Suggest trustworthy, https, stable, busy web servers for sdwdate

[html]

Update:

We are not looking for https servers anymore because we want to switch to onion servers. See also:

https://phabricator.whonix.org/T131

Old blog post for historic purposes below.

TLDR:

What web servers do you consider trustworthy, to take great care of their visitors’ privacy, that are stable and that get great amounts of traffic, and most important, support https (ssl)?

Post in the comments below or in the forums. We need at least 26 more servers.

Full:

Up to Whonix 8, sdwdate used a similar design as Tails does with respect to how it gets the network time.

The old design summary goes like this.

The sdwdate pools used by Whonix are based on stable and reliable webservers that get great amounts of traffic

They are categorized into three different pools according to their members’ relationship to the members in the other pools; any member in a one pool should be unlikely to share logs (or other identifying data), or to agree to send fake time information, with a member from the other pools. The pools are as follows:

– The “pal” pool are run by groups that are likely to take great care of their visitors’ privacy.

– The “foe” pool are managed by adversaries of the “pal” pool.

– The “neutral” pool members have a neutral raltionship to both the “pal” and “foe” pool.

Basically, sdwdate picks three random servers – one from each pool, and then builds the [average (Whonix 8 bug)] [mediate (Whonix 9)] of the three advertised dates.

It has been discussed and concluded by Whonix developers, that contacting neutral and/or foe servers and asking for their opinion what time it currently is, is non-ideal.

In Whonix 9, we want to only connect to servers of the “pal” type for network time.

The purpose of this blog post is to ask Whonix users, to suggest suitable web servers.

What web servers do you consider trustworthy, to take great care of their visitors’ privacy, that are stable and that get great amounts of traffic, and most important, support https (ssl)?

(The whole discussion about network time synchronization in anonymity centric distributions is off topic in this thread, but can be found here [link] and you could open separate threads to discuss other aspects.)

Please post your suggestions in the forums:

https://www.whonix.org/forum/index.php/topic,504

Or in the comments below.

[/html]

(Both are heavily secured server architectures built by high-profile security and privacy advocates/engineers)

What servers do we have so far?

These are suggestions originally taken from Tails’ htpdate config (they are also already in use in Whonix and there is probably no reason to exclude any of them):

boum.org
chavez.indymedia.org
db.debian.org

mail.riseup.net
sarava.org
squat.net
tachanka.org
www.1984.is

www.immerda.ch

Need 24 more servers.

Was hoping for some more echo.

https://wikileaks.org

https://securedrop.theguardian.com
https://safesource.forbes.com

https://lkml.org

https://fsf.org
https://www.kernel.org

https://www.centos.org
https://www.piratenpartei.de

(Borrowed a few from the previous “neutral” list.)

We need at least 9 more servers!

https://www.wauland.de
https://www.ccc.de
https://netzpolitik.org

https://www.noisebridge.net
https://en.bitcoin.it
https://www.calyxinstitute.org

In theory, we need no more servers.

[hr]

More servers wouldn’t hurt, though!

[hr]

git commit:

[hr]

Please review, have a look at the pools.

Good selection :slight_smile:

For testing if servers would be fit for inclusion, you could check then using curl.

If it shows something like this.

HTTP/1.1 200 OK
Date: Wed, 01 Oct 2014 23:17:02 GMT
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 10953
Last-Modified: Mon, 22 Sep 2014 15:53:55 GMT
Content-Type: text/html

Then everything the server could be used in theory.

These were the server selection I had in the latest patch, feel free to add them for more diversity in the pool:

opentechfund.org eff.org fsf.org fsfe.org freedom.press firstlook.org schneier.com debian.org defectivebydesign.org wikileaks.org gnupg.org gpgtools.org

Didn’t see you latest message. I will test and report.

All working here. The interesting thing I noticed when doing this is that the most hardcore of the friendly sites enable strict-transport-security spec of HTTPS.

a small comment on some site choices and you can do what you like,

mitre.org is a non-proft corporation closely related to US government depts: Mitre Corporation - Wikipedia

forbes is in my opinion neutral at best.

[quote=“HulaHoop, post:9, topic:480”]These were the server selection I had in the latest patch, feel free to add them for more diversity in the pool:

opentechfund.org eff.org fsf.org fsfe.org freedom.press firstlook.org schneier.com debian.org defectivebydesign.org wikileaks.org gnupg.org gpgtools.org[/quote]

Some were already in the list. Done.

mitre.org is a non-proft corporation closely related to US government depts: https://en.wikipedia.org/wiki/Mitre_Corporation
So is opentechfund.

A bunch of new good sources mentioned here (securedrop and news sites sources):

1 Like