[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Suggest Trustworthy Tor Hidden Services as Time Sources for sdwdate


#41

@anonymous1:

Right now pool 1 and pool 2 has 27 entries, pool 3 has 26 entries

I found some new addresses here: https://github.com/alecmuffett/onion-sites-that-dont-suck

That is a great list! I guess most of them will be fine.

That brings me to an important releated question. How many onion time sources we want to add at maximum? The more we add, the more we have to maintain and remove later if/when they go down or start time drifting too much.

Let’s include that list https://github.com/alecmuffett/onion-sites-that-dont-suck and then call it enough so we have around ~50 per pool?


#42

There are not really that much new addresses in that list

I think it is not a problem to have too much addresses as it would be an easier decision to get rid of the ones that are not stable or can’t keep the time accurate

For example 344c6kbnjnljjzlz.onion#VFEmail was online today but went offline again, I think there’s no reason to readd this in future, I could change “removed because down” to “removed because down or unstable”

So I don’t think we should even contact the ones with inaccurate time as we don’t need more time sources, however we may readd them if they keep the time correct by themselves


#44

Alright, sounds good!


#45

I added some securedrops and some as incorrect time sources

Is there anything you would like to add from this list?

http://pmwdzvbyvnmwobk5.onion/
http://7vrl523532rjjznj.onion/
https://www.cyphdbyhiddenbhs.onion/
http://expressobutiolem.onion/
http://mail2tor2zyjdctd.onion/
http://decodedsbwzj4nhq.onion/


#46

privacyintyqcroe.onion is 2 seconds ahead, keep it?


#47

22 addresses removed in total due to incorrect time, 2 from pool one, 16 from pool two, 4 from pool three

pool one: 35
pool two: 29
pool three: 29


#48

anonymous1:

privacyintyqcroe.onion is 2 seconds ahead, keep it?

Yes.


#49

anonymous1:

I added some securedrops and some as incorrect time sources

Is there anything you would like to add from this list?

http://pmwdzvbyvnmwobk5.onion/
http://7vrl523532rjjznj.onion/
https://www.cyphdbyhiddenbhs.onion/
http://expressobutiolem.onion/

Yes.

http://mail2tor2zyjdctd.onion/
http://decodedsbwzj4nhq.onion/

No.


#50

Is it a bad idea to increase the chance of torproject or debian’s lists to be chosen? This would mean we trust them a little more than the rest and will make use of their huge list of addresses. I don’t suggest separating the whole list but perhaps keeping them at a preferable percentage by splitting the lists by for example 2 or 3 or 4 or 6 … (they have 48 total) this becomes more reasonable the more the rest of the list grows

But I am not sure if it’s a good idea either


#51

anonymous1:

Is it a bad idea to increase the chance of torproject or debian’s
lists to be chosen? This would mean we trust them a little more than
the rest and will make use of their huge list of addresses. I don’t
suggest separating the whole list but perhaps keeping them at a
preferable percentage by splitting the lists by for example 2 or 3 or
4 or 6 … (they have 48 total) this becomes more reasonable the
more the rest of the list grows

It’s an interesting idea.

Long term, sdwdate is not supposed to be only used inside Whonix. It
would be hard to argue about this.

Even if we trust these organizations more, we do not trust their servers
more. We’d need more information on who has sysadmin access to which
server and how servers are separated. Getting into a rabbit hole from
something simple to something complex.


#52

Securedrop online:

http://rkphrici4u5ffhhm.onion/
http://dqeasamlf3jld2kz.onion/
http://znig4bc5rlwyj4mz.onion/
http://pubdrop4dw6rk3aq.onion/
http://vbmwh445kf3fs2v4.onion/
http://v6gdwmm7ed4oifvd.onion/
http://poulsensqiv6ocq4.onion/
http://33y6fjyhs3phzfjj.onion/
http://strngbxhwyuu37a3.onion/
https://y6xjgkgwj47us5ca.onion/
http://a5gvhrpulvq33b3q.onion/
http://cxoqh6bd23xa6yiz.onion/
http://w5jfqhep2jbypkek.onion/
http://udrciweihl4qe63p.onion/
http://lijbt6ju7m6opkzb.onion/
http://z5hns3zhhne7z6bl.onion/
http://2x2hb5ykeu4qlxqe.onion/
http://hpjw636qnt5avq62.onion/
http://n572ltkg4nld3bsz.onion/
http://ad2ztmbv5vmbj7ic.onion/
http://qn4qfeeslglmwxgb.onion/
http://3expgpdnrrzezf7r.onion/
http://dcdoialeklnkb6fg.onion/
http://gmg7jl25ony5g7ws.onion/
http://6cws3rcwn7aom44r.onion/
http://mz33367mcdrcdi7s.onion/
http://dmys7duszeb2salo.onion/
https://nytimes2tsqtnxek.onion/
http://vgnettwin5lyl4yr.onion/
http://vjd2eo2sqk277thk.onion/
http://z7ruaqxmq4fkhy6c.onion/
http://v26voaj3vzgmrgio.onion/
http://secrdrop5wyphb5x.onion/
https://usatodayw7vu5egc.onion/


#53

Thank you. I added the missing ones but could not find where this one is documented: http://v26voaj3vzgmrgio.onion

https://github.com/anonmos1/sdwdate/blob/patch-1/etc/sdwdate.d/30_default.conf


#54

Your welcome,if it would be helpful there is OnionMail servers,all tested currently online

http://zrwxcayqc4jgggnm.onion/
http://xhfheq5i37waj6qb.onion/
http://wqlc3ny6wcbxy2r7.onion/
http://fwb2cosocslxnvtg.onion/
http://wc2eyfmw7wrwomf4.onion/
http://yermrrzeg4fusqx5.onion/
http://w2wqyssyue7l63q2.onion/
http://5b5yrc7j27i3jc3k.onion/
http://qo2t3b6c7yx5oqju.onion/
http://4ecwfvbvxojjequ4.onion/
http://7w65g63fgumvpuvd.onion/
http://kjzhohqqslrw4bep.onion/
http://ndo2plzaruzxk6sb.onion/
http://z373bxyt6zhmxepx.onion/
http://q6mgy73kurvckv3m.onion/
http://vq664mp4rpdbvxzc.onion/
http://6hgchounjuuwxewa.onion/
http://o7h3nitega2z43ir.onion/
http://p6x47b547s2fkmj3.onion/
http://louhlbgyupgktsw7.onion/
http://f6tch6hxjpazaowz.onion/
http://qqvbgcu6kohbkxbs.onion/
http://ridotnp5m5lp22gw.onion/
http://v7opa5w6rlctoec7.onion/
http://yzi57csfqno6xgwb.onion/
http://flnbsyyqh3vqet5p.onion/
http://ppstttb6wezrcldg.onion/
http://jgzvkisiov642jlc.onion/
http://unteh4oc2fpl57fy.onion/
http://egxwaxpblag22ejo.onion/
http://5dgg7y5viysvvrxf.onion/
http://7hst7dcpypl5tjcp.onion/


#55

And GlobaLeaks

http://w6csjytbrl273che.onion/
http://c4br2yayzdfcfkae.onion/
http://ppdz5djzpo3w5k2z.onion/
http://nfs3m4id5fja3lif.onion/
http://ggakrr2mq5g7kqno.onion/
http://7ahirgevcjj2ghcb.onion/
http://r2h3ge6wj4pyzyyh.onion/
http://toristfgqiroaded.onion
http://x2tzc4z2kdi5io4j.onion/
http://zvldz46bbxqlw4od.onion/
http://ztjn5gcdsqeqzmw4.onion/
http://ybcsqu23dl4zd3r5.onion/
http://rlfaozz3xxpouhig.onion/
http://eohdzt7v4dly7ijk.onion/
http://g5euuxsqph5u4uvm.onion/
http://wolwmr4u66ybehpu.onion/
http://ihds74mnwv3rhx2j.onion/
http://bvhfrslkkdbncdhv.onion/
http://ncpbqjoford6z26r.onion/
http://754hkfmiyumu5xlc.onion/
http://evz2fbu64s3lzhsi.onion/
http://5r4bjnjug3apqdii.onion/
http://acabtd4btrxjjrvr.onion/
http://n4bo6lwplu7y3vht.onion/
http://4ge3uua3uaxuhhaq.onion/
http://fkut2p37apcg6l7f.onion/
http://v6chxguvlk3fhzsk.onion/
http://wcnueib4qrsm544n.onion/
http://grbb6z2a4yob3miv.onion/
http://5karyquenden4d6k.onion/
http://4fluf34prrpdojsr.onion/
http://5r4bjnjug3apqdii.onion/
http://ak2uqfavwgmjrvtu.onion/
http://d66qy67wbml2pz3d.onion/
http://diy7cyqbjh4p5apa.onion/
http://dmq3fzdtkrjslue4.onion/
http://p6vbgbn7ggutkt3i.onion/
http://zjlzbo7y6nd2xbuz.onion/


#56

securedrop, globaleaks and onionmail are all good lists. However, could you weed them out please?

That attack I am concerned about here is anonymously setting up loads of securedrop / globaleaks and/or onionmail services in the hope that we will blindly add all of them to sdwdate.

A good criteria for adding them is if the secure drop host is accountable. For example we could use the usa today secure drop, but not those where we know nothing about the host.


#57

@bmtkn1 Adding to Patrick’s comment please link to a page that shows the clearnet addresses of the securedrop instances so we know that there is a connection with a trusted organization rather than someone randomly spinning up VMs.

@anonymous1 Great work but IMO we should keep the 20+ servers removed or move them to a list of their own to decrease their weighting in the time pool. When averaging with the output of other servers it should dilute the difference. 2 seconds is not much however we need every trusted onion server we can get.

Whonix needs a correct clock within 30 mins of the right time to access onion servers.


#58

which 20+ servers do you mean? the ones that have incorrect times? they are all disabled already

the highest time difference should be 2 seconds with most of them correct or 1 second off

the final balance is 37-30-30 not counting inside the lists

it was 14-9-23 with many having inaccurate time from pool 2


#59

Right now there are 2 duplicates in pool 2 that is currently in use, any fix for that until Whonix 14?

5r4bjnjug3apqdii.onion#Irpileaks
5r4bjnjug3apqdii.onion#ExpoLeaks

w6csjytbrl273che.onion#Ljost
w6csjytbrl273che.onion#Filtrala

Not to mention these last two are 2 minutes ahead

toristinkirir4xj.onion from current pool 3 is 6 hours ahead!


#60

Every address in sdwdate can now be traced back to clearnet, that should be the default from now on

https://github.com/anonmos1/sdwdate/commit/607ff2d7e81dbb5d8fa663bec1f93c8b6382df44


#61

this will be my final major list, please choose

good time:
dashorg64cjvj4s3.onion https://www.dash.org/news/dash-security-privacy-paper-version-0-1-7/
coinpaymtstgtibr.onion https://www.coinpayments.net
bitlox2twvzwbzpk.onion https://bitlox.io
ltcpool5brio2gaj.onion https://www.litecoinpool.org/help
diasporaaqmjixh5.onion https://www.joindiaspora.com
pgpkeysximvxiazm.onion https://pgpkeys.urown.net
4qt45wbulqipigwa.onion https://keyringer.pw
cwu7eglxcabwttzf.onion https://www.confidantmail.org
2wir2p7ibeu72jk3.onion http://www.govpn.info/Contacts.html
bptfp7py2wclht26.onion https://torbsd.github.io
qssio5fppcrojdh3.onion https://lists.mayfirst.org/pipermail/guardian-dev/2013-September/002547.html
5i3gqg3jz7zs6x62.onion https://cryptopartyutah.org
rvy6qmlqfstv6rlz.onion https://www.c3d2.de/news/20160106-c3d2-as-onionservice.html
bskoid4l5redrw5m.onion https://smuxi.im https://twitter.com/smuxi/status/683662312469835776
pgp7fqno3yks7mc4.onion https://pgp.ohai.su (https://sks-keyservers.net/status/info/pgp.ohai.su)
obrrsrw6b3rjuibx.onion http://sks.srv.dumain.com (https://sks-keyservers.net/status/info/sks.srv.dumain.com)
nfkrkvghv75xsf26.onion http://ams.sks.heypete.com (https://sks-keyservers.net/status/info/ams.sks.heypete.com)
tsc64wi45alh6rkq.onion https://vanunu.calyxinstitute.org (https://sks-keyservers.net/status/info/vanunu.calyxinstitute.org)
wooprzddebtxfhnq.onion https://keys.void.gr (https://sks-keyservers.net/status/info/keys.void.gr)
xogxzfyhwmgfvmlr.onion http://keyserver.c3l.lu (https://sks-keyservers.net/status/info/keyserver.c3l.lu)
47hbff4rtpwfpwlr.onion http://keyserver.siccegge.de (https://sks-keyservers.net/status/info/keyserver.siccegge.de)
kbbqa63mo7cchzut.onion http://sks.bonus-communis.eu (https://sks-keyservers.net/status/info/sks.bonus-communis.eu)
ai3dvhjytrgice5h.onion https://sks.daylightpirates.org (https://sks-keyservers.net/status/info/sks.daylightpirates.org)
nhzgrlwhukwtajz4.onion http://sks.fidocon.de (https://sks-keyservers.net/status/info/sks.fidocon.de)
abde3fpmser424cm.onion http://keys.andreas-puls.de (https://sks-keyservers.net/status/info/keys.andreas-puls.de)
oxicsiwet42jw4h4.onion https://bitmai.la
tetatl6umgbmtv27.onion https://kiset.org
giyvshdnojeivkom.onion https://securejabber.me
2gjauyaf7m5qaefl.onion https://s3z.me/faq

2h3xkc7wmxthijqb.onion https://www.privacyfoundation.ch/de/kontakt.html
6nv3ix7omzrty6cm.onion https://kire.ch/kontakt.html
qcdbc7vspedojrr7.onion https://www.digitale-gesellschaft.ch/uber-uns/

sfuulriypdms4mnl.onion https://keyserver.vsund.de https://lists.nongnu.org/archive/html/sks-devel/2016-05/msg00009.html
vsund3pngvvsniz4.onion https://vsund.de

pt2iydrrm6jco65i.onion https://keyserver.metalgamer.eu https://metalgamer.eu/services/
n7aghf7pvnf6lzbi.onion https://metalgamer.eu https://metalgamer.eu/services/
vbzxwyz7552ixqsw.onion https://paste.metalgamer.eu https://metalgamer.eu/services/
7foxdbidl3agaalj.onion https://metalgamer.eu/services/

couldn’t find proof for these:
cmoqohtgyilgec7y.onion https://cryptoparty.at
p5ckdxdgdrcys5vg.onion https://list.hackmanhattan.com
bptimju5re5m2o7u.onion


bad time (to be added as disabled):
3tmaadslguc72xc2.onion Website Fingerprinting Defenses https://www.esat.kuleuven.be/cosic/?p=6743 https://petsymposium.org/2017/papers/issue2/paper54-2017-2-source.pdf
jvauzb4sb3bwlsnc.onion https://www.privoxy.org
writeas7pm7rcdqg.onion https://write.as/privacy
firstvpnaamcctvo.onion https://www.1vpns.com/news/view/id/81
psii2pdloxelodts.onion https://i2p.rocks
squirrelzarhffxz.onion http://multiphasicapps.net
o4wwol2kcqzwszjz.onion https://keys.nerds.lu https://fratercu.la
jabberthelv5p7qv.onion https://www.kjabber.de/onion.htm
keys2zvsn7kj7ly3.onion https://keyserver.ntzwrk.org https://sks-keyservers.net/status/info/keyserver.ntzwrk.org

couldn’t find proof:
gac5e64yd3rsdk5n.onion https://otr.im