Suggest Trustworthy Tor Hidden Services as Time Sources for sdwdate

"xy5d2mmnh6zjnroce4yk7njlkyafi7tkrameybxu43rgsg5ywhnelmad.onion#https://web.archive.org/web/20210125035242/https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org"

deleted because its offline.

I have rearranged the https+onion into one place.

1 Like

Forgot to add: (will add later with others after the patch accepted)


worth to add as well:

http://eludemailxhnqzfmxehy3bk5guyhlxbunfyhkcksv4gvx6d3wcf6smad.onion/
https://elude.in/

http://cct5wy6mzgmft24xzw6zeaf55aaqmo6324gjlsghdhbiw5gdaaf4pkad.onion/
https://snopyta.org/

1 Like

Yes.

Great!

Just the top level domain. The redirection doesn’t matter. What sdwdate does is similar to this this:

curl --head domain.onion

If the replay includes the Date: header then all is good.

1 Like

Tiny / anonymous?

1 Like

Removed, since offline:

http://tbrindusxnnqwmzov5qof56hyion6usmciqwykffxqsawswhk73aq5yd.onion # https://web.archive.org/web/20181111114102/https://tbrindus.ca/about/

1 Like

We now have ~ 20 onions per pool. Therefore:

allowed_failures: 7

These are anonymous? Must be non-anonymous as per sdwdate Time Sources Criteria / sdwdate Time Sources Criteria.

Added

I couldnt prove that the clearnet URL is mirrored over that onion.

added

They are fine not much different than others available.

1 Like

Time to re-consider. Which others are similarly tiny / anonymous?

"http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion # https://web.archive.org/web/20201231025809/https://danwin1210.me https://danwin1210.me Danial Services"
"http://ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion # https://web.archive.org/web/20210101193954/https://securityheaders.com/?q=https%3A%2F%2Fctemplar.com%2F&followRedirects=on https://securityheaders.com/?q=https%3A%2F%2Fctemplar.com%2F&followRedirects=on https://ctemplar.com CTemplar Email"
"http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion # https://web.archive.org/web/20210604175753/https://wasabiwallet.io/"
"http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion # https://web.archive.org/web/20210604180328/https://bitcoincore.org/en/2020/03/27/hidden-service/"
"http://potatoynwcg34xyodol6p6hvi5e4xelxdeowsl5t2daxywepub32y7yd.onion # https://web.archive.org/web/20210604185104/https://securityheaders.com/?q=https%3A%2F%2Fgo-beyond.org%2F&followRedirects=on"
"http://45tbhx5prlejzjgn36nqaxqb6qnm73pbohuvqkpxz2zowh57bxqawkid.onion # https://web.archive.org/web/20210604185300/https://www.parckwart.de/"
"http://offprivqqdxfmssktx3y5h3miqvceq6yy37s5sxkhz4mojvsz74ohqid.onion # https://web.archive.org/web/20210604190115/https://www.offensiveprivacy.com/"
"http://s3p666he6q6djb6u3ekjdkmoyd77w63zq6gqf6sde54yg6bdfqukz2qd.onion # https://web.archive.org/web/20210604192102/https://securityheaders.com/?q=bisq.wiki&followRedirects=on"
"http://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion # https://web.archive.org/web/20210607180626/https://keys.openpgp.org/about/faq"
"http://searxspbitokayvkhzhsnljde7rqmn7rvoga6e4waeub3h7ug3nghoad.onion # https://web.archive.org/web/20210525165705/https://searx.space/ https://searx.space"
"http://t3qi4hdmvqo752lhyglhyb5ysoutggsdocmkxhuojfn62ntpcyydwmqd.onion # https://web.archive.org/web/20200904001100/https://torstatus.rueckgr.at/ https://torstatus.rueckgr.at"

and with the two above sources (elude,snopyta)


Another question i want to ask but i dont know well the answer if we look at all the clearnet sources for securedrop we see the main website is https://securedrop.org/directory then /entityname then mirrored over different onion v3 link… The issue i see in here is that all these services based on one side control which is securedrop meaning if time being manipulated we will have all of the onion v3 related to securedrop going to be manipulated which is taking the biggest chunk of sdwdate onion sources.

1 Like

Great list! Giving time for discussion and will review later.

It’s a good point. We do need to rely on on the SecureDrop directory. It’s a useful pointer but not necessarily trusted (as in IT trusted - sometimes you trust because you have to, not because you want to). For example it “gives us a little friendly hint” that ABC news runs a SecureDrop onion". The existence of the ABC news SecureDrop onion however can be verified independently from the SecureDrop directory directly on the ABC news page. SecureDrop - ABC News - would have been better to archive that link.

That link is also from the SecureDrop directory but checking that the top level domain abc.net.au is authentic and the real ABC news is again sufficient for verification. Plus on top if we wanted to have a comprehensive review manual, pointing out the obvious, one would have to review that ABC news is a real thing.

1 Like
1 Like
1 Like

Some of the hidden services are down:

Apr 13 19:17:03 host sdwdate[798]: * stderr: connect error: SOCKSHTTPConnectionPool(host='privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.contrib.socks.SOCKSConnection object at 0x69bb371dd100>: Failed to establish a new connection: 0x04: Host unreachable'))
Apr 13 19:17:03 host sdwdate[798]: * stderr: connect error: SOCKSHTTPConnectionPool(host='3gtoclri7h6xrtjjapfezcerj4dqf3fwfk3jmhrhz25i5pyprmz47gad.onion', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.contrib.socks.SOCKSConnection object at 0x71a75f1ed100>: Failed to establish a new connection: 0x04: Host unreachable'))
Apr 13 19:17:16 host sdwdate[798]: * stderr: connect error: SOCKSHTTPConnectionPool(host='jamie3vkiwibfiwucd6vxijskbhpjdyajmzeor4mc4i7yopvpo4p7cyd.onion', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.contrib.socks.SOCKSConnection object at 0x71bc491d7100>: Failed to establish a new connection: 0x04: Host unreachable'))
Apr 14 18:20:37 host sdwdate[798]: * stderr: connect error: SOCKSHTTPConnectionPool(host='rpzgejae7cxxst5vysqsijblti4duzn3kjsmn43ddi2l3jblhk4a44id.onion', port=80): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.contrib.socks.SOCKSConnection object at 0x69546d2e4100>: Failed to establish a new connection: 0x04: Host unreachable'))
1 Like

I have reviewed the sdwdate onions and cleaned these sources:

"http://ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion # https://web.archive.org/web/20210101193954/https://securityheaders.com/?q=https%3A%2F%2Fctemplar.com%2F&followRedirects=on https://securityheaders.com/?q=https%3A%2F%2Fctemplar.com%2F&followRedirects=on https://ctemplar.com CTemplar Email"
"http://vnchbkzryteygshp53p6zfya7jyrzaugjzmfwtejh4acnaxnm47t2nad.onion # https://web.archive.org/web/20210111095314/https://www.globaleaks."
"http://rpzgejae7cxxst5vysqsijblti4duzn3kjsmn43ddi2l3jblhk4a44id.onion # https://web.archive.org/web/20210607174513/https://wikileaks.org/"
"http://jamie3vkiwibfiwucd6vxijskbhpjdyajmzeor4mc4i7yopvpo4p7cyd.onion # https://web.archive.org/web/20210525161741/https://www.jamieweb.net/blog/onionv3-hidden-service/ jamieweb.net Jamie Scaife"
"http://privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion # https://web.archive.org/web/20210125201322/https://www.privacytools.io/ https://privacytools.io"
"http://ghzqae442wk5pbwqaj4bml4dpyn5dwnggbiszmgu44yu3474iocsffqd.onion # https://web.archive.org/web/20210126150419/https://securityheaders.com/?q=themarkup.org&followRedirects=on https://themarkup.org"
"http://stn5vfgxtewbcpqexolnlk6edfyfgekscqllkyhhmtiujd4splaoo6yd.onion # https://web.archive.org/web/20210126150814/https://securityheaders.com/?q=https%3A%2F%2Fsecurethe.news&followRedirects=on https://securethe.news"
"http://3gtoclri7h6xrtjjapfezcerj4dqf3fwfk3jmhrhz25i5pyprmz47gad.onion # https://web.archive.org/web/20210604164013/https://securedrop.org/directory/irozhlas-cz/"

Note: CTemplar is shutting down end of this month, So yes their onion v3 working now but not worth keeping it and later again deleting it.

1 Like

Thank you! Merged. This is now in the testers repository.

1 Like

Cleaned offline, added new securedrop sources, reorganized securedrop mirrors in alphabetical way similar to their website directory:

1 Like

Very difficult to review because the diff is hard to read. Too many different type of changes are mixed into the same pull request.
Rules for sdwdate time source related git pull requests

Therefore merged and reverted. Then I’ve removed the ones that you suggested since these were down. And then also updated the 1 to TLS where it was suggested. Finally, reviewed the new securedrop onion services.

All done now.

1 Like

Added new mirrors:

  • BBC
  • NYT
  • Archive.ph
1 Like

Merged, thanks!

1 Like
1 Like