I hate the Internet and the people who own it

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
You're basically describing Tor2web. Having Farms dedicated instances is just asking for trouble. I'm sure many trannies would happily pose as helpful Farmers and set up malicious instances for the purpose of harvesting account credentials. And using existing instances isn't recommended either for same reason.

With your login problem, in the Tor Browser settings you can disable clearing of cookies on exit. That should fix it, but might also need to enable saving history too.
 
  • Agree
  • Informative
  • Like
Reactions: Autistic Joe, Shiny Shroodle, anustart76 and 5 others
guiltyspark85 said:
You're basically describing Tor2web. Having Farms dedicated instances is just asking for trouble. I'm sure many trannies would happily pose as helpful Farmers and set up malicious instances for the purpose of harvesting account credentials. And using existing instances isn't recommended either for same reason.

With your login problem, in the Tor Browser settings you can disable clearing of cookies on exit. That should fix it, but might also need to enable saving history too.
Click to expand...
Yes that is the fatal flaw with it, there has to be a way to ensure no MITM vulnerability, but with any possible solution they can always spoof the site's appearance like a phishing scam. If there was another way to achieve that level of decentralization between the clearnet frontend and the actual site it would solve the problem, but I don't think thats possible. And thanks I'll give that a try.
 
Jones McCann said:
Yes that is the fatal flaw with it, there has to be a way to ensure no MITM vulnerability
Click to expand...
In a connection from you -> clearnet site -> tor, the clearnet site is a MITM by definition. It would have to be able to see the data. There's no way to have it stay end-to-end encrypted.

Actually, it's probably technically possible to have end-to-end encryption, but you're still putting blind faith in the site to actually do that.
 
  • Agree
Reactions: Markass the Worst
Kosher Salt said:
Actually, it's probably technically possible to have end-to-end encryption, but you're still putting blind faith in the site to actually do that.
Click to expand...
Exactly, the only solution that includes decentralization without that vulnerability looks something like federation, but it would need to allow Josh to remain the leader of the community, which means keeping authority over the forum's data. Technically that would cost a lot, but besides that it's not possible to design such a system without compromising authority in some ways.
 
I looked briefly at tor2web. The downside would be that you have to have a cert of say "*.onion.mydomain.org" and then the user connects to address.onion.mydomain.org. That proxy can then see all your traffic.

If I could figure out how to set it up at home I probably would, but a public version would be problematic.

If you didn't do that then you'd get cert errors since a normal browser would connect to foobarxyz.onion.mydomain.org and get a cert from foobarxyz.onion and give the usual error.

It looks like some VPNs offer direct Tor over VPN for their customers, those of you already using a VPN might look into it for your vendor,
 
Last edited:
  • Informative
Reactions: Seafarer
davids877 said:
I looked briefly at tor2web. The downside would be that you have to have a cert of say "*.onion.mydomain.org" and then the user connects to address.onion.mydomain.org. That proxy can then see all your traffic.

If I could figure out how to set it up at home I probably would, but a public version would be problematic.

If you didn't do that then you'd get cert errors since a normal browser would connect to foobarxyz.onion.mydomain.org and get a cert from foobarxyz.onion and give the usual error.

It looks like some VPNs offer direct Tor over VPN for their customers, those of you already using a VPN might look into it for your vendor,
Click to expand...

Do not use any Tor2Web bullshit, just install fucking Tor Browser.
How hard is downloading a portable web browser that can run on ANY platform?

Tor2Web is MiTM, its a security risk and nobody with bran should use this.

There could be a read-only clearnet made, where you would set a static onion addy for outgoing connections, Null whitelist it so you do not get ddos protection thingy and just cache as much as you can so even if someone ddoses you mirror, farms wont be hit. But it should be only read-only.

davids877 said:
It looks like some VPNs offer direct Tor over VPN for their customers, those of you already using a VPN might look into it for your vendor,
Click to expand...

DO NOT FUCKING USE IT.
It defeats the whole purpose of using Tor where traffic is end to end encrypted LOCALLY. It allows them to intercept the traffic. Its no different than just using a vpn.
 
Last edited:
  • Agree
  • Like
  • Informative
Reactions: Aunt Carol, Autistic Joe, Sexy Senior Citizen and 4 others
dumbledore said:
Its no different than just using a vpn.
Click to expand...
That's fine, 95% of us would be here on just a VPN if the clearnet was working. We're not using TOR to access the farms from some third world shithole like the UK where we need to hide our activities from the government, we just want to sneed.
 
  • Like
Reactions: Puff
dumbledore said:
DO NOT FUCKING USE IT.
It defeats the whole purpose of using Tor where traffic is end to end encrypted LOCALLY. It allows them to intercept the traffic. Its no different than just using a vpn.
Click to expand...
But Papa Null recommended using Orbot which is a Tor VPN.
 
Useful_Mistake said:
Because that's the only way to access the KF on Iphones
Click to expand...
Isn't Orbot just a localized VPN? I don't think that's an issue since it isn't running through a VPN service, just using the VPN function locally.
 
anustart76 said:
Isn't Orbot just a localized VPN? I don't think that's an issue since it isn't running through a VPN service, just using the VPN function locally.
Click to expand...
It's a tor client. The user experience, though, is much like that of a mobile VPN.

And at least in iOS if you turn it on, it turns on the boxed [VPN] indicator, although technically tor is not a VPN but a series of proxies.
 
  • Like
  • Agree
Reactions: Aunt Carol, (The REAL) Jack Torrance and spinal gas chamber
The “VPN” tag simply means an application is capturing all network requests.
The application might encrypt and forward the traffic wholesale to a remote server, as with a traditional VPN; put it through the TOR network, as with Orbot; hijack out advertising DNS queries and pass other traffic straight through; or really anything else the application is programmed to do.

It can be written to forward requests for onion sites to a remote server, and have the remote server handle entering the TOR network. This would allow the remote server to know which sites you visit (as VPNs already do) but not access to any content protected by https. As long as the site's https connection is terminated at the device browser, the content/form data of the site is still protected by end to end encryption.

For those that would otherwise visit the site on .net via a VPN, I'd consider this solution.

Tor2web:
Contrast to tor2web which termiates both the TOR and the site's https connection on their end, replacing it with their own; which means they will have access to the content/form data (read: passwords).
For those that only browse publicly visible content without logging in, I'd consider this solution.

Orbot:
However, Orbot captures all network traffic system wide and enters it into the TOR network on the device itself. There are disadvantages to this method, as opposed to the traditional method of configuring each application to talk to a TOR proxy.
The advantage is this will run all network requests through the TOR proxy, without each application having to negotiate a connection with the TOR proxy. Implication being support for more applications since they can make requests as usual, and less chances to accidentally send out something without going through TOR.
The disadvantage is everything will run through TOR, without each application having to negotiate a connection with the TOR proxy. Implication being it’s harder to choose what to run through TOR, or use TOR with a VPN, either nested or selectively for some applications.
More importantly, it makes it harder for TOR to isolate different applications to different circuits, since it doesn’t get to know the applications individually*, and since the network is only concerned with where to send packets instead of what’s actually in the packet, it would be harder to put different sites on different circuits especially if they’re all coming from the same browser, or the browser be able to talk directly to the TOR proxy to make requests such as changing the circuit for a specific site.

*The way mobile OSes put each app in their own user actually makes it possible for the VPN application to tell which application the traffic is coming from.

For those that don't mind having their entire device being routed through TOR, I'd consider this solution.

Onion Browser:
Onion Browser runs its own TOR proxy, and directs its own instance of UIWebView to use it.
It has to use UIWebView instead of the newer WKWebView since the latter doesn’t support being directed to a proxy.
The downside being lower performance/battery life and the lack of some new browser features (with the most notable being the lack of WebAssembly for the automatic haproxy-protection solver) but if you’re willing to put up with that inconvenience, the rest of the site appears pretty much usable to me.

For those that are willing to deal with the DDOS protection, I'd consider this solution.
 
  • Informative
  • Like
Reactions: Aunt Carol, Evil Bunny, anustart76 and 2 others
xn--mck1c said:
Orbot:
However, Orbot captures all network traffic system wide and enters it into the TOR network on the device itself. There are disadvantages to this method, as opposed to the traditional method of configuring each application to talk to a TOR proxy.
The advantage is this will run all network requests through the TOR proxy, without each application having to negotiate a connection with the TOR proxy. Implication being support for more applications since they can make requests as usual, and less chances to accidentally send out something without going through TOR.
The disadvantage is everything will run through TOR, without each application having to negotiate a connection with the TOR proxy. Implication being it’s harder to choose what to run through TOR, or use TOR with a VPN, either nested or selectively for some applications.
More importantly, it makes it harder for TOR to isolate different applications to different circuits, since it doesn’t get to know the applications individually*, and since the network is only concerned with where to send packets instead of what’s actually in the packet, it would be harder to put different sites on different circuits especially if they’re all coming from the same browser, or the browser be able to talk directly to the TOR proxy to make requests such as changing the circuit for a specific site.

*The way mobile OSes put each app in their own user actually makes it possible for the VPN application to tell which application the traffic is coming from.
Click to expand...
Selectively running data for certain apps through Orbot is a feature on Android. I guess iOS doesn't support it.

1686378893488.png
 
  • Informative
Reactions: Aunt Carol
Kosher Salt said:
Selectively running data for certain apps through Orbot is a feature on Android. I guess iOS doesn't support it.

View attachment 5157427
Click to expand...
i don't know about the android version but the ios version has a setting to only route .onion links through tor and your other traffic will be over clearnet. i don't think i've ever seen anyone mention this before, guess no one checks the settings...
 
  • Informative
  • Like
Reactions: Oxyjen, Barbarella, ₲litches and 2 others
Kosher Salt said:
Selectively running data for certain apps through Orbot is a feature on Android. I guess iOS doesn't support it.

View attachment 5157427
Click to expand...

I think it's simply not implemented on iOS Orbot, but NEAppRule from the iOS VPN API should allow that.

From what I can tell both the Android per-app option or the iOS onion-only option disconnects your regular VPN if it was already active, which can be particularly annoying.
 
dumbledore said:
Do not use any Tor2Web bullshit, just install fucking Tor Browser.
How hard is downloading a portable web browser that can run on ANY platform?
Click to expand...

It could work if we make clearweb frontends read-only.

Require Tor for logging in & posting. No exceptions. This keeps retards from making accounts and posting, but still lets them read.
 
  • Like
  • Thunk-Provoking
Reactions: Coo Coo Bird and ForTheHoard
Wouldn't a read-only clearnet frontend run into a lot of the same problems as a read-write frontend? As in, the people trying to take us down targeting the companies hosting the read-only frontend for "hosting hate and harassment"?

Actually they did try and (unfortunately) succeed in taking down an error page before
 
Deranged Deez said:
Wouldn't a read-only clearnet frontend run into a lot of the same problems as a read-write frontend? As in, the people trying to take us down targeting the companies hosting the read-only frontend for "hosting hate and harassment"?
Click to expand...
The original proposal by @Jones McCann was to have "hundreds of proxies" by many individual farmers rather than a singular frontend. So getting all these proxies shutdown would be a lot more effort than just going after Null. There must be thousands of VPS services out there, so would be fairly trivial to spin up a new instance somewhere else when one gets shutdown.

Sounds nice in theory, but still think this idea is a no-go:
  • To keep it normie friendly, there would need some sort of centralised listing of proxies on a clearnet webs site and I think this is going to be difficult to keep up.
  • I'm doubt there are many motivated farmers that are technical inclined to host these clearnet frotends. Especially if it came down to speedrunning through VPS services - could get tiresome setting them up and costly if they charge for an entire month, but terminate after a week.
  • There's still the threat of malicious instances even if read-only. Having done some further reading about Tor2web instances, there's been cases where crypto wallet addresses have been replaced on pages.
  • Bad actors could do much more nefarious things, like replace specific content in a thread with illegal content, then use this as "evidence" the farms should never be allowed back on the clearnet.
So I think for the moment, forget trying to get some clearnet frontends setup and use Tor until Null gets clearnet working properly again.
 
  • Like
  • Agree
Reactions: Autistic Joe, unexpected onions, Jones McCann and 1 other person
It would work if they are hosted as generic tor2web instances, right? Or else any proxy service could be labeled as problematic since it could potentially link to any site.
As a fallback I find Tor just fine though, not sure what exactly it is holding people back.
Independently of technical endeavors, I think the point is that the site shouldn’t have to resort to such workarounds, if access to networking infrastructure is to be considered an essential utility similar to the postal system. Trying to work through, policy wise, where the line lies between a contract vs common carrier and how it pans out in practice should be interesting to watch.
 
So I think for the moment, forget trying to get some clearnet frontends setup and use Tor until Null gets clearnet working properly again.
Click to expand...
Hmm, I guess having Null personally handle any clearnet frontend would be the best thing in that case. Though I'm still wondering if a read-only frontend for the clearnet would be easier to host, and if so, by how much.
 
You must log in or register to reply here.
Back