Oniongateway is accessible from clearnet, which means that abuse reports to entry proxy are inevitable. According to experience with onion.gq, malware-related sites are the most harmful sites for such proxies. Somebody puts a masterserver of a botnet to onion and connects from infected machines to the masterserver through onion2web services. One abuse report is sufficient for ISP to suspend a VPS.
Do we force some filtering of sites? Is it a good idea to provide service-global list of bad public domains? (Blacklist of onion sites is useless, because it is easy to make new one.) Implementation would be as follows:
web form to report a domain on each entry_proxy (if opened as IP without Host header)
some of us manually adds bad domains to a GitHub repo
nameserver periodically checks the GitHub repo for updates
entry_proxy checks status of a domain from nameserver using DNSBL-like protocol
Note that this solution is not ideal, it just minimizes harm (suspension of entry nodes). I hope that we will never add a domain to the blacklist, but we have to preserve such option.
This idea is similar to Exit Policy of Tor exit nodes, but it is service-wide. Maybe we implement per-proxy blacklist. This point needs further discussion.
Oniongateway is accessible from clearnet, which means that abuse reports to entry proxy are inevitable. According to experience with onion.gq, malware-related sites are the most harmful sites for such proxies. Somebody puts a masterserver of a botnet to onion and connects from infected machines to the masterserver through onion2web services. One abuse report is sufficient for ISP to suspend a VPS.
Do we force some filtering of sites? Is it a good idea to provide service-global list of bad public domains? (Blacklist of onion sites is useless, because it is easy to make new one.) Implementation would be as follows:
Hostheader)Note that this solution is not ideal, it just minimizes harm (suspension of entry nodes). I hope that we will never add a domain to the blacklist, but we have to preserve such option.
This idea is similar to Exit Policy of Tor exit nodes, but it is service-wide. Maybe we implement per-proxy blacklist. This point needs further discussion.