[Hackmeeting] Tor2web support for HTTPS on .onion

Delete this message

Reply to this message
Author: Giovanni Pellerano
Date:  
To: hackmeeting
Subject: [Hackmeeting] Tor2web support for HTTPS on .onion
Dear all,

We’re happy to announce the release of Tor2web 3.1.30 [1] that includes
support for access to .onion sites over TLS.

Tor2web[2] is HTTP proxy server software used for accessing onion sites.

The Tor2web support for TLS includes the following security features:

- TOFU (Trust on First Use) certificate validation by caching the
fingerprint of the .onion site
- Validation of CN (Common Name) and SANs (Subject Alternative Names)
specified in the certificate of the .onion domain.

As Facebook has recently opened its own onion site [3], we’ve been
coordinating this release with Alec Muffett from Facebook in order to
block access to Facebook by means of the Tor2web proxy. Because Facebook
has a normal website, using Tor2web merely presents an option for users
to hurt themselves. You can see the Facebook block here:
https://facebookcorewwwi.tor2web.org

Current Tor2web conduits are:

- tor2web.org (running 2 out of 3 servers after recent server takedown
due to CryptoWall abuses)
- tor2web.fi by Ahmia (https://ahmia.fi)
- onion.lt
- onion.to (temporally dead after server takedown)
- tor2web.blutmagie.de (expired certificates)

We remind the community that Tor2web yearns for additional operators.

If you want to run a Tor2web conduit or otherwise support Tor2web:
- take a look at our wiki https://github.com/globaleaks/Tor2web-3.0/wiki
- join the tor2web-talk mailing list
http://lists.tor2web.org/mailman/listinfo/tor2web-talk

[1] https://github.com/globaleaks/Tor2web-3.0
[2] https://www.tor2web.org/
[3]
https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs

Giovanni Pellerano - Founding Member
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi