New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rule suggestions #8
Comments
Thanks for the post, can't believe I didn't catch bitmessage's eepsite earlier! If you find anymore suggestions, please feel free to add them here or make a pull request :) |
I think it was added recently. According to the admin, it is still experimental, I have found that after sending an email it tries to request from bitmessage.ch instead of bitmessage.i2p. So this rule should fix such problems too |
So I also think that it's not even necessary that the hidden service's owner is the same as the original website. Such situations are generally people supporting the content by mirroring it as hidden service.
|
Thanks for finding these. Kognitionskyrkan has been a tough one to find,
I'll look into these two later today when I get the time. Also, did you edit out two adult links from this post? The email from github had two hidden services you labeled as "adult". Anyway, I wanted to add that I don't think we (Chris and myself) should be in the business of barring rules based on a site's content. We aren't trying to be the morality police, rather just supplying a way to try and keep anonymity for all users. There are sites that we have rules to that I don't think people should go to, but I'm not going to try and make it difficult for them.
Wow, thanks for pointing those out. It's a good thing we have you around, I clearly shouldn't be trusted behind a keyboard ;) Good catch on projectpm not redirecting wiki.* too.
I created the unverified rules just as an incubator of sorts for rules that haven't been verified. Removing the default_off on them is a good idea since a user now has to go out of their way to add those rules, however I don't like the idea that we should just add unverified rules because the "content" is the same or because they aren't that "risky". I think we should strive to only include rules that meet our criteria in the default install rather than rules that might be okay.
I personally don't like this, since it will alter the content the user expects vs what they receive. In that example you cited, what if Geohot changes his personal site and has something a user might want to see? If we link to a mirror (especially the mirror cited in that example) we will be receiving whatever the owner of that hidden service wants to serve, rather than what the user is expecting. Also, what if that hidden service mirror is malicious in any way? I think it's safer to hardline this. Please keep the contributions coming by the way! |
About the adult links, I've by chance found another very similar site with a hidden service, clearly from the same owners, which had sets of almost naked underage children, so I thought better not even add the previous two as to not support them |
That was a good call. As long as it doesn't feature obviously underage Chris Barry On Jun 13, 2014, at 13:46, jutozex notifications@github.com wrote: About the adult links, I've by chance found another very similar site with — |
As an improvement, the proof links could be archived and linked to protect for future. Some services: http://webcitation.org/ https://archive.today/ https://archive.org/web/ |
http://pastebin.com/BF7yJKtY is a 2 year old paste, not technically but logically it is a proof of wtfismyip.xml. Other than that, for current or future rules we can try to get a proof by using the contact options. Maybe they will add a link to the website, or send a gpg signed message to be used as proof of ownership. |
I'd rather rely on a primary source as proof rather than something like a pastebin. I'll be happy to send an email out to the guys at WTF Is My IP. I've reached out to several of the sites already, but only a handful have responded. Hopefully they respond. |
proof of bbseyes: https://twitter.com/bbseyes/status/422416817659707392 But I cannot reach the hidden site. |
If I recall correctly, they were one of the sites that hasn't responded to me... But at least we can verify their site :) |
http://maximaculpa.me/sin/365/ proof of maximaculpa. But the correct address is nsmgu2mglfj7za6s.onion. Actually the first two characters of the address on the rule is missing |
Ah this was a good find, I just pushed it. Thanks! I think I got the current one from one of the hidden wikis. Not that it matters now of course. |
I think the searx addresses are just independent instances of the software, like https://github.com/asciimoo/searx/wiki/Searx-instances |
Heard back from WTF Is My IP, it's confirmed that they host that hidden service, but the site creators expressed that the hidden service is more of a joke. I've attatched the email. As a result of this, I think it's safe to say it should be default off to preserve the intended functionality. That's a good fine about searx, I guess if we can verify that each instance has a hidden service run by the same guys/girls, it's okay to add to the main set of rules. I think I saw one or two that meet our criteria, so I'll add them in a little bit. |
https://searx.gliderswirley.org/ -> qfz67iw4xz7qwfab.onion |
Added, thanks. |
Despite the fact that it is usable as an anonymous mail provider, if their real intention is to rob people's bitcoins, should we delete the newly added Mailtor rule? When I was testing it, I saw the so called wallet functionality but I felt it was a scam. And today I found this reddit: https://www.reddit.com/r/TOR/comments/28hyyj/mailtor_onion_email_and_bitcoin_wallet_scam_2000/ |
As far as I see it, these rules are only here to provide a mapping from clear->hidden service. It's each user's responsibility to make sure they're using services which don't rob them (assuming that reddit poster is not lying). |
Glad you posted that link. I probably wouldn't have seen it until much later, if at all. The possible inclusion of scams is something I've thought about, but haven't written anything about it yet. I think that we should apply the same rules we already have for rulesets, with the addition that if we find confirmation that the site is a scam, we give it a default_off="$REASON" and throw a link to the scam confirmation in EVIDENCE.md. Or we can just leave default_off to continue being what it is, for dead rules and leave scam sites mixed in with regular rules. We aren't out to tell people what we think they should do, even as indirectly as to keep them away from a bad site. This project exists more to catalog as many clear > hidden sites as possible. TL;DR - If Chris likes either of my proposals for how to handle, we'll go down that route. |
Colin: we seem to be agreeing, kinda. I don't really have an opinion about on/off. I just feel it shouldn't be excluded. |
jutozex: how should I cite you in AUTHORS.md ? |
Chris: I don't think they should be excluded either, I am just wondering how we should include them in the default install. There's decent arguments for both sides. I'm leaning more to keeping them default on, since we shouldn't be the ones responsible for the user's actions while using the rules, or responsible for keeping them "protected" from scams and the like. |
No need for citing, this is just a randomly created nickname. But if you want the file to look more crowded :) just add jutozex |
I think we can move the 3 unverified rules to the rules folder (and indymediakeyserver to dead-rules, at least temporarily), I think nobody would oppose this. Considering the content, there is no motivation for anyone to host the hidden service with bad intent for a long time without any warning anywhere on the main website or anywhere else. And I think, including mailtor.xml means we should also move these unverified rules to rules folder. They couldn't make more harm |
By the way, my answer on stackexchange made its way into the Tor Blog :) |
I'm not crazy about moving unverified rules into the main mix, since I really do like having that buffer. Verified doesn't mean "safe to use", but "confirmed to not be a bad actor/actress". Remember, Donald Trump has a "verified" twitter account ;) I understand the point you are making with these three specific services however. I won't stand in the way of these three making it back into the main rules directory. Indymedia's key server is unique because not only is it dead, but it can't be verified thanks to it being dead. So yeah, I think putting it in
Warning, Youtube link of my reaction This is so cool. |
Hi, I have some questions. My questions are:
In order to make sure all of the clearnet to hidden mappings are correct, proper evidence is required. Proper evidence can consist of:
|
If there's a link on the clearnet site, that's enough. What's the address, I will quickly add it. |
You don't have to use all three. Any will be convincing enough Chris Barry On Jun 19, 2014, at 1:00, justsomeguyyouknow notifications@github.com Hi, I have some questions. My questions are: For Evidence In order to make sure all of the clearnet to hidden mappings are correct, A link on the clearnet site. A link on the clearnet site. A tag in the HTML similar to . A signed email from the owner of the site saying it is real. A link on Twitter — |
Cool, I will add these later tonight. Thanks again juto :) On July 17, 2014 5:58:03 PM EDT, jutozex notifications@github.com wrote:
Sent from my Android device with K-9 Mail. Please excuse my brevity. |
for flibusta onion and i2p rules proxy.flibusta.net is another address |
http://blog.coinkite.com/post/92733188841/coinkite-has-an-onion-for-tor wiki.project-pm.org to projectpm.xml |
Mayfirst's Keyserver isn't dead. kavkazcenter needs www s |
http://www.onionindex.com/ |
Okay, should've gotten everything you posted today. Please check my code if you have time! |
Ok. apparently mayfirst keyserver has both zimmerman.mayfirst.org and zimmermann.mayfirst.org. you could add the latter. you created onion-flibusta.xml but there is also a flibusta.xml. the rule regex doesn't include www.proxy.flibusta.net. also there is flibusta.xml for i2p. |
Thanks for the heads up! Will do this tonight when I get some time. On July 25, 2014 3:28:49 PM EDT, jutozex notifications@github.com wrote:
Sent from my Android device with K-9 Mail. Please excuse my brevity. |
Forgot to push a few commits. Everything should be in order, but please correct me if it's not! |
https://ruggedinbox.com/ You can also find at least 2 new securedrop addresses on google. But I'm just wondering if it is ok to redirect these pages because the content isn't exactly the same, I mean a little additional info on clearweb, including the ones currently in xml |
Juto: I'm gonna add Rugged Inbox soon. About the Securedrop instances, I think we should try to add them. It seems like an ideal service to have. Freedom of the Press Foundation keeps a nice list of publicly known instances http://freepress3xxs3hk.onion/securedrop/directory . They even PGP sign the list! The ones that concern me are the ones that have landing pages on non-root domain. |
I'm also for adding Securedrop instances. The content on the clear sites typically is instructions on how to connect to that securedrop instance by downloading the Tor browser and typing in the *.onion address. Interestingly, WildLeaks actually redirects you to the hidden service if they see you connect from Tor, which is why we started adding them. I'm open to discussion on this policy though, on whether we should or shouldn't. |
anonguide.xml |
europa.xml was short-lived. dead |
Adding and fixing these now. Thanks! |
Thanks for your input, welcome to the project! :) I believe this domain was suggested previously in this thread. IIRC, the odd numbered port will not work in the confines in the rule, but I can test it again later today. |
ansoninsiders proof https://anoninsiders.net/about-us/ https://archive.today/3CQkM |
Awesome! Just enabled the rule + added proof. Nice to see you again juto :) |
I'm always around here, happy to watch all the progress. |
Found this, but hidden service is offline at the moment |
Just added it. Thanks for the suggestion! I'll push a new build of the extension later today, so this site (among others that have been added) will be included. |
http://fsaved.raegdan.org/ - fsaved.raegdan.i2p fsavedwtb3oiq6vn.onion https://www.litevault.net/about/hidden-service http://vaultu7dxw5bbg37.onion |
Added! |
encyclopediadramatica.es moved to encyclopediadramatica.se |
onion.city as another tor2web alternative |
hello again, btdigg.org now has a hidden service btdigg63cdjmmmqj.onion |
BTDigg: 248f8cc |
I guess the i2p rule didn't need a fix, the reference already included a dot. These are some recent tor2web alternatives though some might be dead. onion.direct |
I will post any rule suggestions here in future. Anyone else could use here too.
bitmessage.ch -> bitmessage.i2p
The text was updated successfully, but these errors were encountered: