Suggest Trustworthy Tor Hidden Services as Time Sources for sdwdate

Development
169

(Curl --head also Not OK)

That is a bug.

ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion: b’Parsing HTTP header date failed.

I am not sure. That might be happening because url_to_unixtime uses http 1.0. ctemplar might require at least http 1.1. The following code is related:

s.send('HEAD / HTTP/1.0\r\n\r\n'.encode())

I didn’t manage to update that to http 1.1. (No, it’s not just about changing the string 1.0 to 1.1. That would be easy. By doing that, many webservers report invalid request.)

So instead of figuring out how to do http 1.0 vs http 1.1 (some servers only support the one or the other), I thought why not use a standard/popular python3 library for the purpose of fetching https headers.

I have now a python3 requests based implementation. Not pushed to git yet but soon. It takes care of:

  • HTTP header fetching
  • HTTP header parsing (we need the Date: field)
  • HTTP 1.0 and HTTP 1.1 compatbility
  • TLS support
  • socks support

That fixes one onion v3 (ctemplar) but breaks two onion v2 using invalid TLS certificates.

pool 2 url ltcpool5brio2gaj.onion: connect error: SOCKSHTTPSConnectionPool(host=‘ltcpool5brio2gaj.onion’, port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)])”))) (Curl --head also Not OK)
Testing the URL Chunk:
[‘cyphdbyhiddenbhs.onion’, ‘wooprzddebtxfhnq.onion’]

pool 2 url cyphdbyhiddenbhs.onion: connect error: SOCKSHTTPSConnectionPool(host=‘cyphdbyhiddenbhs.onion’, port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)])”))) (Curl --head also Not OK)

In past some other onions might have been removed by mistake due to url_to_unixtime lacking HTTP 1.1 support and being unaware that this was the issue.

We could now look which onions have TLS support and add these.

1 Like
170
171
172

I have added:

  • systemli main website
  • security in a box website
1 Like
173

The comment field is wrong. It should contain an archived link to a clearnet website referencing the onion domain. systemli.org does not directly mention its onion domain. https://www.systemli.org/service/onion/ does.

If securityinabox.org has no similar page, please web archive its securityheaders.com output. https://securityheaders.com/?q=securityinabox.org&followRedirects=on contains its onion.

Could you fix that please?

174
175
176

Sure,Done.

1 Like
177

Awesome! Merged.

1 Like
178
179
180
181

There are still a lot of v2 onions referenced in the code for sdwdate purposes. Looks like time is getting short to replace all those with trustworthy v3 onion domains.

Onion Service version 2 deprecation timeline | The Tor Project

Here is our planned deprecation timeline:

  1. September 15th, 2020
    0.4.4.x: Tor will start warning onion service operators and clients that v2 is deprecated and will be obsolete in version 0.4.6.

  2. July 15th, 2021
    0.4.6.x: Tor will no longer support v2 and support will be removed from the code base.

  3. October 15th, 2021
    We will release new Tor client stable versions for all supported series that will disable v2.

2 Likes
182

i will try to communicate with these sources before one month of the last announced date. once new stable tor going to be released we can easily clean all onion v2 left out there.

1 Like
183

With v2 deprecation coming closer, here is a list of suggested links to add to sdwdate.

lpiyu33yusoalp5kh3f4hak2so2sjjvjw5ykyvu2dulzosgvuffq6sad(dot)onion/ # Tech Learning Collective [techlearningcollective(dot)com]
zgphrnyp45suenks3jcscwvc5zllyk3vz4izzw67puwlzabw4wvwufid(dot)onion/ # Onion Search Engine [onionsearchengine(dot)com]
t3qi4hdmvqo752lhyglhyb5ysoutggsdocmkxhuojfn62ntpcyydwmqd(dot)onion/ # TorStatus [torstatus(dot)rueckgr(dot)at]
p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd(dot)onion/ # ProPublica [propublica(dot)org]
metagerv65pwclop2rsfzg4jwowpavpwd6grhhlvdgsswvo6ii4akgyd(dot)onion/ # MetaGer [metager(dot)org]
7fgb4sq435vg7slw3u7m2ayze3imybpe7qm3htdklreoag3l6n2mtkyd(dot)onion/ # Debian Package Tracker [tracker(dot)debian(dot)org] more at onion(dot)debian(dot)org
jamie3vkiwibfiwucd6vxijskbhpjdyajmzeor4mc4i7yopvpo4p7cyd(dot)onion/ # Jamie Scaife [jamieweb(dot)net]
lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd(dot)onion/ # OnionShare [onionshare(dot)org]
qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad(dot)onion/ # Qubes OS [qubes-os(dot)org]
neodomeoye5jx3ydcmm2gap7ggjwn2ofeiabhml6iqgridwa7qkhh5ad(dot)onion/ # Neodome [neodome(dot)net]
xy5d2mmnh6zjnroce4yk7njlkyafi7tkrameybxu43rgsg5ywhnelmad(dot)onion/ # Mailbox(dot)org [port 25 or 993]
tbrindusxnnqwmzov5qof56hyion6usmciqwykffxqsawswhk73aq5yd(dot)onion/ # Tudor Brindus [tbrindus(dot)ca]

Most v2 links are broken and will break soon, so they should be removed from sdwdate as soon as possible.

2 Likes
184

@nurmagoz

Since we’re now getting this in Tor 0.4.5.8 →

[WARN] Warning! You’ve just connected to a v2 onion address. These addresses are deprecated for security reasons, and are no longer supported in Tor. Please encourage the site operator to upgrade. For more information see Onion Service version 2 deprecation timeline | The Tor Project

This reinforces the need to get rid of our v2 onions in sdwdate ASAP. I believe that Tor 0.4.6 will block them completely and that release isn’t too far away (July?).

2 Likes
185

prerequisite knowledge:
sdwdate Time Sources Criteria

Correct me if I am wrong…

Will add the other suggestions.

1 Like
186
1 Like
187

Removed all onion v2s. Links to git soon.

188

This link looks suspicious with its behavior?

http://x6tkjqr46ghqmlqiwyllf5ufg6ciyexsxxfw2copx7cptw4aszq6fdqd.onion

once you open it then it will redirect you to clearnet version.

1 Like