@dsfgs I don’t understand what you’re saying here
@realcaseyrollins
#Tor's v2 addresses (ie. the 16-character addresses) for #HiddenServices are being replaced by v3 addresses that are approx 50 characters.
We read a ticket on #Gitlab detailing plans to completely remove support for #HSv2 addresses.
In our view this kills Tor . It means people won't be able to spontaneously write their address to give to others, they'll need to access a device to remember it or have the address on their person.
Seriously questioning #TorProject, right now.
there was always a need for an alternative way to visualise a .onion
even the 16-char addresses are subject to people not remembering/paying attention to if they're exactly correct.
I speak more of the users of an address, than the person who runs a given site.
@msaunders
There is an easy way to tell #TorBrowser to add colour to parts of the address based on additional information in the publicKey with HTML header tags, this would give the #hiddenService operator control over the way the address is presented in the browser.
This stuff is not rocketScience.
#TorProject are dropping the ball. Plans to ditch v2 is a step too far.
@realcaseyrollins
@msaunders @realcaseyrollins
*Some* control we should say, not much.
@dsfgs @realcaseyrollins @msaunders It's very disturbing how early @torproject is killing v2. They're over-reacting to exaggerated risks. Many /stable/ platforms don't advance versions this quickly & #Tor Project is creating instability. I have a separate machine w/Tails just to handle v3 on the side until I can undertake the massive migration task.
@dsfgs @realcaseyrollins @msaunders @torproject Suppose I don't need anonymity as a host, and suppose impersonation isn't in my threat model? Maybe I have an onion address to serve Tor users in a way that doesn't burden the exit nodes, or because I simply don't want the cost of a domain name? I should be able to serve Tor users with v2 address.
@torproject @msaunders @realcaseyrollins @dsfgs Think about users of the physical security app #Haven, where users have to transcribe the onion address from their phone to their desktop. Onion v3 will be hell for those users.
@resist1984
Are v2 Tor addresses really that bad, though? We read a chart that basically implied it would take billions of years to bruteForce solve a v2.
What has happened? Are we now worried about 1billion years into the future?
If its a different encryption type why can't it be 17 or characters, or 15 characters with coloured elements adorning the URL if the webDeveloper wants to show more entropy?
What is…1/2
@resist1984
2/2
What is in the making is an unusable Tor.
Knowing what we do about #astroturf and #artificialImpoverishment there is something ultra suspect here.
Could be why devs had to start hiding behind #Google gates etc. That other silly idea about centralised DNS lookups for #humanChoosable addresses was another warning sign.
Really not impressed.
@torproject @msaunders @realcaseyrollins @dsfgs And it's a big hassle to just get the URL copy/pasted over or to read and trascribe the long-ass thing