from the an-onion-site,-not-the-onion-site dept.
In many parts of the world, like North America, using Wikipedia is taken for granted; hell, there are even Twitter accounts to track government employees editing the internet's free encyclopedia while on the clock. But in other places, like Turkey or Syria, using Wikipedia can be difficult, and even dangerous.
For example, Wikipedia is still blocked in Turkey after the government restricted access to the site during a crackdown on dissident elements after a failed coup. Syrian-Palestinian digital activist and Wikipedia editor Bassel Khartabil is believed to have been executed by the Syrian government. To make using Wikipedia safer for at-risk users, former Facebook security engineer Alec Muffett has started an experimental dark net Wikipedia service that gives visitors some strong privacy protections. The project is unofficial; for now, Wikipedia isn't involved.
The service is accessible through the Tor browser, which routes your connection through several "hops" around the world to hide your location from anybody trying to track you. The normal version of Wikipedia is already accessible through Tor, but to get there a user's traffic has to exit the private Tor network, opening them to surveillance at the point where their traffic becomes unencrypted. Instead, Muffett has created what's known as an onion service for Wikipedia on the Tor network. That means your traffic never leaves the safely encrypted confines of Tor, keeping it hidden.
"Onion sites are considered to be about 'anonymity', but really they offer two more features: Discretion (e.g.: your employer or ISP cannot see what you are browsing, not even what site) and trust (if you access facebookcorewwwi.onion you are definitely connected to Facebook, because of the nature of Onion addressing)," Muffett wrote me in an email.
"The code is free and libre," he added. "I am doing it because it's worth doing."
[...] An onion service for Wikipedia has been a point of discussion in the Wikipedia community for a while, but Muffett seems to be the first person to actually create one. He pledged on Twitter to "keep it running for a few days," but with enough community support one could see Wikipedia on Tor becoming permanent.
Related Stories
Wikipedia Zero Discontinued Due to Lack of Adoption and Interest Outside North America and Europe
Wikipedia's zero-rated access program will be discontinued:
In the program's six year tenure, we have partnered with 97 mobile carriers in 72 countries to provide access to Wikipedia to more than 800 million people free of mobile data charges. Since 2016, we have seen a significant drop off in adoption and interest in the program. This may be due, in part, to the rapidly shifting mobile industry, as well as changes in mobile data costs. At this same time, we conducted extensive research [1] [2] to better understand the full spectrum of barriers to accessing and participating in Wikipedia.
One of the critical issues we identified as part of this research was low awareness of Wikipedia outside of North America and Europe. To address this, we experimented with new projects and partnerships to increase awareness of Wikipedia, and we've experienced some initial success in this work. In Iraq, for example, we raised awareness of Wikipedia by more than 30%. In Nigeria, we partnered with Nigerian community members and Nollywood stars to introduce more than 15 million people to Wikipedia and how it works. These successes have given us several ideas for where we may take our partnership work next, and over the coming year, we will explore other ways we can leverage the findings from our research and the Wikipedia Zero program to direct future work with partners.
Also at TechCrunch, Boing Boing, and BetaNews.
Related: Wikipedia's 'Complicated' Relationship with Net Neutrality
A Dark Web Version Of Wikipedia
Wikipedia Ceases Zero-Rating Programme
The Wikimedia Foundation, most well-known for Wikipedia, has participated in zero-rating for long enough to see a massive decline in it being a source of visits. That settles that. So now Wikipedia is turning around and resuming its efforts to instead be available to any visitor.
After careful evaluation, the Wikimedia Foundation has decided to discontinue one of its partnership approaches, the Wikipedia Zero program. Wikipedia Zero was created in 2012 to address one barrier to participating in Wikipedia globally: high mobile data costs. Through the program, we partnered with mobile operators to waive mobile data fees for their customers to freely access Wikipedia on mobile devices. Over the course of this year, no additional Wikipedia Zero partnerships will be formed, and the remaining partnerships with mobile operators will expire.
Source : Building for the future of Wikimedia with a new approach to partnerships
(Score: 1, Informative) by Anonymous Coward on Monday November 27 2017, @10:59AM (3 children)
Wrong. You are definitely connected to someone who has the private key for this address, but you are in no way guaranteed that this is Facebook. First, the person who set up that address may not be in any way associated with Facebook to begin with. You only know the address, you don't know the person behind it. You may have gotten it from the normal Facebook web site, but that may have been MITMd. You may have gotten it from a person you trust, but that person might have been tricked either.
What the onion address somewhat guarantees is that the next time you connect to it, you connect to the very same service as the first time. So if facebookcorewwwi.onion happened to connect you to Facebook the first time, you can be relatively sure that it connects you to Facebook also the next time. Relatively, as this depends on the private key not being compromised. It takes one rogue employee with root access to the server to steal the private key and pass it on. Or, in case the same server handling the onion address is also reachable over the normal network, a security breach of that server can also expose the private onion key to the attacker.
Note also that the very property that makes .onion addresses harder (not impossible!) to compromise also means that if an .onion address is ever compromised, you cannot save it any more. With SSL, you can revoke the certificate, set up a new one, replace the compromised web server with a clean installation, and continue serving from the same address. With .onion, the address is burnt, and the only thing you can do is to get a new address and try to inform everyone not to use that old address any more.
(Score: 2) by c0lo on Monday November 27 2017, @11:35AM
Burnt onion? Ughh...
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Pino P on Monday November 27 2017, @04:12PM
When this story ran on the green site, someone mentioned that DigiCert sells Extended Validation certificates for sites in .onion [digicert.com]. So the typical best practices used with HTTPS would allow the operator of a compromised hidden service to burn only a certificate, not an onion address. This includes use of recent protocol versions, HSTS, OCSP stapling, and (in some cases) key pinning.
(Score: 1) by RedIsNotGreen on Tuesday November 28 2017, @08:45AM
Technically, if you could keep your node operating indefinitely with 100% uptime, you would still maintain control over it. In my testing, I have found that a new service will not knock an existing service offline. Only when the first service goes online can a new one replace it at the same address.
(Score: 0) by Anonymous Coward on Monday November 27 2017, @02:58PM
adarkwebversionofwikipedia.onion?
maybe i am st0pid, but the only *.onion link in the article was ... surprise ... facebook?
(Score: 2) by takyon on Monday November 27 2017, @03:10PM
How about support from the cash-laden-yet-still-e-begging Wikimedia Foundation?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Insightful) by Anonymous Coward on Monday November 27 2017, @04:01PM
By the sound of it, what we're talking about it is a Tor exit node with a built in web proxy, presumably in a country that has a a known positive stance of civil rights. This is really kind of forcing Wikipedia to create its own Tor node, since the proxy will allow for inline content transliteration. What this guy did, is technically referred to as a "man in the middle attack".
While he "may" have positive intentions, how long that will last when his local intelligence agency knocks on his door with a trungeon and German shepard remains to be seen. If the guy understands Tor, then he should understand why this architecture is bad. Proxifying an outbound node probably qualifies as computer trespass in many jurisdictions. Though there is a lot of this kind of hanky panky that goes on on TOR. (read the admins mailing list if you don't believe me) I wouldn't be surprised if 50% of output nodes were doing some janky shit with transient data.
Wikipedia on TOR: Good Idea.
Proxifying Wikipedia from TOR: Bad Idea.
If you aren't running your own node, your exposing your traffic to what this guy is doing. My expectation is that Wikipedia will respond by going TOR natively. It will be interesting to see how TOR scales after that.
(Score: 2, Informative) by Anonymous Coward on Monday November 27 2017, @04:22PM (3 children)
The download for the entire English Wikipedia with thumbnail images is about 60gb and around 16gb without images. I've had offline versions of Wikipedia on my phone for years in order to avoid data costs or when I'm traveling somewhere where data or internet access isn't available.
https://en.wikipedia.org/wiki/Kiwix [wikipedia.org]
(Score: 2) by takyon on Monday November 27 2017, @04:26PM (2 children)
You could probably cut that down a lot if you removed all of the pop culture articles.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Osamabobama on Monday November 27 2017, @05:22PM
You could cut in in half by removing half the articles. The best part is that it doesn't matter which half!
(I acknowledge that articles have varying storage requirements.)
Appended to the end of comments you post. Max: 120 chars.
(Score: 1, Informative) by Anonymous Coward on Monday November 27 2017, @08:53PM
You can choose which articles to include and whether or not they have images/videos associated with them (e.g. images only for medical articles). IIRC you can create a file that has all the articles from a specific Wiki-Project (e.g. Mathematics, Medicine, Geography, etc.).
https://download.kiwix.org/zim/wikipedia/ [kiwix.org]
https://en.wikipedia.org/wiki/Wikipedia:Wikipedia_for_Schools [wikipedia.org]
(Score: 0) by Anonymous Coward on Monday November 27 2017, @05:11PM
Another one of the stories about things that wouldn't be issues if it weren't for the inherently centralised nature of the internet ...