Hi Whonix devs,
Namecoin dev here. Some of you are probably already familiar with Namecoin. For those of you who aren’t, it’s basically DNS on a blockchain. We were the first project to fork the Bitcoin codebase (back in 2011). We’ve been a part of the C3 Monero Assembly since 34C3.
As you might have heard, the Namecoin and Tor Browser developers are running an experiment with Namecoin integration in Tor Browser. For details on the Tor Browser work, I’d highly recommend taking a look at my 36C3 talk on the subject; a video, slides, and workshop notes are available at 36C3 Summary (along with a very short lightning talk introducing Namecoin). As a quick example, you can download a current official Tor Browser Nightly binary for GNU/Linux [1], run it with the environment variable TOR_ENABLE_NAMECOIN=1
, and visit http://submit.wikileaks.bit/ , which will take you to the WikiLeaks submission system onion service [2].
I’m reaching out to inquire if there’s interest in adding Namecoin to Whonix. Here are some of the potential benefits this could provide:
- Human-meaningful names for onion services, without relying on centralized lookup mechanisms like HTTPS Everywhere. (This is currently the initial focus of the experiment we’re running with the Tor Browser developers.)
- Domain names for non-onion websites that are resistant to censorship e.g. domain name seizures. A single Namecoin domain name can point to both an onion service and an IP address; Tor users will get the onion service (or the IP if no onion service exists); clearnet users will get the IP address; both are resistant to takedowns.
- TLS certificate validation that doesn’t rely on the public CA system. This is relevant for non-onion traffic over Tor, since Tor exit relays are in a good position to do MITM attacks if they can produce a fraudulent certificate. It’s also relevant for onion services with Whonix, since TLS makes onion services more meaningfully end-to-end in a Whonix-style threat model.
There are probably lots of interesting technical aspects to what a potential Namecoin integration in Whonix would look like. I’d definitely be up for discussing those if there’s interest in the general concept. I’m also happy to discuss more high-level questions if you have any. At Patrick’s request, I’ve created a separate thread for technical discussion about how this could be implemented (with this thread reserved for high-level / conceptual discussion), so that “should we implement it” discussion (in this thread) and “how could it be implemented” discussion (in the other thread) don’t distract from each other.
Would this be something that you might be interested in collaborating on?
PS: I also was able to obtain the Namecoin domain name whonix.bit
. I’m happy to donate it to the Whonix developers if you’d like to point it to the Whonix website.
[1] It doesn’t work on Whonix yet; hence part of the motivation for this post.
[2] This is solely for demo purposes at this time; do not submit documents to WikiLeaks using this.
EDIT: Added link to technical discussion thread.