Saturday 21st October 2017I have set up a new Onion v3 Tor Hidden Service for JamieWeb, available at:jamie3vkiwibfiwucd6vxijskbhpjdyajmzeor4mc4i7yopvpo4p7cyd.onionEdit 17th Jan 2018 @ 10:48pm: Now that Onion v3 functionality is in the stable release version of Tor, I have moved over to фото a new Onion v3 hidden service with a vanity address, as seen above. The hidden service that I originally hosted for testing Onion v3 in the alpha builds is: 32zzibxmqi2ybxpqyggwwuwz7a3lbvtzoloti7cxoevyvijexvgsfeid.onion, however this is now offline. You can read my blog post about generating an Onion v3 vanity address using mkp224o here.As of writing this post, you need at least tor-0.3.2.1-alpha (eg: Tor Browser 7.5a5) in order to access the new Onion v3 hidden services.Skip to Section:Tor Onion v3 Hidden Service┣━━ Hidden Service Configuration┣━━ Apache Configuration┣━━ Vanity Addresses┗━━ ConclusionOnion v3 is the new next-generation Tor Onion Services specification. The most noticable change is the increase in address length, however Onion v3 uses better cryptography, ECC (eliptic curve cryptography) rather than RSA, and has an improved hidden service directory protocol.Since this hidden service is running on an alpha build of Tor, I am hosting it on a separate, isolated server. I'm also using a virtual machine for testing the Tor Browser alpha builds, as seen above.Hidden Service ConfigurationIn order to set up an Onion v3 hidden service, you'll have to build Tor from source.Download and verify Tor (standalone) from the Tor downloads page. Below are my verifications for Tor 0.3.2.2 Alpha and Tor Browser 7.5a5 for Linux 64 bit, but always make sure to do your own verifications too:File Name: tor-0.3.2.2-alpha.tar.gzSize: 6 MB (6,257,177 bytes)SHA256: 948f82246370eadf2d52a5d1797fa8966e5238d28de5ec69120407f22d59e774SHA1: ffd6f805fcd7282b8ed3e10343ac705519bdc8f2MD5: 18f95b54ac0ba733bd83c2a2745761a8Link: https://www.torproject.org/dist/tor-0.3.2.2-alpha.tar.gzFile Name: tor-0.3.2.2-alpha.tar.gz.ascSize: 0.8 KB (801 bytes)SHA256: f5a1bb1087814753f1ade3ba16dfaf8cb7a77475cb9b09c91a56bacf42c35d24SHA1: 6fd356bcec3d337bf458c9ad784ab148afcbeb30MD5: a20385bae042b0407737147421e3f426Link: https://www.torproject.org/dist/tor-0.3.2.2-alpha.tar.gz.asc-----BEGIN PGP SIGNATURE-----iQIcBAABAgAGBQJZ0rZPAAoJEGr+5tSekrYBTEUP/1fZxznEkQGwolHbt6+3CRl3fDJF8z/4a17mHj31uggQB5Y9zGZ+rNOAJxFt7tRZe9qpGmQ9+6leHlKKjER37WFn3TiqsipVaCFGM3J8FxCHyk1LbwJi2u9QIflkY5/j0h44DQ+QyI1Z3nTeSeF2gN/OWsyQ9s+xLMfwu8f/VbjVWztKtYNeQuV78pPC9sq+On2VdGo4Lbj4E5jM9RHK9AZ2oQVIBkanDFGNsJSizJX2Oig7OXM7zbxUy0qcjg6cSNXyvsw80GHzPNaws8yf50DsElC6k2OVJW0orY0pGmZ9HXURQ4+gc81E2xoFX13jrOHMEbZQrRI0B05FCFF7+Fb5FLUYNQCSasMiiXayh2uaU3F9cpp9p4cTW9I3Z/BZ75UW+k+ox7S81bE+tpKXW7yUxeHxklYgQhvtt+fKJT7jZW4khD/1sJucjzGCWhdn9PTaRKqhRjd0AiXJYSpg0/bA02SuhiZW+UasTNaQ72aAk6b3+HLc7fsbWYdcEGouxvc8/sADyDoaJd4a6LUNkFzvgfg6q47qgucNgEWqi7St5VChKJ22cU9ydDWJOb0G7iFUNGnFFkPuBGVmDoP+0BXu9NYieLXO8E8SQmN1/hzGCVzR5A3MxLJtfWUppVePNTv2v53BcwOkeTtWxPl7UzNQMOC0zwpmB6vQzFgAMtez=d/lF-----END PGP SIGNATURE-----File Name: tor-browser-linux64-7.5a5_en-US.tar.xzSize: 72 MB (75,076,296 bytes)SHA256: 8cee4cc0f82463da782cf3e7817e0b72507e6b200b5cccd549fe9f7e77d1d90dSHA1: 3e041335e2fa45daeb658ac082eac722322d0a73MD5: 53a696af2bfe7103c7b83d0dd243cd5cLink: https://www.torproject.org/dist/torbrowser/7.5a5/tor-browser-linux64-7.5a5_en-US.tar.xzFile Name: tor-browser-linux64-7.5a5_en-US.tar.xz.ascSize: 0.8 KB (801 bytes)SHA256: f209d9242ca86e6cecebd30611412ffbb8ea489326b74a69244621754a87831cSHA1: 23620d7c03593b94f1303ba642da6d0738755209MD5: 5daf333a90e189a16786d08d3aaf6a19Link: https://www.torproject.org/dist/torbrowser/7.5a5/tor-browser-linux64-7.5a5_en-US.tar.xz.asc-----BEGIN PGP SIGNATURE-----iQIcBAABCgAGBQJZyr7hAAoJENFIP6bDwHE2cPMP/1c5PMjuBRAtipry8v+inadB4S8HpuOFI+vrUoYRo7MadI8KYtrKqtmXK5PWUV7e+bIJW82LBvHZZH7UB52QuX+5v+woiWxf8Y4CzAWqDHicHJ0Ya5sf6aZk7O7RncwhqXJ0hVlk3kG7kfluLwRzGZFzXF4eKZE5HG4BuvB/P9ZYykUqHMzn3r2UW8tjMLhxqyWKF77N+/JQ34Ot9n4WJ2YtPbsj8k0xgF/zwXkD4MJA/PIfRY7x/pGv9ns2lcgKhe3MsJIusn9ckx+Q2mtb6KXvVkjVOKpTZBWuLtezRZv35khji6cTT8oEe2jvAtoib1ZYGyP7y5jwt0l0sRGxVA+li92k3Auu98RIrfJtNeca1pyVWfC0jBZBt9aMClRanwqYOCsc/oFhhNEhbMMiOOGrY/9kr7JUVkme5bt0Qevjt58X3sFjiEG323KbTEgaf5g5GRvnooD+oVkufNNucSBnazON7BrkEWQj1DBGd+Vwu5XpR6ezJlXOfJ67Mh+2f6JTlydZi2F2PAiS1kfkLAqOuib+mHxNogSm6SarDyo1zMWRq4u2Bn0/s5+XmU5uAthWLX11uFdyi9ePy3B9trUZjsMpnTWMoW4MhDiMwGl5RRsYtmVCtcTYgut/Z5bbRe0VUQ+uR1lTSsBkP1sAWedzDWPyb6xyGNMI5kjHOXRI=xzdk-----END PGP SIGNATURE-----Compile Tor with./configure followed by make. On a fresh Ubuntu Server 16.04 system, you'll need to install gcc, libevent-dev, libssl-dev and make.Once compiled, create the directory and file /usr/local/etc/tor/torrc. This is the default configuration file location for Tor when built from source. Sample torrcs are available within the src/config/ directory of your compiled Tor installation.In order to set up an Onion v3 Hidden Service, add the following to your torrc:HiddenServiceDir /desired/path/to/hidden/service/configHiddenServiceVersion 3HiddenServicePort <localport> <server>The HiddenServiceDir can be any folder on your system that Tor will have write access to, although it should be a private area since the keys will be stored here.<localport> is the local port that the hidden service is "listening" on, and the <server> is the server where requests to that port will be forwarded to.For example, you would normally have:HiddenServicePort 80 127.0.0.1...which will forward requests to port 80 onto a local web server that is bound to 127.0.0.1.However, you can also directly forward requests onto another server across the internet. This is not recommended though, as by default the requests will be forwarded unencrypted, which poses a risk of de-anonymization and man-in-the-middle attacks.Important Note: Forwarding requests to a remote server has a major potential to de-anonymize you if done incorrectly. If your own anonymity is important, it's probably better to run a local web server (eg: forward requests to 127.0.0.1). Please refer to the official Tor documentation for more information.You can theoretically host anything behind a hidden service, including a file server, IRC server, email server, etc.You can now run Tor located in src/or/tor. Successful output is as follows:Oct 19 23:58:25.320 [notice] Tor 0.3.2.2-alpha (git-e2a2704f17415d8a) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g, Zlib 1.2.8, Liblzma N/A, and Libzstd N/A.Oct 19 23:58:25.320 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warningOct 19 23:58:25.320 [notice] This version is not a stable Tor release. Expect more bugs than usual.Oct 19 23:58:25.320 [notice] Read configuration file "/usr/local/etc/tor/torrc".Oct 19 23:58:25.326 [notice] Scheduler type KIST has been enabled.Oct 19 23:58:25.326 [notice] Opening Socks listener on 127.0.0.1:9050Oct 19 23:58:25.000 [notice] Bootstrapped 0%: StartingOct 19 23:58:26.000 [notice] Starting with guard context "default"Oct 19 23:58:26.000 [notice] Bootstrapped 80%: Connecting to the Tor networkOct 19 23:58:26.000 [notice] Bootstrapped 85%: Finishing handshake with first hopOct 19 23:58:27.000 [notice] Bootstrapped 90%: Establishing a Tor circuitOct 19 23:58:27.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.Oct 19 23:58:27.000 [notice] Bootstrapped 100%: DoneIf you have errors relating to communication with directory servers, double check the permissions on your hidden service configuration directory. Both the folder and contained files should only be readable and writable by the owner (user that is running Tor):drwx------ 2 tor tor 4096 Oct 20 00:00.drwxr-xr-x 5 tor tor 4096 Oct 19 22:29..-rw------- 1 tor tor 63 Oct 20 00:00 hostname-rw------- 1 tor tor 64 Oct 18 23:29 hs_ed25519_public_key-rw------- 1 tor tor 96 Oct 18 23:29 hs_ed25519_secret_keyIn order to make Tor run at boot, you could set it up as a cronjob or use any other method for starting a program at boot. Don't run Tor as root.The "hostname" file in your hidden service configuration directory contains the hostname for your new Onion v3 hidden service. The other files are your hidden service keys, so it is imperative that these are kept private. If your keys leak, other people can impersonate your hidden service, deeming it compromised, useless and dangerous to visit.Apache ConfigurationConfiguring a local web server for your hidden service is exactly the same as with Onion v2, just make sure that your web server is accessible locally on 127.0.0.1 and everything should work. If your own anonymity is important, make sure that your web server is configured correctly so that it is not going to de-anonymize you.However, in my setup I am using a remote web server as the forwarding destination for the hidden service. To clarify, my Onion v3 hidden service is running on a separate server to the main JamieWeb server, and the hidden service is forwarding requests across the internet to the main server. This involves a small risk of man-in-the-middle attack since the requests are forwarded unencrypted by default, however for this temporary test environment, it should be fine as the risk is minimal (MitM against internet backbone traffic is much more difficult than with standard user endpoints).Important Note: Please read my note above as there is potentially a major risk of de-anonymization when forwarding requests to a remote server.Since I have IP address catch-all virtual hosts set up, the request is blocked by default:403 Forbidden - Direct request to IPv4 address (126.96.36.199) blocked. Please use https://www.jamieweb.net instead.In order to get around this, you can simply create a virtual host with the ServerName value set to the Onion address. In my configuration, I have the following (irrelevant lines removed):<VirtualHost 188.8.131.52:80> ServerName jamie3vkiwibfiwucd6vxijskbhpjdyajmzeor4mc4i7yopvpo4p7cyd.onion</VirtualHost>The request will no longer be blocked, allowing the hidden service to work as normal.Vanity AddressesEdit 7th Jan 2017 @ 12:01am: I have now written an entire blog post about Onion v3 vanity address generation, which you can read here.As with my Onion v2 hidden service, I am very interested in generating a vanity address to use for my site. As of writing this, there are several tools already available for Onion v3 vanity address generation. However, as I did with the Onion v2 address, I am also looking into writing a basic script to perform the cryptography outside of Tor in order to generate addresses automatically. This isn't designed to be a highly efficient program to generate millions of addresses per second, just a basic script that is able to do it faster than a human.The script that I wrote for automatically generating Onion v2 addresses was quite inefficient, but was still able to generate ~5 addresses per second. While something like this isn't going to be able to generate a long vanity address in any reasonable timeframe, it's enough to get a few characters and understand the how the cryptography behind it is working.With Onion v2 and an efficient CPU/GPU vanity address generation program, an 8 character vanity address is realistically achievable with an average home computer running for around a month. Onion v3 addresses are still Base32, but are 56 characters rather than 16, so the search space is significantly larger. I am going to set my Raspberry Pi cluster to work generating an Onion v3 vanity address straight away!I am also interested to see what Facebook are going to do with their Onion v2 hidden service. They are one of the few organisations to have an Extended Validation (EV) SSL certificate for their hidden service, so I wonder if DigiCert will issue a new one to them when/if Facebook upgrades to Onion v3?ConclusionI will be continuing to test the Tor alpha builds with Onion v3. Once they при are in a stable release, I'll move it back over to the main JamieWeb server where it can be hosted alongside the existing Onion v2 hidden service (it is possible to host multiple hidden services with a single Tor instance).Overall I really like Onion v3, it is a well-needed update to the cryptography behind Tor, and hopefully people will adopt it as soon as possible.
Onion адрес - Hydra вы забанены сколько ждать
Illustration by Kevin Zweerink for The New York TimesUpdated: February 12, 2022During the fall of 2021, The New York Times rebuilt it’s existing Onion service, added the “Onions Por Favor” service to the public New York Times website, and issued a new V3 Onion address.As with our previous Onion Service, visitors will not be able to create Times accounts or log in to their existing Times account via the V3 Onion service.The current address for our Onion Service is https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/The Times would like to thank the TOR Project and Alec Muffet for their support during this process.Original post from Oct. 27, 2017:Today we are announcing an experiment in secure communication, and launching an alternative way for people to access our site: we are making the nytimes.com website available as a Tor Onion Service.The New York Times reports on stories all over the world, and our reporting is read by people around the world. Some readers choose to use Tor to access our journalism because they’re technically blocked from accessing our website; or because they worry about local network monitoring; or because they care about online privacy; or simply because that is the method that they prefer.The Times is dedicated to delivering quality, independent journalism, and our engineering team is committed to making sure that readers can access our journalism securely. This is why we are exploring ways to improve the experience of readers who use Tor to access our website.One way we can help is to set up nytimes.com as an Onion Service — making our website accessible via a special, secure and hard-to-block VPN-like “tunnel” through the Tor network.This onion address is accessible only through the Tor network, using special software such as the Tor Browser. Such tools assure our readers that our website can be reached without monitors or blocks, and they provide additional guarantees that readers are connected securely to our website.TechnologyOnion Services exist for other organizations — most notably Facebook and ProPublica, each of which have created custom tooling to support their implementations. Our Onion Service is built using the open-source Enterprise Onion Toolkit (EOTK), which automates much of the configuration and management effort.The New York Times’ Onion Service is both experimental and under development. This means that certain features, such as logins and comments, are disabled until the next phase of our implementation. We will be fine-tuning site performance, so there may be occasional outages while we make improvements to the service. Our goal is to match the features currently available on the main New York Times website.Over time, we plan to share the lessons that we have learned — and will learn — about scaling and running an Onion Service. We welcome constructive feedback and bug reports via email to [email protected], we would like to extend our thanks to Alec Muffett for his assistance in configuring the Enterprise Onion Toolkit for our site.Runa Sandvik was the Director of Information Security at The New York TimesThis post has been updated to reflect the current address for our Onion Service. The previous URL has been deleted.
For customer support inquiries, please submit the following form for the fastest response:
https://protonmail.com/support-formFor all other inquiries:
[email protected] -----BEGIN PGP PUBLIC KEY BLOCK----- Version: OpenPGP.js v4.10.8 Comment: https://openpgpjs.org xjMEX85NMRYJKwYBBAHaRw8BAQdAhwFxKgsFU8QiBZlbUxuzrJIiYgVzM0Av B/IPUTv5YTbNL2NvbnRhY3RAcHJvdG9ubWFpbC5jb20gPGNvbnRhY3RAcHJv dG9ubWFpbC5jb20+wo8EEBYKACAFAl/OTTEGCwkHCAMCBBUICgIEFgIBAAIZ AQIbAwIeAQAhCRCtuTRTXwNhqxYhBA1L6MzXf+0hb7gsI625NFNfA2GrPUUA /1kRWoKzi4VLDxQkQHJme+C2d8Kuj5qGUESG2UdT8oXpAP9Q9Ko9cAFEWXnL Tz5neP+QFezaPyQJ1hzRgXIHbu8QCM44BF/OTTESCisGAQQBl1UBBQEBB0Ac REfc4aE34zZnVQ9MS5S+Xk6xEq53x0gWzY4/TrR4KQMBCAfCeAQYFggACQUC X85NMQIbDAAhCRCtuTRTXwNhqxYhBA1L6MzXf+0hb7gsI625NFNfA2GrIBEA /1rIGinVCXDEHzb7eKKRHnKZP1HLlIneGO2KxXODzEiAAP9dC33bnoXiuKnL xQy1XWSLdMzPNCWeY5buvwrJXl15AQ== =sMlu -----END PGP PUBLIC KEY BLOCK-----You can also Tweet to us: