Opened 5 years ago

Closed 3 years ago

#14026 closed project (fixed)

torproject.org as a hidden service

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Accessing torproject.org through exit nodes is not good. Replace it with hidden service for TBB. Of course, HTTPS over TOR (as Facebook have done) to make use of PKI to verify that it is torproject's site, not John Doe's site.

To prevent attack with registering .onion address by provider just hardcode into TB that .onion addresses MUST be downloaded through proxy. Don't forget about third-party proxy addons, such as FoxyProxy (used in TAILS), make sure that this wouldn't have broken them.

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by cypherpunks

Just for reference:

#13829 onion address for website and trac
#11567 Torproject website hidden services not reachable
#11518 Renew Tor website hidden service keys
#11758 Torproject website hidden service

comment:2 Changed 4 years ago by syndikal

Component: Tor BrowserTor Sysadmin Team
Type: defectproject
Version 0, edited 4 years ago by syndikal (next)

comment:3 Changed 4 years ago by kernelcorn

I would be happy to assist if there is interest in claiming torproject.tor or similar domains on OnioNS.

comment:4 Changed 3 years ago by weasel

Resolution: fixed
Severity: Normal
Status: newclosed
Note: See TracTickets for help on using tickets.