from Hacker News

Why offer an Onion Address rather than just encourage browsing-over-Tor?

by kettunen on 3/10/22, 7:32 AM with 130 comments

  • by bauruine on 3/10/22, 8:28 AM

    If you are running an onion service but don't need to hide the server IP, like you do if you also provide clearnet access to the same server, you should enable single hop mode [0] to reduce the load on the Tor network and also speed up the connections. This way your server directly connects the introduction and rendezvous points while the client still stays anonymous with a 3 hop circuit.

    [0]: Search for HiddenServiceSingleHopMode on https://2019.www.torproject.org/docs/tor-manual.html.en or just use the following config options

    SOCKSPort 0

    HiddenServiceNonAnonymousMode 1

    HiddenServiceSingleHopMode 1

  • by nextaccountic on 3/10/22, 7:51 AM

    > Using onion services mitigates attacks that can be executed by possibly-malicious “Tor Exit Nodes” — which, though rare, are not nonexistent

    Is there any evidence that the majority of exit nodes aren't malicious? There's only 300 or so in the US, 300 or so in Germany, and in other countries even less. What would it take for three letter agencies to compromise most of it?

    I mean, suppose all of the existing nodes weren't malicious. Could a government agency plausibly run 1000 exit nodes in a way that doesn't give away they are government-run? This would make the majority of exit nodes malicious.

  • by p4bl0 on 3/10/22, 2:08 PM

    It is possible to advertise your .onion address and offer automatic redirect to it for Tor Browser users using the "Onion-Location" HTTP header. Example with my personal home page:

        $ curl -I https://pablo.rauzy.name/
    HTTP/1.1 200 OK
    Server: nginx/1.14.2
    Date: Thu, 10 Mar 2022 14:04:44 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 2843
    Last-Modified: Sun, 23 Jan 2022 22:21:41 GMT
    Connection: keep-alive
    Onion-Location: http://c2fk5i7jqn7am7nfo7eb7hwrkclyj3jj4qcwgdh6ievp7v5ie4gd3mid.onion/
    It would be interesting to try to see if the Tor Browser has a TOFU policy and warn its user if the onion address change after they visited the site once.

    If it is the case then you combine the ease of access of typing a normal domain name and the Onion security through an HSTS equivalent mechanism.

  • by linuxandrew on 3/10/22, 9:09 AM

    I think the avoiding exit nodes part is probably the most important to me. Exit nodes have always been problematic - from memory about 20% of relays have an exit flag but most of the traffic is directed to the most performant relays. Tor actively discourages using the network for file sharing because of the exit node bottleneck.

    I think there are probably some uses of the Tor network that aren't fully realised yet - file sharing (something similar to I2P) which avoids the exit node using onion addressing and chat applications (like Briar which uses onion addresses, or Secure Scuttlebutt).

    As for web traffic, it is nice to offer an onion address. I wonder if websites could offer an "upgrade" to onion addresses, similar to how IPFS does?

  • by nonrandomstring on 3/10/22, 9:08 AM

    I think some comments here are misunderstanding the intent of the article. For those saying TLS already solves... it is not advocating Tor as a replacement for transport layer security, indeed most Tor users also use TLS (and site certs) with little overhead.

    No, the article is asking how you could, as a website owner, make things easier on Tor users and yourself! It starts with the assumption that you care, and want to help users who require better privacy.

    It answers, though not in detail, the many HN readers who invariably post replies concerning Tor that "All my abuse comes through Tor".

    Creating an .onion address mitigates that significantly.

  • by noname120 on 3/10/22, 8:23 AM

    This article beats around the bush but never explains why Onion addresses solve these issues.

    From Wikipedia:

    > Addresses in the onion TLD are […] automatically generated based on a public key when an onion service is configured.

    > 256-bit ed25519 public key along with a version number and a checksum of the key and version number

    That's all you need to know.

  • by shp0ngle on 3/10/22, 8:50 AM

    > The first benefits are authenticity and availability: if you are running Tor Browser and if you click/type in exactly the proper Onion address, you are guaranteed to be connected to what you expect — or not at all.

    What? Writing raw onion addresses is like writing raw IPv6 addresses. Nobody can remember then and check them.

    What is easier

    > https://nytimes.com

    or

    > ej3kv4ebuugcmuwxctx5ic7zxh73rnxt42soi3tdneu2c2em55thufqd.onion

  • by Sami_Lehtinen on 3/10/22, 2:26 PM

    > “.onion” address demands that the person is using a TorBrowser

    Actually this is not true. Tor runs as SOCKS5 proxy, and you can use any browser or application with it.

  • by bawolff on 3/10/22, 9:08 AM

    I think the only legit reason (assuming your clearnet site is using HSTS) is that .onion site reduces the risks of users screwing up. And i suppose better performance if you don't have to use exit bandwidth (i would guess, dont actually know)

    Users are bad at security. If they fail to set up tor, .onion links don't work, so it acts as a barrier against users shooting themselves in the foot.

    This is counterbalanced by higher phishing risks.

  • by JulianMorrison on 3/10/22, 11:23 AM

    Hiding the server IP is probably quite important when you want to get around nation states trying to blockade factual information.

  • by djdjfhsje33edh on 3/10/22, 2:50 PM

    Another good reason is that Twitter launching an onion address has given Tor a lot of positive press in the mainstream media for a change.

  • by badrabbit on 3/10/22, 9:33 PM

    Heh. An article for a two word answer: Tor exits.

  • by Tepix on 3/10/22, 2:55 PM

    One reason that i haven't mentioned today is forcing users to use tor by only publishing a .onion address.

  • by rosndo on 3/10/22, 8:14 AM

    Most of the technical points listed here are pretty much entirely mitigated by TLS. Exit nodes can of course deny access to specific sites, but hidden services suffer from comparable (or worse) issues.

    There are no other practical attacks that malicious exit nodes could execute against sites using TLS and HSTS preload lists. If you’re a website administrator, fixing those things should be your priority before implementing onion addresses.

    Onion addresses also come with slight drawbacks. They’re difficult for users and more vulnerable to phishing. Hidden services are also extremely vulnerable to CPU-based DoS attacks.

  • by moltke on 3/10/22, 3:03 PM

    It's much harder to deanonymize people who are connecting to hidden services because they don't have to use exit relays which are often illegal to run.