Make Bisq sites reachable via onion address

bisq-network / ops

Bisq ops team code and issues

3 stars 1 forks source link

Make Bisq sites reachable via onion address #5

Open cd2357 opened 4 years ago

cd2357 commented 4 years ago

Make sure all Bisq sites that currently rely on clearnet domains are also reachable via an onion address.

In addition, the sites could advertise the onion address via the Onion-Location HTTP header, which would make Tor Browser users be automatically notified of the onion address, each time they visit a Bisq site.

See https://www.torproject.org/releases/tor-browser-95/ for details and screenshots.

See https://community.torproject.org/onion-services/advanced/onion-location/ for Apache and nginx config examples.

wiz commented 4 years ago

This issue should be transferred to the ops repo.

What domains don't support Tor? mempool.space certainly does, and this is hard-coded in the pull-down combo box as well.

cd2357 commented 4 years ago

Yes, mempool.space is reachable via and advertises its onion address in the HTTP headers (so when accessing mempool.space in Tor Browser, the address bar shows a hint ".onion available").

However all the BIsq doamins listed here (https://github.com/bisq-network/proposals/issues/211#issuecomment-669979112) do not.

Technically, they area reachable via Tor -- but having their own onion address would mean traffic never leaves the Tor network.

This would bring more privacy to users + would make Bisq resilient against DNS vulnerabilities (technical or operational, see https://github.com/bisq-network/proposals/issues/211)

This issue should be transferred to the ops repo.

What's the recommended way to do that? Delete it here and re-add there? Or create new one there, link to this one?

wiz commented 4 years ago

Bisq Websites:

[ ] bisq.network (@m52go) -> ``
[ ] bisq.markets (@wiz) -> ``
[X] bisq.wiki (@wiz) -> s3p666he6q6djb6u3ekjdkmoyd77w63zq6gqf6sde54yg6bdfqukz2qd.onion

Bisq Explorers:

[X] mempool.space/bisq (@wiz) -> mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion
[X] mempool.emzy.de/bisq (@emzy) -> mempool4t6mypeemozyterviq3i5de4kpoua65r3qkn5i3kknu5l2cad.onion
[x] bsq.bisq.cc (@m52go) -> n3qcujnwrr7mivrl2veasitv4dkheiozt7fawrcllscdizkwtmu3j3id.onion
[X] bsq.bisq.services (@devinbileck) -> ydh7aqlup5k27mmlq5c7zmvqzvqxwgveykcf3clcbhhd6qlrjryg3uqd.onion
[ ] bsq.sqrrm.net (@sqrrm)
[ ] bsq.vante.me (@mrosseel)

m52go commented 4 years ago

bsq.bisq.cc

http://n3qcujnwrr7mivrl2veasitv4dkheiozt7fawrcllscdizkwtmu3j3id.onion

devinbileck commented 4 years ago

bsq.bisq.services -> http://ydh7aqlup5k27mmlq5c7zmvqzvqxwgveykcf3clcbhhd6qlrjryg3uqd.onion/

wiz commented 4 years ago

@m52go good work, but you also need to send the onion-location HTTP header like this

% curl -s -i https://bsq.bisq.services | grep -i onion
Onion-Location: http://ydh7aqlup5k27mmlq5c7zmvqzvqxwgveykcf3clcbhhd6qlrjryg3uqd.onion/

wiz commented 4 years ago

https://www.zdnet.com/article/a-mysterious-group-has-hijacked-tor-exit-nodes-to-perform-ssl-stripping-attacks/

m52go commented 4 years ago

you also need to send the onion-location HTTP header

Done.