onion.link is an untrusted, upstream CDN, no? On Sun, Oct 11, 2015 at 10:50 PM, Mirimir <[1]mirimir@riseup.net> wrote: On 10/11/2015 08:31 PM, Travis Biehn wrote: > Your onion or your clearsite? What clearsite? One aspect of the design is that lighttpd runs in a VM that can't see the Internet except through a Tor-gateway VM. > How do you establish that your onion and clearsite host the same content? Running a clearsite just doesn't work for me. It would paint too big a target on the server. Anyone not using Tor can just use <[2]http://dbshmc5frbchaum2.onion.link/>. > How do you federate changes from your onion to your clearsite? > What do you do if your clearsite gets seized and used to serve up TAO > payloads? Don't have a clearsite :) > How do you prevent your upstream from logging the IP addresses that hit > port 80 and 443? The size of those messages (you know the https sizing > attacks which can reveal which particular pages your visitors are on, > right)? Upstream = Tor. And sure, maybe Tor gets hosed. > How do you make your visitors aware of the above and more? How do you > ensure that they saw your message? Look at my front page :) > -Travis > > On Sun, Oct 11, 2015 at 10:15 PM, Mirimir <[3]mirimir@riseup.net> wrote: > >> On 10/11/2015 07:49 PM, Travis Biehn wrote: >>> I'd rather have what you call 'lazy' over nothing. >> >> Look, I mean no disrespect to Cryptome. But I do think that there ought >> to be a warning for users to protect themselves, if they don't want >> their access logged by everyone and their little yellow dog. >> >>> The ideal is all distribution modes available: "Keep the info off the >> dark >>> web, off the deep web and in the search indexes." >>> >>> Cryptome shows up on google searches. Your onion does not. >> >> Well, Cryptome has been around for about 20 years, so hey ;) >> >> But Google is indexing it. And it shows up well enough in relevant >> searches. But I haven't been promoting it very much. >> >>> -Travis >>> >>> On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <[4]mirimir@riseup.net> wrote: >>> >>>> On 10/11/2015 06:20 PM, Travis Biehn wrote: >>>>> A billboard doesn't need much 'security.' *shrug* >>>> >>>> Well, there are the access logs ;) >>>> >>>> It ought to be an onion service, no? No sure bet, of course, but better >>>> than nothing. In my opinion. >>>> >>>> Putting it all on users is awfully lazy, I think. >>>> >>>>> Travis >>>>> >>>>> On Sun, Oct 11, 2015, 8:18 PM John Young <[5]jya@pipeline.com> wrote: >>>>> >>>>>> >>>>>>> I would not have expected Cryptome to be on shared hosting ;) But >> yes, >>>>>>> that would explain it. >>>>>> >>>>>> Shared is cheap, so are we. Shared is vuln, so are we. So are the >> others >>>>>> despite credentials and billion-dollar armaments and above all else >>>>>> secrecy and shallow oversight. That explains it. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >>> >>> >> > > > -- [6]Twitter | [7]LinkedIn | [8]GitHub | [9]TravisBiehn.com | [10]Google Plus References 1. mailto:mirimir@riseup.net 2. http://dbshmc5frbchaum2.onion.link/ 3. mailto:mirimir@riseup.net 4. mailto:mirimir@riseup.net 5. mailto:jya@pipeline.com 6. https://twitter.com/tbiehn 7. http://www.linkedin.com/in/travisbiehn 8. http://github.com/tbiehn 9. http://www.travisbiehn.com/ 10. https://plus.google.com/+TravisBiehn