Bitcoin Halloween... A Dangerous Idea... They're Terrified We'll Use It

Sun Nov 1 12:05:51 PST 2015

On 11/1/15, oshwm <oshwm at openmailbox.org> wrote:
> ...
> Please accept my apologies if I'm teaching granny to suck eggs, being
> trolled, shit like that but I'm going to assume minimal knowledge of
> this...

the beauty of forever on the web, is that if only one finds your reply useful,
 one day, then all not in vain, even when trolled lightly, or with vigor. ;)

> Basically, you have a bunch of tools designed to hide your
> communications when using the internet.
>
> This particular set of tools has at it's core, The Onion Router (Tor)
> which passes your internet communications via many different proxies
> using multiple layers of encryption so that none of the proxies in the
> middle of this chain can identify the source and destination of the
> connection.
>
> Tor can be used to hide your communications when looking at normal
> websites such as www.cryptome.com but this carries a risk.
> Any of the proxies can be monitored and using traffic correlation you
> can be identified by comparing the communications entering Tor and
> exiting Tor (to reach the website).
>
> To avoid this, you can use Tor to only access Hidden web servers so that
> your traffic never leaves the Tor network, making the traffic
> correlation techniques much harder to do.
>
> These hidden web servers are only visible in the Tor network and their
> web addresses end in .onion
>
> Hence, people referring to onions :)
>
> So, if you wish to view the content on the hidden servers like the one
> coderman linked to then you need access to the Tor network.
>
> The Tor project make a modified version of the Firefox web browser
> available for download and install that gives a simple way to access Tor
> without having to do much messing about with your computer.
> It also, has a modified configuration to reduce the amount of private
> information you leak when using it.
>
> Information from the horses mouth:
> https://www.torproject.org/about/overview.html.en
>
> Download the Tor Browser:
> https://www.torproject.org/download/download.html.en
>
> The quality of information available at the Tor link will far surpass
> what I have just written and you should assume small but possibly
> devastating inaccuracies in my description above :)
>
> Sorry for the long post but I couldn't think of a quick way of writing
> it if you haven't come across Tor before.
>
> There are also other similar systems: i2p, freenet but Tor seems to be
> the most popular.
>
> Something to weigh up though is that Tor was created by the US Navy and
> the project still receives US Government funding so you should probably
> bear this in mind when using it although reading more information on the
> Tor Project's website may or may not reduce feelings of discomfort that
> come from knowing where the funding comes from.
>
> Cheers,
> oshwm

thank you! a reasonable summary for certain.

and Jim,

this special ".onion" domain is reserved by Tor, and recently
officially recognized.

when connecting via SocksPort, and requesting connection to a *.onion
host, tor the process handles this hidden service circuit building
internally, and connects the "hidden server" to your client through
this SocksPort connection.

this is why saying "Onions should not resolve" via normal means,
 is another way of saying "Use the Tor network to access that hidden site."

an excellent detailed technical review is here:
 https://ritter.vg/p/tor-vlatest.pdf

---

pedant detour:
 there is DNSPort and TransPort, which allows transparent proxy of
connections. when behind a transparent Tor proxy, DNS will indeed
resolve onions correctly, and your normal browser can reach these
previously unresolvable/unroutable destinations.

see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
for details and caveats...

best regards,