
Debian .onion services - ashitlerferad
https://onion.debian.org/
======
CiPHPerCoder
This is a great idea, especially for TAILS users.

I've long been concerned about updating a TAILS image to get the latest
security updates and leaking forensically-useful data. By using hidden
services for apt-get updates, everything is over Tor, so this becomes less
harmful.

~~~
INTPenis
But if you're using services through tor, aren't you already anonymous? It's
my understanding that a hidden service is meant to hide the service, not the
users. Hiding its users is only a byproduct of being part of tor.

I never saw a practical point to big projects and organisations like Debian
having hidden onion-services. Other than promoting Tor it seems to me that
hidden services are meant for other applications.

~~~
r3bl
With a hidden service, your traffic never exits out of the the Tor network.
There is no possibility of the exit node being compromised or spying on you.

~~~
INTPenis
I completely missed that vital detail. Thanks for correcting me.

------
Buetol
It's a nice but something more efficient would be some automated way to
discover the onion services for domain while staying in the onion network.
Like being able to have onion domains like backports.debian.org.onion or
having some sort of protocol upgrade when accessing backports.debian.org with
a Tor-capable client.

~~~
xg15
But how would that work? You'd have to have some kind of bootstrap hidden
service which would essentially act as a DNS or search engine. But as soon as
that service exists, you have again a single point of failure.

~~~
ikeboy
Require them to use the same cert as for their main site, so a CA compromise
is required.

Also have it published in certificate transparency databases, so a targeted
attack is impossible.

