search

alecmuffett / real-world-onion-sites

This is a list of substantial, commercial-or-social-good mainstream websites which provide onion services.
1.6k stars 146 forks source link

Internet Archive #52

Closed mitra42 closed 4 years ago

mitra42 commented 4 years ago

HI Alec Could you add Internet Archive's Onion addresses at Onion v2: http://archivecrfip2lpi.onion/ Onion v3: http://archivebyd3rzt3ehjpm4c3bjkyxv3hjleiytnvxcn7x32psn2kxcuid.onion

alecmuffett commented 4 years ago

Hiya! I was chatting with Mark Seiden, earlier. Does the archive publish a proof-page, please?

mitra42 commented 4 years ago

Hi Alec - yes Mark mentioned your name yesterday. I'm new to Tor and not familiar with the concept of proof-pages, can you let me know what we need to do (or point me somewhere).

alecmuffett commented 4 years ago

Examples:

BBC proof page: https://www.bbc.co.uk/news/technology-50150981

NYT proof page: https://open.nytimes.com/https-open-nytimes-com-the-new-york-times-as-a-tor-onion-service-e0d0b67b7482

FB proof page: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237/

It looks like you've gone with Neal Krawetz's solution; last time I checked there were a lot of potential edge-cases that Neal's code:

https://www.hackerfactor.com/src/iaproxy.php.txt

via: https://www.hackerfactor.com/blog/index.php?/archives/750-Freedom-of-Information.html

...might miss or corrupt; but maybe he's improved it since, and/or on the other hand possibly the IA website is consistent enough to avoid these issues. Also previously I've had a reachout from "Bryan Newbold" at IA regarding using my EOTK software (which powers NYT and BBC onions), but he went quiet earlier this year, so I'm presuming that lacking his input is why you've gone with "iaproxy"?

In any case, do please let me know how you get on. :-)

mitra42 commented 4 years ago

So, if I understand correctly, a "proof" page is a page on the non-onion https site that states that the Archive is reachable at a particular onion address, so that people can be confident that the onion address is not compromised by some other party (e.g. stopping the case where I could be someone fraudulent setting up a onion address that then secretly captures browsing logs or doctors data).

If that's a correct understanding I can make that happen.

I don't know all the history, but it looks like Neal did this in January, but it wasn't widely known internally. Mark wasn't aware of it, and Bryan might not have been aware of it (I'll check on Monday).

There may indeed be edge cases in iaproxy, I haven't looked at that in detail yet.

alecmuffett commented 4 years ago

Hiya! I would say your understanding is correct. It's basically an announcement which is placed somewhere that can be reasonably attested to without fakery.

Let's sync up via email: alec.muffett@gmail.com