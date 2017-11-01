from the an-onion-site,-not-the-onion-site dept.
In many parts of the world, like North America, using Wikipedia is taken for granted; hell, there are even Twitter accounts to track government employees editing the internet's free encyclopedia while on the clock. But in other places, like Turkey or Syria, using Wikipedia can be difficult, and even dangerous.
For example, Wikipedia is still blocked in Turkey after the government restricted access to the site during a crackdown on dissident elements after a failed coup. Syrian-Palestinian digital activist and Wikipedia editor Bassel Khartabil is believed to have been executed by the Syrian government. To make using Wikipedia safer for at-risk users, former Facebook security engineer Alec Muffett has started an experimental dark net Wikipedia service that gives visitors some strong privacy protections. The project is unofficial; for now, Wikipedia isn't involved.
The service is accessible through the Tor browser, which routes your connection through several "hops" around the world to hide your location from anybody trying to track you. The normal version of Wikipedia is already accessible through Tor, but to get there a user's traffic has to exit the private Tor network, opening them to surveillance at the point where their traffic becomes unencrypted. Instead, Muffett has created what's known as an onion service for Wikipedia on the Tor network. That means your traffic never leaves the safely encrypted confines of Tor, keeping it hidden.
"Onion sites are considered to be about 'anonymity', but really they offer two more features: Discretion (e.g.: your employer or ISP cannot see what you are browsing, not even what site) and trust (if you access facebookcorewwwi.onion you are definitely connected to Facebook, because of the nature of Onion addressing)," Muffett wrote me in an email.
"The code is free and libre," he added. "I am doing it because it's worth doing."
[...] An onion service for Wikipedia has been a point of discussion in the Wikipedia community for a while, but Muffett seems to be the first person to actually create one. He pledged on Twitter to "keep it running for a few days," but with enough community support one could see Wikipedia on Tor becoming permanent.
(Score: 0) by Anonymous Coward on Monday November 27, @10:59AM
Wrong. You are definitely connected to someone who has the private key for this address, but you are in no way guaranteed that this is Facebook. First, the person who set up that address may not be in any way associated with Facebook to begin with. You only know the address, you don't know the person behind it. You may have gotten it from the normal Facebook web site, but that may have been MITMd. You may have gotten it from a person you trust, but that person might have been tricked either.
What the onion address somewhat guarantees is that the next time you connect to it, you connect to the very same service as the first time. So if facebookcorewwwi.onion happened to connect you to Facebook the first time, you can be relatively sure that it connects you to Facebook also the next time. Relatively, as this depends on the private key not being compromised. It takes one rogue employee with root access to the server to steal the private key and pass it on. Or, in case the same server handling the onion address is also reachable over the normal network, a security breach of that server can also expose the private onion key to the attacker.
Note also that the very property that makes .onion addresses harder (not impossible!) to compromise also means that if an .onion address is ever compromised, you cannot save it any more. With SSL, you can revoke the certificate, set up a new one, replace the compromised web server with a clean installation, and continue serving from the same address. With .onion, the address is burnt, and the only thing you can do is to get a new address and try to inform everyone not to use that old address any more.
