Why cryptome sold web logs to their paying customers?

Sun Oct 11 19:57:55 PDT 2015

onion.link is an untrusted, upstream CDN, no?

On Sun, Oct 11, 2015 at 10:50 PM, Mirimir <mirimir at riseup.net> wrote:

> On 10/11/2015 08:31 PM, Travis Biehn wrote:
> > Your onion or your clearsite?
>
> What clearsite? One aspect of the design is that lighttpd runs in a VM
> that can't see the Internet except through a Tor-gateway VM.
>
> > How do you establish that your onion and clearsite host the same content?
>
> Running a clearsite just doesn't work for me. It would paint too big a
> target on the server. Anyone not using Tor can just use
> <http://dbshmc5frbchaum2.onion.link/>.
>
> > How do you federate changes from your onion to your clearsite?
> > What do you do if your clearsite gets seized and used to serve up TAO
> > payloads?
>
> Don't have a clearsite :)
>
> > How do you prevent your upstream from logging the IP addresses that hit
> > port 80 and 443? The size of those messages (you know the https sizing
> > attacks which can reveal which particular pages your visitors are on,
> > right)?
>
> Upstream = Tor. And sure, maybe Tor gets hosed.
>
> > How do you make your visitors aware of the above and more? How do you
> > ensure that they saw your message?
>
> Look at my front page :)
>
> > -Travis
> >
> > On Sun, Oct 11, 2015 at 10:15 PM, Mirimir <mirimir at riseup.net> wrote:
> >
> >> On 10/11/2015 07:49 PM, Travis Biehn wrote:
> >>> I'd rather have what you call 'lazy' over nothing.
> >>
> >> Look, I mean no disrespect to Cryptome. But I do think that there ought
> >> to be a warning for users to protect themselves, if they don't want
> >> their access logged by everyone and their little yellow dog.
> >>
> >>> The ideal is all distribution modes available: "Keep the info off the
> >> dark
> >>> web, off the deep web and in the search indexes."
> >>>
> >>> Cryptome shows up on google searches. Your onion does not.
> >>
> >> Well, Cryptome has been around for about 20 years, so hey ;)
> >>
> >> But Google is indexing it. And it shows up well enough in relevant
> >> searches. But I haven't been promoting it very much.
> >>
> >>> -Travis
> >>>
> >>> On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <mirimir at riseup.net> wrote:
> >>>
> >>>> On 10/11/2015 06:20 PM, Travis Biehn wrote:
> >>>>> A billboard doesn't need much 'security.' *shrug*
> >>>>
> >>>> Well, there are the access logs ;)
> >>>>
> >>>> It ought to be an onion service, no? No sure bet, of course, but
> better
> >>>> than nothing. In my opinion.
> >>>>
> >>>> Putting it all on users is awfully lazy, I think.
> >>>>
> >>>>> Travis
> >>>>>
> >>>>> On Sun, Oct 11, 2015, 8:18 PM John Young <jya at pipeline.com> wrote:
> >>>>>
> >>>>>>
> >>>>>>> I would not have expected Cryptome to be on shared hosting ;) But
> >> yes,
> >>>>>>> that would explain it.
> >>>>>>
> >>>>>> Shared is cheap, so are we. Shared is vuln, so are we. So are the
> >> others
> >>>>>> despite credentials and billion-dollar armaments and above all else
> >>>>>> secrecy and shallow oversight. That explains it.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >
> >
> >
>

-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5127 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151011/6f1a5db9/attachment-0002.txt>