[flipped]

Better have a .onion. It's almost impossible to seize and you control the keys. YOU ARE THE OWNER, not some for-profit registrar. Onions should be the default, it's secure (you own the keys), decentralized and far better than relying on CAs for encryption.

[sanskritical]

Tor and I2P are great technologies. ZLibrary, for example, runs an excellent Tor hidden service and it is usually the most reliable way to access news from the site. However, this did not remain true for a while when two of the operators were arrested. Tor and I2P require you to have infrastructure online. The point of "check Wikipedia for news" is that you can have something persist even if you do not have your servers online. Nostr is the best technology available in this category.

> It's almost impossible to seize and you control the keys. YOU ARE THE OWNER

This also remains true for Nostr.

But furthermore, as an operator of several Tor hidden services corresponding to public web services. I can assure you that many users, especially those on mobile devices, will stop using your service in large numbers if you direct them to a hidden service. iPhones don't allow background processes without special dispensation from Apple so the Tor/I2P circuit dies every time someone switches between apps. It's also an extreme development challenge, as they don't allow subprocesses either, and then of course your app will have to abide by the GPL at least for I2P (nonstarter for some). "Just ruin your experience for all iOS users and switch to the GPL for all your client code" is not a realistic suggestion. Not that Annas-Archive has a their own client app.

[flipped]

Operational excellence is of course dependent on the operator but I would still think it's far easier to bring up onion as it's disposable and works behind NAT'ed VMs which makes it further easy to run.

I don't know anything about Nostr since it does not focus on anonymity and isn't as old as Tor (more than 2 decades of research and application), I wouldn't rely on Nostr for anything serious.

[weslleyskah]

If they can't figure it out anything else, I think Tor is the most plausible tech to be used. What are the alternatives if these other services don't provide enough traffic to sustent the download speed of the files? Something old like USENET certainly can't be used anymore.

I hope they follow the same pathway of The Pirate Bay or Rutracker.

[fragmede]

Laundering the code through OpenAI to see if the GPL sticks through training, would make for an interesting court case if you asked ChatGPT to write an I2P clients "from scratch" for a closed source iOS client.

[xtracto]

Namecoin has had all the DNS issues fixed since 2011. It is one of the few real and useful applications of bitcoin based technology.

Somehow it never got too the attention it deserved.

It was also the first known "altcoin"

[flipped]

Namecoin sounds very promising, first time hearing about it.

[superkuh]

>It's almost impossible to seize and you control the keys. YOU ARE THE OWNER, not some for-profit registrar.

You may own the keys but the non-profit The Tor Project owns the network. And when they decide to shut it down your "ownership" of the domain keys doesn't matter in the slightest. You might think this is a silly scenario but actually it happened in 2021/2022 when the tor project unilaterally decided to kill the entire Torv2 network and all domains were made inoperable. All links between sites, everything that made .onion a web, was lost.

The Tor Project does this whenever they feel that there's a security issue. It will happen again.

As someone that spent 10 years building completely legal community sites on the .onion network with the delusion of ownship it really hurt me. I'm never using .onion again. It is not a place to try to build communities. It is only for people that need 'security' as a highest priority and don't care if everything gets wiped out.

[flipped]

They don't own the network. The people who run the relays do. v2 wasn't shutdown in an instant. It was necessary and you could have just redirected your users to v3 and tell them to use it instead but you had to whine about your short-commings on Tor?

It's not only for high-security. It's for the state-of-the-art anonymity.

[superkuh]

All the links between .onion sites broke when the relay and other infrastructure operators started running the broken (no Torv2 support) releases the Tor Project put out. All the writings of sites about each other. Everything that made it a web.

It doesn't matter that it was technical possible to try to manually reach out to random visitors of my sites and try to tell them that the entire domain name was changing. That didn't fix the web or links aspect at all.

[mantisV3]

They didn't provide any migration path from v2 to v3?

[sanskritical]

They did not. And many apps (Ricochet Messenger comes to mind) were not visited by a web browser. So it isn't like you could announce an HTTP 302 and just seamlessly transition.

[cassepipe]

How are we supposed to discover official .onion adresses though ? Is there some kind of DNS for that ?

[integralid]

The same way you discover official clearnet domain names, i.e. by using a search engine, getting url from a friend, etc.

[quietsegfault]

I’ll never use Tor because I have no idea what the Tor client is actually doing. Is it enabling someone to use my network connection for cybercrime without my knowledge? No thanks.

[dmantis]

Clients are never used as relays in TOR. You never route anyone's traffic until you setup it yourself. And you can't miss that part, and it's not a default, and requires additional configuration.

Also relays (not exit nodes) are pretty safe to operate and running them is a decent thing, supporting free internet instead of a corporate ads machine, let's not frame it as a "crime support".

[tbrownaw]

> Also relays (not exit nodes) are pretty safe to operate and running them is a decent thing, supporting free internet instead of a corporate ads machine, let's not frame it as a "crime support".

Well the purpose of using Tor is to prevent any network operators from knowing who you're talking to. Which AIUI is primarily a concern if either you're not allowed to talk to whoever ("great firewall" type things), or you risk getting in trouble for talking to whoever (Silk Road etc, or disfavored politics).

I guess if you're worried about hacks and doxxing rather than LE? Or if you only call things crime when they should be illegal rather than when they formally are?

[flipped]

LE relies on opsec failures which is very clear on their busts. They are incompetent hypocrite fools.

[reorder9695]

Using Tor browser and running a Tor node are different things, by using the browser you are not contributing to the network, you're just accessing it. If you're worried about someone using your network connection for cybercrime you shouldn't run a Tor node (although there is significantly less risk with a relay node), but you shouldn't worry about using regular Tor.

[flipped]

> by using the browser you are not contributing to the networK

That's false to some extent. Tor's promise comes from it's vast population of users. The more users it has, the better it is to improve everyone's anonymity. So in a way, even by using it, you are helping Tor network. And please, save the "criminal" bs (meant for the original comment).

[coldtea]

This response stretches "pedantic correction" to new levels.

[lxgr]

Why? The utility of any network grows with the number of participants, even that of inherently asymmetric networks that strictly distinguish "producers" and "consumers". (More eyeballs make the network more valuable to content providers.)

This might not be how courts determine culpability of redistributing any potentially illegal content, of course.

[coldtea]

>This might not be how courts determine culpability of redistributing any potentially illegal content, of course.

Which is precisely the point of this discussion.

Might as well argue "By protecting the environment you're supporting the drug trade, because people that a climate catastrophe would wipe out will be able to be drug users".

[flipped]

It's literally outline by Tor Project team, if you care to even read from official sources.

[coldtea]

This here response continues to stretch "pedantic correction" to new levels.

What's "literally outlined" I'd guess is that the utility of the Tor network increases with adoption which nobody ever doubted.

What is discard is the tenuous over-stretched argument in this thread regarding fears of legality, that went like this:

GP: Using Tor browser and running a Tor node are different things, by using the browser you are not contributing to the network, you're just accessing it.

P: That's false to some extent. Tor's promise comes from it's vast population of users. The more users it has, the better it is to improve everyone's anonymity. So in a way, even by using it, you are helping Tor network.

As if that what was discussed...

[lxgr]

As others have mentioned, that's not what Tor does by default. Just because you don't know how it works doesn't mean that it's generally unknowable.

And conversely, it's enough to visit a random website running WebTorrent or just a plain HTTP DDoS attack to possibly "use your connection for cybercrime".

Since RFC 3514 unfortunately never gained traction, distinguishing good, bad, and illegal traffic remains difficult.

[Froztnova]

Tor doesn't work like this. i2p, however, does. At least by default.