from the fewer-information-'leeks'-have-a-'peel' dept.
0.3.2.x alpha releases of Tor support version 3 of the Tor Rendezvous Specification (onion services protocol):
We are hyped to present the next generation of onion services! We've been working on this project non-stop for the past 4 years and we officially launched it two weeks ago by publishing our first alpha releases.
The new addresses will be longer and harder to discover:
The Tor team has been working on the new onion technology for the past four years, which aims to increase the anonymity level for onion services. In the legacy onion system the network itself could be leveraged to learn about the onion addresses that were using it.
With the new onion system, the onion services are completely private. Only you, the owner of the onion, and those to whom you will disclose the address, will know about your onion service' address. Nobody outside of their tight private groups could discover certain onion addresses, unless one of the group members disclosed it to others.
Websites such as Facebook, ProPublica, and The New York Times will likely want their address to be known to the whole public, so this benefit will not apply to them.
The legacy addresses will continue to be supported for years, depending on how fast the community adopts the new addresses.
Yesterday: Critical Tor Flaw Leaks Users' Real IP Address
Related Stories
Submitted via IRC for SoyCow1984
TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common https:// and http:// address prefixes. When the Tor browser for macOS and Linux is in the process of opening such an address, "the operating system may directly connect to the remote host, bypassing Tor Browser," according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers.
On Friday, members of the Tor Project issued a temporary work-around that plugs that IP leak. Until the final fix is in place, updated versions of the browser may not behave properly when navigating to file:// addresses. They said both the Windows versions of Tor, Tails, and the sandboxed Tor browser that's in alpha testing aren't vulnerable.
(Score: 2, Interesting) by DannyB on Wednesday November 08 2017, @03:16PM (5 children)
This will allow illegal websites, and I know we all hate those, I mean, I get calls as the white house every day with people asking me to do something about this. But illegal websites such as Sci Hub, we need to do something about these, before the dis semination of information destroys our country, and the Chinese are able to take over. Let me explain it to you. I don't want a new Tor Onion service to be able to hide bad things, from bad people, on all sides. Many, many sides. This will become a platform for fake news, and I'm telling you the fake news has conspired against me and my party to spread disinformation and lies, and I mean really fake news, not real at all. Trust me. I'm talking about things that we should sue them for. Or revoke their license to be on the internet or own photo copiers. It will be terrible if we allow anonymous internet sites to poison the minds of our people. I will do everything, and I mean about Onions, everything that I can do to put a stop to Tore Routers and stuff. I promise. I mean, they spread lies that I am obstructing justice. I'm not trying to obstruct justice, I'm just trying to put a stop to it! And believe me, I know all about Onion services. This will be bad. Other countries don't have Tore and Onions, and so why should we. Very bad for our country. It's all a fake scheme created by the Chinese. Sad. Very bad. Terrible.
What doesn't kill me makes me weaker for next time.
(Score: 3, Funny) by Thexalon on Wednesday November 08 2017, @04:14PM (4 children)
^ It looks to me like realDonaldTrump just posted under the wrong account!
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 3, Informative) by DannyB on Wednesday November 08 2017, @04:19PM (3 children)
I can only wish I had thought of the realDonaldTrump account first. So while I may look like it, sorry, nope.
What doesn't kill me makes me weaker for next time.
(Score: 5, Informative) by realDonaldTrump on Wednesday November 08 2017, @05:29PM
Believe me, you don't want to be using my name without my permission. The Chinese did that, they were making Trump toilets and everything. Terrible toilets, not even gold. Although in China, they were the best. That's the best they had in China. But they used my name without asking. Without paying. I sued them and I won. Big time. I always, always sue and I always, always win.
(Score: 0) by Anonymous Coward on Wednesday November 08 2017, @06:17PM (1 child)
Hahaha, yeaaaah uh huuuuuuh
(Score: 2) by JNCF on Thursday November 09 2017, @12:40AM
I had the same thought as Thexalon at the beginning of that post, but by the end of it I had decided that DannyB is a different author than realDonaldTrump. The write very different, considering that they're parodying the same speaker. There is a specific user that I suspect may be realDonaldTrump, but I wouldn't bet money on it, and even if I knew who it was I wouldn't doxx them.
(Score: 0) by Anonymous Coward on Thursday November 09 2017, @12:48AM (2 children)
At 16 characters (not counting the ".onion" part), the current onion addresses can easily be written down and passed from one person to another or written on a wall.
With these new addresses, that becomes a much less attractive avenue.
How will people share addresses after this goes live?
(Score: 2) by takyon on Thursday November 09 2017, @01:15AM
Legacy addresses will be supported for years.
Your willingness to write down super long v3 addresses will be proportional to your desire for anonymous services. You could also use less secure methods of sharing them, such as passing around a USB drive or taking a picture of a poster with the address on it (QR code with .onion address?).
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by maxwell demon on Thursday November 09 2017, @07:32AM
I know. We need a DNS for .onion addresses! ;-)
The Tao of math: The numbers you can count are not the real numbers.