I would be hesitant of using CTemplar’s v3 onion for sdwdate unless we are very desperate. PrivacyTools.IO issues (https://github.com/privacytools/privacytools.io/issues/1642 ) is worth reading. The owner seems rather untrustworthy in my view. Tacit promotion of his service may encourage users to use that service and he is rather manipulable under pressure to say the least. A) good that he is not anonymous, B) bad that he behaves in an unsavory manner.
1 Like
HulaHoop
Split this topic
May 31, 2021, 1:39am
199
2 posts were merged into an existing topic: sdwdate Time Sources Criteria
HulaHoop:
I disagree. Very relevant since we don’t allow services by anonymous operators for liability reasons. I think the opinion of the privacyIO dev is important to re-read here:
The reason being we do not like to provide information which cannot be verified by public sources. We don’t allow anonymous companies to provide services because it involves people trusting an unknown entity with their data that cannot be verified. If the company fails or does something disastrous there is no recourse.
To add CTemplar we would have to relax/remove our trust requirements. If we did this, we’d have all sorts of services recommended (we actually put that requirement in place to ward against people recommending random unknown .onion service email providers).
We won’t be signing any NDAs regarding this, as it would mean we cannot reveal what we learn, and thus puts it on the community to trust us instead of the company they’re doing business with.
That discussion belongs there:
sdwdate Time Sources Criteria - #2 by Patrick
Will quote there.
That belongs here: sdwdate Time Sources Criteria and/or sdwdate and sdwdate-gui development thread .
The above hidden services posted are fine to be added?
1 Like
I coudnt find the evidence that their clearnet website is the one mirrored to the mentioned onion v3 (no headers nor they mention it in their website)
this will redirect to:
http://rpzgejae7cxxst5vysqsijblti4duzn3kjsmn43ddi2l3jblhk4a44id.onion/wlupload.en.html
doesnt effect timing right? and which one to add? cc @Patrick
onion website looks very empty, clearnet without https… i dont feel comfortable adding it. i wont add it unless someone else willing to do that.
All of the above added (Except what i asked question about) plus ddg v3:
http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/v3-onions-for-essential-whonix-defaults-besides-sdwdate/11728/24
1 Like
"xy5d2mmnh6zjnroce4yk7njlkyafi7tkrameybxu43rgsg5ywhnelmad.onion#https://web.archive.org/web/20210125035242/https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org"
deleted because its offline.
I have rearranged the https+onion into one place.
Kicksecure:master
← TNTBOMBOM:patch-4
opened 07:58PM - 04 Jun 21 UTC
http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/s… uggest-trustworthy-tor-hidden-services-as-time-sources-for-sdwdate/856/207
1 Like
Yes.
Great!
Just the top level domain. The redirection doesn’t matter. What sdwdate does is similar to this this:
curl --head domain.onion
If the replay includes the Date:
header then all is good.
1 Like
Patrick:
We have now only ~ 8 onions per pool. From previously ~ 15 onions per pool.
From sdwdate log:
sdwdate - INFO - failed_urls: 1 allowed_failures: 2
Before: allowed_failures: 5
From sdwdate config:
## Allowed percentage of url failures common to every pool.
## If sdwdate frequently stops with "Maximum allowed number of failures" error,
## create a file "/etc/sdwdate.d/50_user.conf" overriding MAX_FAILURE_RATIO
## with a higher figure.
MAX_FAILURE_RATIO=0.34
MAX_FAILURE_RATIO=0.34
is now too low.
We now have ~ 20 onions per pool. Therefore:
committed 08:44PM - 05 Jun 21 UTC
since enough onion v3s available
https://forums.whonix.org/t/suggest-trustworth… y-tor-hidden-services-as-time-sources-for-sdwdate/856/191
allowed_failures: 7
These are anonymous? Must be non-anonymous as per sdwdate Time Sources Criteria / sdwdate Time Sources Criteria .
Added
Kicksecure:master
← TNTBOMBOM:patch-5
opened 06:14PM - 07 Jun 21 UTC
https://forums.whonix.org/t/suggest-trustworthy-tor-hidden-services-as-time-sour… ces-for-sdwdate/856/213
I couldnt prove that the clearnet URL is mirrored over that onion.
added
Patrick:
Tiny / anonymous?
They are fine not much different than others available.
1 Like
Patrick:
Tiny / anonymous?
Time to re-consider. Which others are similarly tiny / anonymous?
"http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion # https://web.archive.org/web/20201231025809/https://danwin1210.me https://danwin1210.me Danial Services"
"http://ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion # https://web.archive.org/web/20210101193954/https://securityheaders.com/?q=https%3A%2F%2Fctemplar.com%2F&followRedirects=on https://securityheaders.com/?q=https%3A%2F%2Fctemplar.com%2F&followRedirects=on https://ctemplar.com CTemplar Email"
"http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion # https://web.archive.org/web/20210604175753/https://wasabiwallet.io/"
"http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion # https://web.archive.org/web/20210604180328/https://bitcoincore.org/en/2020/03/27/hidden-service/"
"http://potatoynwcg34xyodol6p6hvi5e4xelxdeowsl5t2daxywepub32y7yd.onion # https://web.archive.org/web/20210604185104/https://securityheaders.com/?q=https%3A%2F%2Fgo-beyond.org%2F&followRedirects=on"
"http://45tbhx5prlejzjgn36nqaxqb6qnm73pbohuvqkpxz2zowh57bxqawkid.onion # https://web.archive.org/web/20210604185300/https://www.parckwart.de/"
"http://offprivqqdxfmssktx3y5h3miqvceq6yy37s5sxkhz4mojvsz74ohqid.onion # https://web.archive.org/web/20210604190115/https://www.offensiveprivacy.com/"
"http://s3p666he6q6djb6u3ekjdkmoyd77w63zq6gqf6sde54yg6bdfqukz2qd.onion # https://web.archive.org/web/20210604192102/https://securityheaders.com/?q=bisq.wiki&followRedirects=on"
"http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion # https://web.archive.org/web/20210607180626/https://keys.openpgp.org/about/faq"
"http://searxspbitokayvkhzhsnljde7rqmn7rvoga6e4waeub3h7ug3nghoad.onion # https://web.archive.org/web/20210525165705/https://searx.space/ https://searx.space"
"http://t3qi4hdmvqo752lhyglhyb5ysoutggsdocmkxhuojfn62ntpcyydwmqd.onion # https://web.archive.org/web/20200904001100/https://torstatus.rueckgr.at/ https://torstatus.rueckgr.at"
and with the two above sources (elude,snopyta)
Another question i want to ask but i dont know well the answer if we look at all the clearnet sources for securedrop we see the main website is Directory then /entityname then mirrored over different onion v3 link… The issue i see in here is that all these services based on one side control which is securedrop meaning if time being manipulated we will have all of the onion v3 related to securedrop going to be manipulated which is taking the biggest chunk of sdwdate onion sources.
1 Like
Great list! Giving time for discussion and will review later.
It’s a good point. We do need to rely on on the SecureDrop directory. It’s a useful pointer but not necessarily trusted (as in IT trusted - sometimes you trust because you have to, not because you want to). For example it “gives us a little friendly hint” that ABC news runs a SecureDrop onion". The existence of the ABC news SecureDrop onion however can be verified independently from the SecureDrop directory directly on the ABC news page. SecureDrop - ABC News - would have been better to archive that link.
That link is also from the SecureDrop directory but checking that the top level domain abc.net.au
is authentic and the real ABC news is again sufficient for verification. Plus on top if we wanted to have a comprehensive review manual, pointing out the obvious, one would have to review that ABC news is a real thing.
1 Like