[tor-talk] Testers Wanted: Human-meaningful onion service names via Namecoin in Tor Browser Nightly

Hi Tor community! As we all know, onion services have rather unwieldy randomly derived base32-encoded names. This is, of course, a reasonable design, given the design constraints that onion services have to deal with. And it works pretty well, all things considered. That said, the unmemorable names are also a UX problem, especially for users who are new to Tor and therefore are accustomed to DNS. Many Tor users don't consistently check .onion services' names for correctness, which introduces the risk of phishing attacks. So, the Namecoin developers and the Tor Browser developers are running an experiment, and we'd love to get some feedback from the community. The currently available Nightly builds of Tor Browser (currently only GNU/Linux) include optional support for using Namecoin as a naming layer for onion services. To try it out, once you have a Nightly version of Tor Browser for GNU/Linux installed, try running it with the environment variable "TOR_ENABLE_NAMECOIN=1". The following domains can be used to test the support: http://federalistpapers.bit/ http://onionshare.bit/ http://riseuptools.bit/ http://submit.theintercept.bit/ http://submit.wikileaks.bit/ These domains are held by Namecoin community members who are happy to donate them to the "rightful" owners on request. However, since they haven't been donated *yet*, don't rely on these domains for security (e.g. you should *not* use this to submit documents to The Intercept). For somewhat more detailed instructions (e.g. if you don't know how to get a Tor Browser nightly build, or if you don't know how to set environment variables), see my workshop notes from the 36C3 Critical Decentralization Cluster: https://www.namecoin.org/resources/presentations/36C3/tor-workshop/ Like any experiment, this experiment is only as good as the feedback we get. So, if you try it out, please let us know how it goes! Specifically: * If it works well for you, please let us know via this thread on the tor-talk mailing list. * If you find a bug or otherwise have suggestions for how we could improve it, please let us know via this thread as well. (Or, if you're comfortable with Trac, you can report it as a ticket on Trac; please use the "Tor Browser" component and add "namecoin" to the keywords list so that the right people notice the ticket.) If you're curious about the behind-the-scenes work that went into this (and you're not afraid of technical details), my talk at the 36C3 Critical Decentralization Cluster may be interesting to you. See the following links: 36C3 CDC Slides: https://www.namecoin.org/resources/presentations/36C3/Adventures_and_Experiments_Adding_Namecoin_to_Tor_Browser_36C3_CDC.pdf 36C3 CDC Video: https://youtu.be/mc51zyflpa8?t=22638 Cheers! -- -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmobile at airmail.cc Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with OpenPGP. Please don't send me unencrypted messages. My business email jeremy at veclabs.net is having technical issues at the moment. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20200226/cd38a1ed/attachment.sig>