Let's not keep rehashing the past, it's dead already... (Was: Fishy MegaCorpsArchy)

grarpamp grarpamp at gmail.com
Tue Oct 16 01:35:36 PDT 2018

> "the possibility of change"

Of course, corporations and people can and do change all the time.
Corps, often when bought / sold, or with top level staff changeover.
People, whenever upon some new thought process / info / situation.
And they often change back as well.

> To a good approximation, literally *zero* percent of the organisations
> which will benefit from "Opportunistic Onions" have ever used Onion
> Services until now

And they're not really involved with them under CF plan either.
So they might be missing out on some oppurtunities to
directly learn and participate in some neat things about
tor / philosophies.

> However literally 100% of the websites who can benefit from "Opportunistic
> Onions" are Cloudflare customers by choice, who choose to trust Cloudflare
> with their traffic, and I respect the choices of the website owners to
> select different ways of scaling their services and of keeping their
> systems safe from being DDoS'ed.

Perhaps it is fully informed choices that should be respected.
Not necessarily degress of blind ones presented by want to be
saviours that might trend saying say "Tor bad" to sell product.

> The people who *use* those websites can and should make their feelings
> known to the website owners; but the opinions they feed back should be
> balanced and considered and up-to-date and fair.

> it's amazing what a little engagement and mutual respect will achieve.


> Yes, there is much to criticise of Cloudflare's past approach towards Tor
> (including tweets by the CEO)

Is the suggested accepted gone-ness of that phase now qualified
by its current censorship actions.

> Facebook [...] blocked a large number of Tor exit nodes

> The civil society & reddit communities started commenting at speed, flaming
> for "censorship"

Is it not good that there is now such a global rapid response
awareness and capability forming to tackle censorship,
privacy, human rights, and other abuses by States, Religion,
and Corporations as they happen in real time.

> it apparently caused nothing but vitriol and bad headlines.

Which mistakes are ultimately rightly resolved as oops with
no lasting effect.

At least the capability is excercised peacefully without physical
force, no one dies. Unlike murder and other things by the trio
above, and even just peoples too.

> launching facebookcorewwwi [...] three years later the New York
> Times launched its own onion site.

> without constructive engagement we would
> probably not be where we are today

Right, and the above two stories are wins for both the
sites and users, and many tech toolsets, and philosophy.

However that's still rare, the historical pattern remains...

1) Users of site X notice or want something and say so openly
in constructive engagement, or at least initial friendly query.
2) Site X ignores them, many times because they have no
protocol to even talk with users, no interfacers, it's not in
their biz plan / vision, or manageable, cut expenses, clam up.
3) Users escalate.

Many of us have been deep in enough Site X's to know
that (2) is the hard problem.

There is a curious divide between vision / profit, and users.
Maybe this blockchain thingy enables micro share and
stake holding, and governance, to bridge it. Who knows.

> with Onion SSL Certificates

Not sure that letsencrypt does this yet, if not, they should.

> an official ".onion" top-level domain

Yes Jacob Appelbaum et al's work resulting in RFC7686 was good.

Too bad a number of other efforts got jammed / quit,
because I2P and other overlay networks are a thing now too.

Too bad CJDNS is still improperly overloading upon address space
that IANA has explicitly allocated for other purposes, causing
collisions and general non-interoperability. Least they could
do if they can't get an allocation, or could have done, is camped
on some unallocated, and unlikely to ever be used, space instead.

So there's always things userland [projects] can do better
to play nice. (Well above was mostly technical example.)

> an increasing number of "respectable" onion websites which
> are putting the lie to the "Dark Web" mythos.

Onionland has always been respectable from day one,
only the nonrespectable disrespected it.
And dark web has never been a lie, or a myth,
though perhaps indeed a legendary thing.
Even at its supposed worst maybe driving change
in the face for good.

> Tor, and Onion Networking, is just the "More Secure Web"

Other overlay networks are More Secure Web too.
Unless that too is trademarked and sic'd upon.

> grow it by giving people and companies the opportunities and
> space to engage ... so that they can offer value to others.

Those open spaces exist, things compete in it, so capitalize
above it and win.

> rehashing old debates and historical enmities.

Recounting things can be useful, not because they
note any particular actors in example, but because they
note the sort of things any person or entity might want
to look out for before letting something new, and
similarly afflicted, grow bigger without first being fixed.

Arbitrarily killing speech, when there's [almost] nowhere
left for speakers to speak, is pretty fucking lame.
CF did that, so now others are too, seemingly spurred.
And speech around the world suffers.

Perhaps a fair number here like free speech zones
and social credit scores too. Perhaps they've just not
seen enough postings decrying that to change their
minds otherwise. Perhaps such postings were chilled
and censored.

What seems a big CF onion celebration here could easily
have unanalyzed pitfalls, whether currently, or upon
change of mind later on...

Here's a couple...

a) Analysis / Attack
1) Grand excuse and cover for floating the immense number
of nodes needed on the hashring... very convenient for
analysis and exploit attacks, including by their NSA CIA LE
and / or other unknown partners / researchers.
2) Terminating colossal numbers of circuits
into their AS and or administrative realm for
observation / similar.
3) Even unwittingly creating easy locus for GPA / GAA.

b) Key material
1) Holding onion names hostage in [non] custodial /
contractual form, whether they give subscribers
the [offline] crypto keys, or sell / rent / extort them,
portability, multihoming.
2) Security aganst keytheft breach and subsequent
impersonation of the sites from behind 7 proxies,
phishing, etc. Compensation for site and user losses.

Consideration of (a) alone should chill this party out a bit.

More information about the cypherpunks mailing list