The one thing I don't understand about Tor hidden services is how in heck they could be considered secure without TLS. Like, okay, your identity is secret from the connection itself, but if all your data travels in plaintext over Tor relays, that can't be good, right?
@TheKinrar But the person who submitted the hidden service related code to Mastodon has a guide that tells to disable SSL on Mastodon because it won't work otherwise
@Gargron It's e2e encryped over .onion domains! ( Let me try and find the simple version of it for ya :D )
@gargron no it's encrypted and authenticated
it's only with clearnet through tor that the last exit node sees plaintext, as they have to send it to a normal IP address at the end
but hidden services do not get out of tor, so it's end-to-end encrypted in layers and authenticated by default, between your tor client and the hidden service node
Thanks for the answers everyone! (The connection *is* e2e-encrypted by Tor even though the protocol appears as just "http" as long as it's an onion address)
@Gargron Just done by the tor program instead of the browser itself! bast way to think of it
@Gargron You should also always use an additional, trusted VPN over TOR to avoid malicious exit nodes.
@warburtonstoryaddict You should always use TLS / HTTPS for clear-net destinations (even if your threat-model suggests using a VPN is safe).
@Gargron
@warburtonstoryaddict ...but then the VPN has the plain-text
@meejah I use "HTTPS Everywhere," PIA VPN and if needed, I route that through TOR.
@warburtonstoryaddict So then the VPN knows what sites you're visiting, if I follow what you mean? (i.e. you're routing the VPN traffic over Tor?)
@meejah That is correct. In this threat model I am not concerned about this VPN client as much as I would be about malicious actors targeting TOR users. PIA has a proven track record of keeping no logs. But I also take your point. What model do you use?
@warburtonstoryaddict Why not just use the VPN by itself, then?
(Personally, I just use Tor with only end-to-end encrypted connections)
@meejah I normally just use the VPN but if I wanted to visit certain .onion sites I would use TOR while connected to the VPN, and as you say, I wouldn't use TOR without encrypting my traffic as well (HTTPS Everywhere, etc).
Anything you recommend?
@Gargron
Oh, ok.
*still narrows eyes*
@Gargron that’s the onion in onion routing. The client encrypts the payload to the final destination then adds another layer of encryption for each relay.
As the payload is sent, each relay peels off their layer of enc, and forwards to the next relay
Only the last relay (the hidden service) can read the contents so no need for ssl
@Gargron
They recommend doing SSL but claim it isn't necessarily for onion services https://riseup.net/en/security/network-security/tor/onionservices-best-practices#ssltls-isnt-necessary
@Gargron doesn't tor have encryption built in? I guess it's also useful to draw a distinction between anonymity and privacy/security.
@Gargron of course tor does all the work so the browser thinks there is no transport security and there’s no ssl lock or whatever in the url bar
@xurizaemon @Gargron If tor and the browser are on the same machine it doesn't really matter. I'd say if anything it's more secure as there's no need to trust the normal CA system
Even if it work with https it's close to impossible to have a valid certificate for an onion service. It's why it should be disabled or it will cast browsers errors.
HTTPS help only for one thing on Tor : domain authenticity without having to verify the randomish domain.
@gargron nah hidden services have their own authentication and encryption layer through the tor network, it's just not HTTPS because that would add a redundant layer on top.
@nightpool @gargron yeah, let's consider *why* we have certificate authorities (which are an awful design)... it's because the domain and "what key belongs to that domain" are decoupled
But in tor onion services, they aren't decoupled... they're bundled very directly together. The name of the tor onion service *is* the key. So it goes straight over a secure connection. No CAs needed!
@cwebber tell me chris if I need domains to be secure and distributed, how could human readable names fit into this system??
@nightpool are you trying to get me to say "petnames"?
Because the answer is petnames https://github.com/cwebber/rebooting-the-web-of-trust-spring2018/blob/petnames/draft-documents/making-dids-invisible-with-petnames.md
@nightpool Fun fact: a collaborator of mine, Christopher Allen, was both largely responsible for TLS/SSL design and also was wholeheartedly against certificate authorities (he wanted SPKI/SDSI)
Thus, I like to call him "TLS CA", a name he doesn't like to be referred to as
@clacke SPKI and SDSI were two complimentary standards that were being worked on for how to do key exchange and trust. It hit most of the right points: web of trust, basically you'd exchange certificates through a petnames system, invented the "canonical s-expressions" data format, no central authority model.
Unfortunately it didn't take off; Netscape bundled CAs inside their product to expedite things (despite warning from TLS community) and the CA problems we have stem from that decision.
I'll dive deeper into this at some point. NDN presents the same challenges and it looks like we might be going to make use of it.
@cwebber @nightpool This is really interesting.
I see this paper is a work in progress, but in it, you mention "Our implementation shows the petname itself in the address bar."
Have you a working prototype or is this still WIP?
I'm interested by this subject potential application on .onion addresses!
@Gargron Of course. That's why Tor Browser comes with HTTPS Everywhere.