Yeah, if we have enough onion sources and can afford it, a review of that would be good.
Do you think you could add a pull request with the recent two suggested lists?
(Please check no duplicates will be added. Evidence onion is hosted by that clearnet domain. As usual.)
(But no need to add if you can see already that the operator is actually anonymous.)
Indeed but since trust is distributed (picking median of 3 onions) it’s unlikely all of them are malicious. It’s based on chance. As many systems, similar to Tor, we need to assume that most or at least a high percentage is honest and base the design on that.
Example:
pool 0: -1000000000 second(s) (malicious)
pool 1: -1 second(s)
pool 2: -2 seconds(s)
In that case pool 1 wins since it is the media. sdwdate sets clock -1 seconds (+ clock randomization in Whonix). Good.
Example:
pool 0: -1000000000 second(s) (malicious)
pool 1: -2000000000 second(s) (malicious)
pool 2: -2 seconds(s)
In that case pool 0 would win and clock would be set back -1000000000 second(s) but probably actually not not due to safeguard sdwdate Time Replay Protection.
Example:
pool 0: +1000000000 second(s) (malicious)
pool 1: +2000000000 second(s) (malicious)
pool 2: +2 seconds(s)
In that case pool 0 would win and clock would be set forward +1000000000 second(s). Bad but most severe issues are about slow, not fast issues. See also TimeSync: Whonix Time Synchronization Mechanism.
Maybe more pools should be used. Maybe the median of 5 or 6 or so should be used. Design enhancements can be discussed here: sdwdate and sdwdate-gui development thread
For anonymous onions we wouldn’t know location.
And tons of different onions with different content (a forum, a wiki, a mail service) isn’t hard, actually to setup for bigger malicious entities paying a few sysadmins fulltime.