temporary solution.

At this point, while we don't have a solution ready it would be unsafe
to keep our users using the service, since they would be in jeopardy.
Thus, and to our great sadness we have to take the market offline for a
while, until we can develop a better solution. This is the best course
of action for everyone involved.

In the mean time we shall do our best to clear all outstanding orders
and we ask all of you users who have money on their accounts, withdraw
them as soon as possible, because we don't want to be responsible for
it during the time when the market will be offline.

During this time, there might be some delays in payouts, since many
people are expected to withdraw money at the same time, but we intend
to resolve any such issues in the end. But we advice you to use only
destination bitcoin addresses that do not expire when you send money
out from Agora, as the payments to them might get delayed.

While the market is offline, do not send any bitcoin to any of your
deposit addresses on Agora. We do not gurantee the safety of any funds
sent there.

Vendors, we strongly advice you to abort any orders that haven't been
sent out or processed yet, as we cannot gurantee what will happen with
the orders in resolution. We shall try to resolve it on a case-by-case
basis, but there might not be time to wait for orders that require long
shipping times.

We are going to handle the situation with the vendor bonds soon, we
need some time to make sure that noone uses this as an opportunity to
start scamming wildly.

All of the market data will be kept intact and be available upon
return, including all of the user history and profile data.


Since our PGP key is nearing expiration date, here is a new PGP key
which could be used to check authenticity of our messages in the future.


-------------

https://www.reddit.com/r/AgMarketplace/comments/3idznd/agora_to_pause_operations/





More information about the cypherpunks mailing list