Dear all,
We’re happy to announce the release of Tor2web 3.1.30 [1] that includes
support for access to .onion sites over TLS.
Tor2web[2] is HTTP proxy server software used for accessing onion sites.
The Tor2web support for TLS includes the following security features:
- TOFU (Trust on First Use) certificate validation by caching the
fingerprint of the .onion site
- Validation of CN (Common Name) and SANs (Subject Alternative Names)
specified in the certificate of the .onion domain.
As Facebook has recently opened its own onion site [3], we’ve been
coordinating this release with Alec Muffett from Facebook in order to
block access to Facebook by means of the Tor2web proxy. Because Facebook
has a normal website, using Tor2web merely presents an option for users
to hurt themselves. You can see the Facebook block here:
https://facebookcorewwwi.tor2web.org
Current Tor2web conduits are:
- tor2web.org (running 2 out of 3 servers after recent server takedown
due to CryptoWall abuses)
- tor2web.fi by Ahmia (
https://ahmia.fi)
- onion.lt
- onion.to (temporally dead after server takedown)
- tor2web.blutmagie.de (expired certificates)
We remind the community that Tor2web yearns for additional operators.
If you want to run a Tor2web conduit or otherwise support Tor2web:
- take a look at our wiki
https://github.com/globaleaks/Tor2web-3.0/wiki
- join the tor2web-talk mailing list
http://lists.tor2web.org/mailman/listinfo/tor2web-talk
[1]
https://github.com/globaleaks/Tor2web-3.0
[2]
https://www.tor2web.org/
[3]
https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs
Giovanni Pellerano - Founding Member
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org -
https://globaleaks.org -
https://tor2web.org -
https://ahmia.fi