Tor onion site

Illustration by Kevin Zweerink for The New York TimesUpdated: February 12, 2022During the fall of 2021, The New York Times rebuilt it’s existing Onion service, added the “Onions Por Favor” service to the public New York Times website, and issued a new V3 Onion address.As with our previous Onion Service, visitors will not be able to create Times accounts or log рабочее in to their existing Times account via the V3 Onion service.The current address for our Onion Service is https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/The Times would like to thank the TOR Project and Alec Muffet for their support during this process.Original post from Oct. 27, 2017:Today we are announcing an experiment in secure communication, and launching an alternative way for people to access our site: we are making the nytimes.com website available as a Tor Onion Service.The New York Times reports on stories all over the world, and our reporting is read by people around the world. Some readers choose to use Tor to access our journalism because they’re technically blocked from accessing our website; or because they worry about local network monitoring; or because they care about online privacy; or simply because that is the method that they prefer.The Times is dedicated to delivering quality, independent journalism, and our engineering team is committed to making sure that readers can access our journalism securely. This is why we are exploring ways to improve the experience of readers who use Tor to access our website.One way we can help is to set up nytimes.com as an Onion Service — making our website accessible via a special, secure and hard-to-block VPN-like “tunnel” through the Tor network.This onion address is accessible only through the Tor network, using special software such as the Tor Browser. Such tools assure our readers that our website can be reached without monitors or blocks, and they provide additional guarantees that readers are connected securely to our website.TechnologyOnion Services exist for other organizations — most notably Facebook and ProPublica, each of which have created custom tooling to support their implementations. Our Onion Service is built using the open-source Enterprise Onion Toolkit (EOTK), which automates much of the configuration and management effort.The New York Times’ Onion Service is both experimental and under development. This means that certain features, such as logins and comments, are disabled until the next phase of our implementation. We will be fine-tuning site performance, so there may be occasional outages while we make improvements to the service. Our goal is to match the features currently available on the main New York Times website.Over time, we plan to share the lessons that we have learned — and will learn — about scaling and running an Onion Service. We welcome constructive feedback and bug reports via email to [email protected], we would like to extend inkrmpcc our thanks to Alec Muffett for his assistance зеркала in configuring the Enterprise Onion Toolkit for our site.Runa Sandvik was the Director of Information Security at The New York TimesThis post has been updated to reflect the current address for our Onion Service. The previous URL has been deleted.

Tor onion site - About tor http krmp.cc onion

ox ESR, которая позволяет пользователям посещать Интернет анонимно, а также получать доступ к специальным доменам .onion в сети Tor.Вы можете скачать Tor Browser с нашего сайта. Также можно выполнить автоматическое обновление до новой версии, перейдя в меню > Справка > О Tor Browser.Скачать Tor BrowserЧто нового в Tor Browser 11Tor Browser 11 построен на базе Firefox ESR 91, а значит вы получаете новый пользовательский интерфейс с новыми иконками, новой панелью инструментов, обновленными меню и обновленным интерфейсом вкладок.Новые иконки Tor 11Самым крупным внутренним изменение стало удаление поддержки сервисов V2 Onion, коротких URL-адресов доменов сети Tor, использующих 16 символов.При попытке открыть сервис V2 Onion, Tor Browser теперь будет показывать сообщение «Недопустимый адрес сайта Onion» (Invalid Onionsite Address) с кодом ошибки 0xF6.В заметках к выпуску сообщается:В прошлом году мы объявили, что службы V2 Onion перестанут поддерживаться в конце 2021 года, и с выходом Tor Browser 10.5 стали предупреждать пользователей о завершении поддержки этих сервисов.И вот этот день настал. После обновления до Tor 0.4.6.8 сервисы V2 Onion будут недоступны в браузере, и пользователи будут получать сообщение об ошибке «Недопустимый адрес сайта Onion».Хотя сайты V2 Onion больше не будут доступны в Tor Browser, администраторы могут перейти на службы V3 Onion, добавив следующие строки в файл torrc:HiddenServiceDir /full/path/to/your/hs/v3/directory/HiddenServicePort :Новая версия Tor Browser поставляется с несколькими известными ошибками:Ошибка 40668: связана с DocumentFreezer и файловой схемой.Ошибка 40671: отображение шрифтов.Ошибка 40679: отсутствующие функции при первом запуске в ESR 91 на MacOS.Ошибка 40689: изменение HTTP-метода провайдера поиска Blockchair.Ошибка 40667: видео AV1 отображается как поврежденные файлы в Windows 8.1.Ошибка 40677: с момента обновления до 11.0a9 некоторые надстройки неактивны и требуют отключения-повторного включения при каждом запуске.Ошибка 40666: переключение параметра svg.disable влияет на настройки NoScript.Ошибка 40690: сбои chrome при отключении режима приватного просмотра.Новая версия Tor Browser 11 доступна для скачивания на нашем сайте.Скачать Tor BrowserОбновления программ, что нового© Comss.one. По материалам Bleeping Computer

By Ben Kero, Devops Engineer at BraveIn 2018, Brave integrated Tor into the browser to give our users a new browsing mode that helps protect their privacy not only on device but over the network. Our Private Window with Tor helps protect Brave users from ISPs (Internet Service Providers), guest Wi-Fi providers, and visited sites that may be watching their Internet connection or even tracking and collecting IP addresses, a device’s Internet identifier.We are, and always have been, hugely thankful for the work and mission that the Tor team brings to the world. To continue our support, we wanted to make our website and browser download accessible to Tor users by creating Tor onion services for Brave websites. These services are a way to protect users’ metadata, such as their real location, and enhance the security of our already-encrypted traffic. This was desired for a few reasons, foremost of which was to be able to reach users who could be in a situation where learning about and retrieving Brave browser is problematic.We’ll go through the process of creating this setup, which you should be able to use to create your own onion service.To start the process we ‘mined’ the address using a piece of software called a miner: I chose Scallion due to Linux support and GPU acceleration. Mining is the computationally expensive process of creating a private key to prove a claim on an onion address with a desired string. Onion (v2) addresses are 16 character strings consisting of a-z and 2-7. They end in .onion, and traffic to .onion domains does not exit the Tor network. V3 addresses are a longer, more secure address which will provide stronger cryptography, which we will soon migrate to.In our case we wanted a string that started with ‘brave’ followed by a number. A six-character prefix only takes around 15 minutes when mined on a relatively powerful GPU (we used a GTX1080). The end result is a .onion address and a private key that allows us to advertise we are ready and able to receive traffic sent to this address. This is routed through a ‘tor’ daemon with some specific options.After we mined our onion address we loaded it up in EOTK. The Enterprise Onion Toolkit is a piece of software that simplifies setting up a Tor daemon and OpenResty (a Lua-configurable nginx-based) web server to proxy traffic to non-onion web servers. In our case we are proxying traffic to brave.com domains. One last piece was required to complete the setup: a valid SSL certificate.Without the certificate, upon starting  EOTK for the first time, you’ll find that many web assets don’t load. This is due to using a self-signed SSL certificate. For some, this is acceptable. Many onion users are accustomed to seeing self-signed certificate warnings, however for the best experience a legitimate certificate from a CA is necessary. For now, the only certificate authority issuing certificates for .onion addresses is DigiCert. They provide EV certificates for .onion addresses including SANs, with the exciting addition of wildcard SANs, which are otherwise not allowed in an EV certificate!Generating a private key and certificate signing request is done in the standard way with OpenSSL. For more information about how this is done see documentation here. An example of a CSR configuration file is shown below:One snag was that the process of proving you own the address requires a few different steps of validation. One is the traditional EV due diligence of contacting a representative of the organization that is on-file with DigiCert. Another is a practical demonstration, either of a DNS TXT record or a HTTP request to a well-known URL path. Since the onion addresses don’t have the concept of DNS, TXT validation will be impossible. That leaves the only remaining option as the HTTP practical demonstration. The demonstration involves requesting a challenge from DigiCert, at which point they will send you a short string and a path that they need to see the string served at.You then start a web server listening on that address on port 80 (non-SSL). They will send a GET request for that path. If they are able to successfully fetch the string, they know that you are in control of the address. Sadly, when I performed this song and dance with DigiCert the request did not work for 2 reasons. One was that EOTK was redirecting all of the non-SSL traffic to the SSL listener. The request failed since we were still running an EOTK-generated self-signed certificate. EOTK has a feature to serve short strings such as those required for this process using the “hardcoded_endpoint_csv” configuration option, but unfortunately it did not work due to the SSL redirect. I was able to modify the OpenResty configuration to move the configuration block responsible to the port-80 server section.After consulting with the author, I was told that the “force_http” EOTK option will fix this. Another problem is that DigiCert’s automated validator evidently cannot route Tor traffic since requests still failed. Opening a chat session with a DigiCert rep solved this problem quickly though, especially after pointing out that DNS TXT validation is not possible, and providing a link to the .onion blog post referenced earlier.We had to reissue certificates a few times (requiring more rounds of human validation for the EV cert requirements) in order to add some SAN wildcard subjects for our various subdomains (for example *.brave.com will not match example.s3.brave.com). One thing to note here is that even if you update the SAN subjects in your CSR, this will not add them to the reissued cert. They must be added through DigiCert’s web interface, and it can be easy to miss.Once we had our certificate we fed this into EOTK and found that web pages started appearing correctly, and that downloads worked without receiving a certificate error! This was a very satisfying milestone and let me know that we were almost done.EOTK does some string manipulation to rewrite URLs and some text on the pages so that they refer to the .onion addresses (example: a link to “brave.com/blog” becomes “brave5t5rjjg3s6k.onion/blog”). This is mostly desirable, although some strings should be preserved. For example we have several email addresses listed on brave.com such as [email protected]. This was being rewritten as [email protected]. Since we don’t (yet) run an email server as an onion service these email addresses won’t work, thus they should be preserved as [email protected]. EOTK has a “preserve_csv” option to maintain these static strings.Another suggestion is to include an Onion-Location response header on your web site, which points to your onion address. This hints at the user and their browser that the site is also available as an Onion service, and that they can visit that site if they so choose.Of course this novel daemon setup needed to run *somewhere*. In accordance with our standard devops practices at Brave, we wrote infrastructure-as-code using Terraform to deploy and maintain this. It is currently deployed in AWS EC2 with private keys secured in AWS SSM and loaded on boot. In a future iteration of the code we’d like to implement OnionBalance so that we can provide more redundancy and scalability to our onion services.Hopefully this post has taught you how we’ve been able to set this up at Brave, and how you can replicate our success to run an onion service for yourself. If you have any questions please feel free to reach out to me at [email protected], or on Twitter at @bkero.I’d like to thank Alec Muffett, the author of EOTK, for his invaluable assistance in helping me overcome all the challenges related to setting this up, and for encouraging me to do things the harder but more correct way. I’d also like to thank Kenyon Abbott at DigiCert for his assistance in helping with the process of issuing and re-issuing the certificate and enduring the multiple iterations necessary to get our certificate working.