
BBC News launches 'dark web' Tor mirror - worldofmatthew
https://www.bbc.co.uk/news/technology-50150981
======
andrewaylett
I know there are good reasons why it's not fully secure, but I'd really like
to be able to access `.onion` addresses in my regular browser over TOR and
everything else directly as usual. In _this_ I'm not over-worried about the
risk of deanonymisation as my aim is on one hand access to resources I don't
have access to now and on the other hand legitimisation of TOR as something
that anyone could reasonably use, even (or especially!) if they have "nothing
to hide".

~~~
elagost
The way to do that is just to use Tor Browser as your regular browser.

~~~
Phlogi
No, because the Tor Browser sends all traffic through the tor network and exit
nodes.

~~~
pbhjpbhj
Why is that bad, _per se_?

In practice some sites drop Tor connections, and localisations come through
wrong, but that doesn't seem to be why you said "no".

~~~
in1tiate
In my experience, the limiting factor is speed. Tor is not exactly the fastest
protocol in the world, and while streaming video over Tor has gotten better
over time, it's still not what I'd call _ideal._ For regular browsing, the
loss of speed is inconvenient enough to annoy the average user, myself
included.

~~~
pbhjpbhj
I've used tor-browser and Brave's tor mode quite a bit. I've not really had
problems with speed nor playing 480p video (if sites default to higher res
it's sometimes a problem).

Captchas on some sites, for sure, sometimes a different route will fix it.
Usually mainstream sites either block tor or work properly.

------
throwaway8491
Some of BBC News' .onion neighbors are forced to constantly rotate their URLs
to evade DDoS attacks (notably Empire Market). Admins constantly publish new
PGP-signed links to [https://dark.fail](https://dark.fail) . DDoS attackers
then scrape this site, shift their attacks. Sites stay online, but users are
trained to expect URLs to constantly change. This has resulted in a huge spike
in phishing attacks.

Tor hidden services are notoriously difficult to protect from DDoS attacks due
to its code being mostly single-threaded. Build 5000 circuits to any darknet
site, max out one core on the server, and you take it offline. Cheers to BBC
for this great step forward for privacy. Hopefully their traffic surges to
bring more attention to .onion scaling problems.

~~~
clubm8
My pet theory is that these DDOS attacks are not just other merchants. I
believe state actors are DDOSing to force traffic through nodes they control
to deanonymize traffic.

~~~
bashallah
Flood certain gates to ease monitoring of specific nodes.

Easy ROI

------
helios893
BTW NYtimes has been doing this for a while. [https://open.nytimes.com/https-
open-nytimes-com-the-new-york...](https://open.nytimes.com/https-open-nytimes-
com-the-new-york-times-as-a-tor-onion-service-e0d0b67b7482)

[https://www.nytimes3xbfgragh.onion/](https://www.nytimes3xbfgragh.onion/)

~~~
blotter_paper
Lulz, what good is a paywalled tor site? Does NYT accept crypto, or do you
have to get throwaway plastic to pay them pseudonymously?

~~~
clubm8
Is it paywalled? Maybe your exit node was used to scrape? I don't read NYT
much but when I've checked out the .onion such as today I've had no issue
reading articles.

~~~
tobias2014
I'm getting "Log in or create a free New York Times account to continue
reading in private mode.", then click on the "Create a free account button" to
be finally faced with "This action is not supported over Onion yet, sorry.".

------
abstractbarista
Many of you with homelabs ought to check out how to run a Tor relay or bridge.
It's been fun setting mine up, and after a while I started getting lots of
traffic! No data cap on a symmetric fiber connection, so I might as well share
the love!

~~~
skissane
Once upon a time, I tried running a relay at home. Certain websites started
blocking my IP - their operators wanted to block exit nodes, but
indiscriminately blocked all IPs from the Tor directory, both exit nodes and
relay nodes. At that point, I stopped doing it.

~~~
throwaway87378
Tor bridges do not have this problem, do not consume a lot of bandwidth, and
are very useful for people who need to circumvent firewalls. I have been
running one for years without any issues. The Tor Project is currently looking
for more volunteers to run bridges:

[https://blog.torproject.org/run-tor-bridges-defend-open-
inte...](https://blog.torproject.org/run-tor-bridges-defend-open-internet)

------
steeleduncan
Potentially I am misunderstanding how Tor's onion routing works, but according
to
[https://metrics.torproject.org/networksize.html](https://metrics.torproject.org/networksize.html)
there are about 6000 tor relays right now.

Surely if some well funded organisation (Eve) were to install a similar number
of relays itself, then it is reasonably likely that for a given user a packet
would eventually travel across relays solely owned by Eve, and at that point
Eve could map a Tor address to a physical IP?

Operating 6000 nodes in a manner unlikely to cause suspicion , and correlating
packets across those nodes, is a massive undertaking, but it seems that it
would be well within the means of e.g. NSA.

Would this work, or am I missing something fundamental about how Tor works?

~~~
xvector
I believe this would work, and is one of the weak points of the ecosystem. I
wonder what the impact of spinning up 6K relays in AWS across the globe would
be like. I would say that spinning up 6K instances would be affordable for
even small companies.

~~~
noident
You can't just spin up 6k new relays and take over the Tor network without
somebody noticing. The network is actively monitored for sybil attacks, and it
takes 2+ weeks before a new node is "trusted" with significant traffic, giving
network monitors plenty of time to blacklist you.

What's going to kill Tor is a global passive adversary, meaning someone with
perfect visibility of all traffic going in and out of Tor nodes by tapping
network infrastructure and correlating at the endpoints. I'm sure the NSA is
working on this. They couldn't do it in 2013, but what could they have
accomplished in the 6 years since the Snowden leaks?

It's also possible to use machine learning to "fingerprint" encrypted blobs
entering guard nodes and correlate them with websites (even onion services!),
although it gets less feasible as the set of potential websites increases.

------
cyphar
I'm confused why they're running a v2 onion address -- v3 has many benefits in
terms of privacy and DoS resistance. I get that the onion addresses are
longer, but you can run both in parallel.

------
mxuribe
It certainly seems like they're doing this with good intentions. If so, the
BBC is to be applauded!

------
keithnoizu
Forgive the useless quip, but it's a shame Jimmy Savile couldn't be alive to
see his two worlds collide like this.

~~~
EasyTiger_
Perfect.

------
farummi
BBC World News has a similar purpose as Voice of America (VOA) and Russia
Today (RT).

The purpose is to deliver the viewpoint of the UK to other countries, such as
Iran, Russia, China.

~~~
bouncycastle
No, you're thinking of Fox News & Daily Mail.

Sure, there is some criticism of BBC news, but I don't think you could ever
compare it to the junk filled propaganda machine that is RT.

~~~
Synaesthesia
I read a lot of RT. Many of their articles are just international reports like
AP news and stuff. Don’t really see a lot of propaganda.

~~~
bouncycastle
Yeah, of course they have to drop some real articles to look legit.

The propaganda is what's in between

Eg. Today's home page, first headline "Russia's 'secret weapon' for winning
influence in Africa – and it's not what you might think".

Then have a look at the op-ed pieces that are basically hit-pieces disguised
as journalism.

Also, there are things that they do not report (or omit) which is what you
should be most concerned about.

~~~
Synaesthesia
This is in every kind of newspaper. You have to learn to discern propaganda
from news and learn judgement.

------
zimbatm
Imagine if CloudFlare or another CDN provider were to automatically public
websites on Tor. This would be huge to drive legitimate traffic into the
system. It should be trivial to publish your content on Tor as well as the
clear web.

~~~
jgrahamc
You mean like the Cloudflare Onion Service that we launched a year ago:
[https://blog.cloudflare.com/cloudflare-onion-
service/](https://blog.cloudflare.com/cloudflare-onion-service/) It performs
an automatic upgrade to use the .onion from Cloudflare if you use TBB (and
Brave).

~~~
StavrosK
I've always wanted to use this (and enabled it on all my sites, e.g.
www.stavros.io), but it has never worked for me, I can always see the alt-svc
header in the response (using TBB 9.0).

------
breadandcrumbel
As far as I know, TOR doesn't work well in China

~~~
LinuxBender
Correct. Every time a new version / protocol is released, it works for a
little while and then they adapt their firewall to block it.

~~~
cnThrowaway
Here is my idea to fight The Great Firewall: Embed banned content in "normal"
https websites like this one.

The content can either be static like mirrors of banned sites (wikipedia, BBC
and the tor website). It would be at secret locations.

The site should randomly pick a few of it's Chinese users. When they visit
public pages, they will be redirected to the secret locations. (With a welcome
message).

It will appeal to apolitical Chinese, because they will feel they are
unraveling secrets.

It will be hard for the Chinese government to clamp down: They will struggle
to identify these websites and when they shut them down, they will hurt their
own industries.

~~~
DuskStar
I think most Chinese - even apolitical Chinese - will think it's a government-
inserted purity test, and immediately leave.

If it becomes successful, then China will make that fear real, and start
running the same thing themselves.

------
sanxiyn
You can also visit facebookcorewwwi.onion.

~~~
RandomGuyDTB
Possibly the most famous darkweb URL.

~~~
blaser-waffle
I feel like Dread Pirate Roberts would have something to say about that.

~~~
blotter_paper
I think GP means that facebook spent a lot of CPU cycles getting an onion
address that is so human-readable/memorable; I don't remember what the old
Silk Road's address was but I think I'd remember if it were
silkroadcorewwwi.onion

------
nyolfen
i’m not sure why. if someone is already using the tor network, presumably they
could use it to bypass censorship to access the clearnet bbc site.

~~~
oskenevd
Because so much of the bbc website is http, today, in 2019. At least you now
get TLS between the browser and the bbc server. Accessing bbc over Tor
normally leaks cleartext http to the exit nodes.

~~~
toby-
The vast majority of the BBC's services use HTTPS nowadays, including BBC
News, BBC Bitesize, Sounds/Radio, CBBC and CBeebies, etc. Only pre-2010 news
stories are HTTP.

The only other parts that remain HTTP (that I've seen) are certain archived
content, e.g. the older Learning[0] and Languages[1] portals.

[0]:
[http://www.bbc.co.uk/learning/coursesearch/](http://www.bbc.co.uk/learning/coursesearch/)

[1]:
[http://www.bbc.co.uk/languages/german/](http://www.bbc.co.uk/languages/german/)

~~~
Sami_Lehtinen
Here's fresh article which refuses to be served over HTTPS.

get "[https://www.bbc.com/travel/story/20191021-the-sea-
of-60-ghos...](https://www.bbc.com/travel/story/20191021-the-sea-
of-60-ghostly-wrecked-ships") Location:
[http://www.bbc.com/travel/story/20191021-the-sea-
of-60-ghost...](http://www.bbc.com/travel/story/20191021-the-sea-
of-60-ghostly-wrecked-ships)

BBC is one of very few sites on my HTTP allowed list. By default I've disabled
HTTP completely.

------
lacampbell
There's a bit of irony in the UK state run broadcaster doing this, giving the
UKs poor track record on freedom of speech.

------
beokop
I’m getting an Internal Server Error at the Tor site, I guess this means it’s
more popular than they expected?

------
zaphod420
Ethereum has contract call ENS (Ethereum Name Service). It's kind of like a
decentralized DNS.

People are starting to use that to create .eth domain names that point to
.onion sites.

[https://medium.com/the-ethereum-name-service/list-of-ens-
nam...](https://medium.com/the-ethereum-name-service/list-of-ens-names-that-
resolve-to-tor-onion-websites-99140a4c674f)

~~~
solarkraft
Why is this of interest?

~~~
zaphod420
.onion urls are difficult to remember. ENS provides human readable names that
point to .onion urls.

------
aykutcan
I am annoyed by the clickbait title. it is like calling knife as murder
weapon.

~~~
eyeinthepyramid
Dark web isn't inherently negative though, is it? It's not like they called it
pedo-web.

~~~
eeZah7Ux
It's very negative.

~~~
apecat
Yeah. It's a term we've got to live with though: it's too widely used in
media.

That's why news and public service actors with global ambitions launching
onion services is likely a huge net gain in the long run.

------
spoown
Excellent initiative... would to see more of these...

------
crusty511
> The BBC has made its international news website available via the Tor
> network, in a bid to thwart censorship attempts.

Bit ironic given that the influence of the government at the BBC.

------
tootahe45
I don't see the point of this, nobody is censoring politically correct speech.
Aren't they literally govt funded too?

~~~
LilBytes
China and Russia would both like a word with you.

~~~
sacrificedcapon
I think you missed his point. Neither china nor russia censor "politically
correct" speech. Of course their view of "politically correct" is different
from ours and others. Europe, Islamic world, Africa, etc all protect
"politically correct" speech and censor "politically incorrect" speech.

Sadly, in the US, extremists ( particularly the left ) are leading the charge
to censor "politically incorrect" speech.

~~~
Twixes
Hardly are there any "extremist" leftists in the US (never heard of any
advocating for a revolution) and any calls for censorship come from a tiny
minority of Tumblr–like social justice warriors.

~~~
sacrificedcapon
Agreed that the number of extremist leftists are small in the US.
Unfortunately, many of those "Tumblr-like social justice warriors" work in the
academia, media and government and wield disproportionate power. And if you
haven't heard of any talk of revolution, you must have lived in seclusion
somewhere in the woods and missed out on 3 years of post-Trump hysteria. Lucky
you.

~~~
Twixes
Where is the seizing of the means of production? Even nationalization of
companies is a no–no. Political discourse is radically liberal economically in
the US (thanks, Mr. Reagan) so there's really little leftism in the left.

------
class4behavior
Since no one posted that, yet: Tor relies on the size the of its network to
counteract blocks, prevent take overs, and naturally ensure stability as well
as performance.

You can either donate to various groups running Tor servers, the developers,
or take part on your own.

[https://www.noisebridge.net/wiki/Tor](https://www.noisebridge.net/wiki/Tor)

[https://www.torservers.net/](https://www.torservers.net/)

[https://www.dfri.se/donera/](https://www.dfri.se/donera/)

[https://nos-oignons.net/](https://nos-oignons.net/)

[https://donate.torproject.org/](https://donate.torproject.org/)

Also, as a side note, in countries where Tor access is actively inhibited,
users may need to rely on bridges.

[https://bridges.torproject.org/](https://bridges.torproject.org/)

[https://blog.torproject.org/how-use-meek-pluggable-
transport](https://blog.torproject.org/how-use-meek-pluggable-transport)

[https://snowflake.torproject.org/](https://snowflake.torproject.org/)

~~~
blaser-waffle
Is it worth it to donate, or to just pool a little cash and start your own?
Like, how do I know any of those links aren't the NSA?

I ask because I have 5-6 Raspberry Pis, a couple retired Supermicro boxes, and
old Cisco gear that isn't doing much...

~~~
class4behavior
>Like, how do I know any of those links aren't the NSA?

Well, I've only linked to communities listed by the Tor Project itself.

Otherwise, the same way you would check whether HN or your local tea store is
the NSA. You do your own research, run your own risk analysis, and if you want
to stay sane, by default you give people the benefit of the doubt.

Generally, it's best not to run Tor relays from home as services will start to
blacklist your IP as a proxy.

If you are going to be an exit node, then you should inform yourself about he
legal challenges you might face, since you don't know what people will access
with your IP address.

[https://blog.torproject.org/tips-running-exit-
node](https://blog.torproject.org/tips-running-exit-node)

[https://www.eff.org/torchallenge/faq.html](https://www.eff.org/torchallenge/faq.html)

Being an entry or middle-level node is less of a problem but some
uncertainties remain, so this depends on your local laws.

~~~
zer0tonin
> by default you give people the benefit of the doubt

I actually tend to assume websites like HN are the NSA or at least the NSA
have read access to their databases. Maybe it's my tinfoil hat tendencies but
instead of giving them the benefit of the doubt I would rather not give them
any data I don't mind the NSA having.

~~~
ktm5j
Everyone has read access to HN.. there are no private messages that I'm aware
of, anyone can search this site using google

~~~
cryptoz
HN contains a lot of information that isn't visible on the public web. Ban
lists, point counts, user access history, etc.

> Everyone has read access to HN

No, not to their databases as OP is discussing. It would be definitely a crime
if any of us had that info as it would imply we broke in and stole it - but OP
is suggesting that they assume NSA already has it (a potentially paranoid but
also reasonably fair thing to do, IMO).

From a personnel standpoint, isn't Thiel on the board of HN/YC and doesn't
Thiel have basically uncountable NSA/CIA/etc connections? I'm not saying Thiel
has anything to do with HN's security - but clearly, saying HN's databases
might be accessed by someone like CIA (while a board member of YC is active in
sales & partnerships to CIA etc) isn't _that_ crazy.

~~~
dang
> isn't Thiel on the board of HN/YC

He is not.

------
jonplackett
Finally a good use for my license fee!

(Aside from David Attenborough documentaries, they’ve always been worth it)

~~~
rvz
> Finally a good use for my license fee!

While I agree that no news corporation should ever be censored and should be
accessible to all including the "dark-web", the level of clickbait / fake-news
level content on the BBC website is getting ridiculous in some areas and
contradicts with their duty to be fair, impartial and balanced as the only UK
state broadcaster privileged with a royal charter.

Apart from the actual World News section, the front page + newsbeat section is
completely littered with frivolous cringe-worthy content and memes that isn't
worth paying attention to, neither is purchasing the TV license for.

~~~
VBprogrammer
I think one of the issues the BBC suffers from is that in the attempt to be
impartial they can sometimes give undue weight to crack-pot ideas.

That said, I often see both sides of a debate complaining about the bias of
the BBC. So long as that is the case then we can reasonably assume they are
doing a fair job of walking the fine line between both sides.

~~~
gmac
_I often see both sides of a debate complaining about the bias of the BBC. So
long as that is the case then we can reasonably assume they are doing a fair
job of walking the fine line between both sides_

This is absolutely not true, because unscrupulous parties are careful to
complain vociferously (and shamelessly) even about coverage that is heavily
skewed in their own favour.

Since the Andrew Gilligan debacle (where the BBC sacked a reporter and
apologised profusely over the self-evident truth he had reported: that Tony
Blair lied about Iraqi WMD), the BBC has gradually transformed itself from a
public broadcaster to a state broadcaster. The only time you hear a reasonable
balance of views on an issue these days is where the governing party itself is
split on it.

~~~
VBprogrammer
I think the Andrew Gilligan debacle, and the more recent Naga Munchetty issue,
are both symptoms of the BBC falling over themselves to appear impartial at
the expense of common sense.

------
bloogsy
Hooray, now you can get pro-Tory bias no matter where you are!

------
statusquoantefa
To be clear, they're talking about the un-intellectual dark web: they aren't
yet willing to take the risk featuring in-band IDW viewpoints on their pages
or airwaves.

Probably, in the face of trends like Brexit and a sense of their declining
popularity, this is phase one of preparing to take their resistance
underground if they have to.

~~~
knolax
From Wikipedia on IDW:

"The intellectual dark web (IDW) is a neologism coined by American
mathematician Eric Weinstein, and popularized in a 2018 editorial by Bari
Weiss. The term refers to a group of public personalities who oppose what they
see as the dominance of progressive identity politics and political
correctness in the media and academia."

Seems like the conventional usage of the term "Dark Web" predates your usage,
and is more relevant given that we're on a tech forum.

------
_Understated_
Not a fan of the clickbait title...

Seems a bit unfair to equate wanting to protect privacy with the dark web
where people associate it with drugs and paedophiles and whatnot.

Very clickbaity from the BBC.

~~~
toby-
Most people understand Tor to be the 'dark web', so I wouldn't call it
clickbait. Hell, it _is_ the dark web.

It's you who's wrongly associating it with paedophilia and drugs (both amply
available on the 'clearnet') IMO, which does quite a disservice to attempts to
promote Tor to the newly privacy-conscious.

'Dark' means hidden, not 'evil'.

~~~
_Understated_
Straight away in the article they spell it out and make the link between Tor
and the dark web:

> The Tor browser is privacy-focused software used to access the dark web

Yes it is. But that's the worst thing it's used for.

It's like saying 12-gauge shotguns are used for bank robberies...

Ok, I'm stretching the point but it's needlessly putting the association of
privacy focused browsing using Tor with the nasty shit that some people do
with it.

Edit: I realise my understanding of The Dark Web was incorrect so this
argument is invalidated now but I'll leave it up.

~~~
toby-
But you're using 'dark web' as if it necessarily implies "the worst thing[s]"
and "the nasty shit" on Tor. The term 'dark web' doesn't refer to anything
nefarious in itself — it simply means content accessible only via Tor (or some
other software or network).

Sure, many so-called Hidden Services offer illegal and immoral content, but
the dark web is _enormous_. There are many more such sites offering ebooks and
other (legal) media, anonymous blogging/forums/social media, whistleblowing
services, censorship-resilient news platforms (BBC, NYT, The Intercept,
ProPublica), cryptocurrency trading, and so on.

Hell, even the CIA has a 'dark web' presence on Tor [1].

[1]:
[http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjs...](http://ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion/)

~~~
cyphar
It's also the case that onion services make up less than 3% of Tor traffic --
the perception that they are a very common thing people use on Tor is
massively distorted by thinly-veiled smears by plenty of media outlets. The
most-used onion service on Tor is (by a landslide) Facebook.

------
dev_north_east
Don't really see the point of this and am tbh slightly irked at a wastage of
my licence fee.

~~~
that_lurker
This allows anyone that has access to TOR to read BBC. Many countries might
block outside news organizations.

~~~
dev_north_east
Yes I understand that.

1 - Can the same not be achieved via VPN usage?

2 - Can TOR browsers not already access the BBC in the "clearnet"?

3 - Why do I, as a UK resident, have to provide money so that someone in
Vietnam can access our state news?

~~~
davidcollantes
> Can the same not be achieved via VPN usage?

You will need to use a VPN provider (often for a fee). Tor comes at no cost.

> Can TOR browsers not already access the BBC in the "clearnet"?

I don't understand this question.

> Why do I, as a UK resident, have to provide money so that someone in Vietnam
> can access our state news?

It doesn't cost anything extra to run a Tor mirror.

~~~
StavrosK
> I don't understand this question.

The GP is saying that someone using the Tor browser could simply just visit
bbc.com already. However, they'd have to exit the network, whereas with an
.onion address they don't.

