Tor version of this forum

Is there a tor version of this forum (similar to the site - http://privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion/).
If not, are there plans to make one?

Or you using alt-svc approach, like said here?

I have searched for it, but found nothing (sorry if I missed it, though).

5 Likes

4 likes and no answer, so far :cry:

Im afraid only the mods and/or core team can act on this.
@danarel ?
@dngray ?

I also agree that having a Tor version of this site more desirable, at the very least from an ideologic standpoint.

1 Like

It would be trick to make Tor version, Discourse forum needs javascript to function afaik and most anonymity respecting users of Tor won’t enable javascript, and for good reasons that is.

1 Like

I support the idea. It’s true that many Tor users want to keep Javascript disabled but if they want to post here, they have to enable it anyway.

There’s one, minor convenience issue, however: You can set the Tor Browser security slider to “safer” (middle position) to enable Javascript only when HTTPS is used. This protects against malicious Javascript injection by dishonest Tor exit nodes. But most hidden services do not use HTTPS so enabling Javascript on such sites requires leaving the slider to “safe” (the lowest position). Of course, the Tor nodes can’t inject malicious data when browsing hidden services, but with the security slider set to the lowest position, you may not want to browse clearnet sites or other onion sites at the same time.

A possible solution is to use HTTPS on the onion site as well. Facebook does so on their hidden service (https://www.facebookcorewwwi.onion/) and they actually have an Extended Validation certificate so the users can easily see that they are browsing the real Facebook site and not a phishing site.

I think this is a minor issue after all, and I like the idea of having a Tor hidden service address for this forum as well.

On the other hand, some people do not consider Javascript a serious security threat for most users. See this, for example:
https://matt.traudt.xyz/p/SkxEFK1m.html
or if you are using Tor:
http://tv54samlti22655ohq3oaswm64cwf7ulp6wzkjcvdla2hagqcu7uokid.onion/p/SkxEFK1m.html

Now that I look at the Facebook hidden service address, I think that they must have performed quite a lot of number crunching to get an address like that. If one can almost completely fabricate the address (basically, a public cryptographic key), does it also mean that the cryptographic scheme may soon become vulnerable to attack? Tor already supports a longer addressing scheme known as v3 which will be safer.

The alt-svc approach looks interesting too.

2 Likes