
OnionShare makes it easy to publish anonymous, uncensorable websites - input_sh
https://micahflee.com/2019/10/new-version-of-onionshare-makes-it-easy-for-anyone-to-publish-anonymous-uncensorable-websites/
======
hnuser54
I love Tor, but it's almost suspicious how fast it's become, like I'm
wondering who's paying for all this bandwidth. Home, businesses, hotels, you
name it, Tor Browser almost never takes more than 2x as long to load anything
on the web as the raw connection does. I admit don't have an understanding of
how Tor works mathematically. There are organizations funding Tor exits and
relays (torservers.net, Emerald Onion, Tor Project itself) but has anyone
added up the bandwidth they provide and compared it to the total?

~~~
KenanSulayman
I'm operating three 10Gb Tor exits in a DC in Amsterdam. [1] It seems like a
meaningful contribution. I assume the other operators who are not IAs have
similar reasons.

[1]
[https://metrics.torproject.org/rs.html#search/family:38A42B8...](https://metrics.torproject.org/rs.html#search/family:38A42B8D7C0E6346F4A4821617740AEE86EA885B)

~~~
t34543
Personally or on behalf of a company? I ran two in the US and folded due to
legal pressure.

~~~
input_sh
If you don't want legal trouble, don't run exit nodes. I've configured my
relay to serve as a middle node. I'm using a provider that's known to be
hostile towards Tor relay operators with no repercussions for about two years
now.

------
StavrosK
That's a great initiative. I was hoping IPFS would be the de facto way to
publish uncensorable websites, but I have grown more and more disappointed in
it, as it fails a lot for me in its most basic purpose (fetching files).
Hopefully one of the other competitors will do better, but IPFS got a bunch of
theoretical stuff right, in my opinion (mainly immutability of objects).

~~~
JoshuaMulliken
Unfortunately, I think projects like this that make it easy to create onion
resources are quite dangerous. The reduction of friction to host material
online in a completely anonymous way only enables adverse actions like the
sharing of CP or other illegal content. Please look here for a good
explaination of friction in this space -> [https://stratechery.com/2019/child-
sexual-abuse-material-onl...](https://stratechery.com/2019/child-sexual-abuse-
material-online-the-problem-with-community-towards-more-friction/)

If it is used by political or marginalized communities, then this project is
also not useful. It does not have the support or attention required to enable
it to be secure enough like the TOR project does. This application opens up
legitimate users to incredible risk.

If I were a dissident, I would take my time and do the research required to
set up a system like this in the correct way. This project may give people a
sense of false security.

~~~
DuskStar
Ah, yes. The good old "don't make that tool because bad people might use it"
argument.

Similarly, we should ban sharing information on hacking/security because bad
people might use it, and require that all communications be visible to the
government to prevent abuse.

~~~
JoshuaMulliken
That is not the argument being made. It is an argument that having friction in
the process to do something that may have dangerous outcomes is sometimes
positive.

It is much the same as arguments that there should be gun training required to
purchase a firearm. Adding friction to a process sometimes provides positive
benefits.

~~~
DuskStar
> That is not the argument being made. It is an argument that having friction
> in the process to do something that may have dangerous outcomes is sometimes
> positive.

The argument being made, as far as I can tell, is that this tool will make
doing bad things easier, and thus this tool should not be made. As _any_ tool
to resist censorship will also enable said bad things, I do not find this to
be a valid concern. (And since some governments would list _censorship
resistance itself_ as one of those bad things, this is always going to be
true)

> It is much the same as arguments that there should be gun training required
> to purchase a firearm.

I think the tech equivalent to this would be mandating a "don't sexually
exploit children" class before allowing purchase of a computer. (As you might
guess, I'm not a fan)

> Adding friction to a process sometimes provides positive benefits.

Sure, but you have to make sure the collateral damage is minimized AND that
you're actually catching the offending segment of the population. Mandating
gun training before purchase is actually a great comparison here - the vast
majority of gun crime in the US is committed with illegally acquired weapons
(which would be unaffected by the mandate), just like I imagine that the
majority of CSE imagery shared on the internet uses something more robust than
OnionShare. So in both cases you'd have high collateral damage with minimal
impact to the population you actually care about affecting...

~~~
JoeSmithson
> I imagine that the majority of CSE imagery shared on the internet uses
> something more robust than OnionShare

The _majority_ is shared on normal social media and Bittorrent, although the
_worst_ is shared on dark web sites of the same robustness as OnionShare.

~~~
dependenttypes
> and Bittorrent

What? No, far from it. Bittorrent is pretty clean regarding illegal material
(excluding piracy ofc) - which makes sense, after all you leak you ip address
and the torrent that you are downloading to the whole network (if you have DHT
enabled) and/or to your tracker, plus your ISP can see what you are sending
and receiving (while there is a standard for encrypted transmission in
bittorrent I do not think that it is widely used). What do you consider as
"CSE" anyway? Would a picture of a girl at the beach be considered a "CSE"? If
so you might find such torrents (I wouldn't know), but I think that calling it
"CSE" is dishonest.

~~~
JoeSmithson
I'm a detective that works exclusively on online child abuse, I regularly
arrest people who have downloaded and/or distributed IIOC over Bittorrent.

The definition of IIOC is provided by the Home Office and split into three
categories. Ultimately it is decided by a jury although the categorisation is
rarely contested.

------
kodablah
Shameless plug (that I haven't had much time to work on lately), you can also
programmatically do similar in a few lines of Go:
[https://github.com/cretz/bine](https://github.com/cretz/bine)

------
ddtaylor
It's good to see Tor becoming more easily accessible to non-technical people.

------
Gys
Next thing we need is a search engine specifically for those websites, hosted
in the same way. Reinventing the internet all over again!

~~~
icebraining
There are a few already :)
[https://www.reddit.com/r/onions/](https://www.reddit.com/r/onions/) has some
.onion links on the sidebar to search engines.

They aren't decentralized, though; some people are running YaCy (a
decentralized search engine) over Tor to create a decentralized index of onion
sites: [http://wiki.yacy.net/index.php/En:YaCy-
Tor](http://wiki.yacy.net/index.php/En:YaCy-Tor)

------
jstrieb
Very cool! I created urlpages [0] as a proof-of-concept with a similar goal.
It is always interesting to read about how others try to solve the same
problem.

[0]:
[https://github.com/jstrieb/urlpages](https://github.com/jstrieb/urlpages)

------
blacksmith_tb
It's very elegant implementation, I wonder though if it's accurate to call it
"uncensorable" when there's a single point of failure? Given that searching or
seizing the machine hosting the site is still possible (even if that's just by
coincidence)? Obviously for the side of the aisle here who are thinking of
criminal uses, that's a feature not a bug, but for a dissident who is
disappeared that looks different...

------
birracerveza
To everyone saying "but this will be used for child porn!"... guess what else
is used for that? The internet.

Should we just ban the internet as a whole?

I understand the sentiment, but I hard disagree with it. Especially because
this tool (and similar to it) can be used for good, and might be necessary in
the future.

Try to see the glass half-full.

~~~
yters
But what is the need for Tor outside of illegal activity?

~~~
thecrash
The more illuminating question is "what is the need for anonymity outside of
illegal activity"?

One answer is that you might someday like to say something which some other
party would have a problem with.

We might say that if you truly believe in what you're saying, the principled
course would be to say your piece and let the other party be upset. But if the
other party has a lot of power (for example a parent, an employer, a
university, a government official, etc) they can threaten retribution for your
words. If the threat is serious enough, you will likely decide not to speak.

The ability to say things anonymously removes the threat of retribution. It
helps people speak who otherwise wouldn't, increasing the range of
perspectives and information the rest of us have access to. This doesn't mean
that it's beneficial in every single case, but on balance it's a social good -
in fact, it's a necessary component of a free society.

~~~
yters
Is that mostly what Tor is used for?

~~~
thecrash
It's pretty hard to evaluate. If you're asserting that Tor is used more for
criminal purposes than non-criminal purposes, I think you might be right. But
that would be a simplistic way to evaluate the impact of Tor (or really any
tool) on society.

------
DigitalVerse
Nice! I feel like this project is mirroring the development of the internet
itself. :D

------
wpietri
It would be nice to at least see some hazy consideration of the impact of
this. I know a probation officer for sex offenders and she tells me trying to
keep up with their technology use is a nightmare. I can only imagine how this
complicates her job.

That's not saying that on balance this shouldn't exist. There are of course
good uses of technology like this. But I'd at least like to see builders
grappling with that balance. Especially given recent prominent reporting
around this: [https://www.nytimes.com/interactive/2019/09/28/us/child-
sex-...](https://www.nytimes.com/interactive/2019/09/28/us/child-sex-
abuse.html)

~~~
newguy1234
Some people use cars to crash into large crowds of people on purpose. Should
automakers implement devices to make sure the cars can't be misused?

The reality is everything can be misused.

~~~
cj
Your analogy only works if it were possible to do that:

1) With a car without a VIN number / registration

2) With a car without a license plate

3) With no driver and no way to know who was controlling the car.

The point is, it’s not good to be able to commit serious crimes with zero risk
of punishment.

The issue at debate is whether the gain from the legitimate (legal) use cases
of technology like this outweigh the loss of making it easier for sex
offenders / drug traffickers to more easily subvert authority.

~~~
newguy1234
The police have other ways of catching people doing crime. We don't need to
give up all of our privacy and rights for them to do their job. If you think
having privacy or rights stops the police from catching criminals then you are
quite mistaken. If the police can catch el chapo and the rest of the drug
cartel bosses then any other criminal can be taken down regardless of the
technology they're using.

~~~
cj
I would agree with you if the debate were “should we abolish SSL so we can
MITM all internet traffic to catch more criminals?”

In that example, there is legitimate argument that SSL encrypted connections
to more good than harm (it makes logging into your online bank possible on
public Wifi, along with 1000’s of other examples like it).

But I’ve still yet to see a clear argument for absolute internet anonymity for
anything that would benefit the average person (yet, I can think of dozens of
ways it harms people).

It’s very likely that I’m just not aware of the legitimate (practical) use
cases of TOR.

~~~
enneff
> it makes logging into your online bank possible on public Wifi

It makes internet banking possible, period. Cleartext banking, in any public
Internet context, would be simply unworkable.

~~~
dependenttypes
I disagree, authentication is not tied to encryption at all.

------
companyhen
Sounds like [http://arweave.org](http://arweave.org)

~~~
penguinpalace
Definitely. OnionShare requires your own computer to be connected to the
interwebs - the data is only accessible while your OnionShare app is running.
With Arweave the hosting is taken care of (the data/website/etc is hosted on
the Weave). Plus, OnionShare sites are not verifiable/ reliable as they are a
website running on someone's computer. An Arweave site is timestamped and
unforgeable; it's also resilient (replicated on many nodes) and permanently
stored.

------
sealthedeal
So, I used to be on-board with these type of things, but now I dont understand
what the true purpose of an uncensorable website? It just seem like a place
for hate groups to unite and bad things to happen... I would love a different
perspective on this :)

~~~
DennisP
It's easy to feel that way in, say, the U.S., where only hate groups are
getting censored right now, and even that only by private companies. If you
think about a country like China, where for example it's hard to find anything
online saying a massacre at Tiananmen Square ever happened, then the purpose
of these things becomes more obvious.

The time to set up uncensorable communications is before you're being
censored. After, it's a lot harder to get traction.

~~~
idlewords
Websites that publish child sexual exploitation material are getting heavily
censored in the U.S. too. Think through what uncensorable implies.

~~~
jddj
This is a bit meta and for that I apologise, but it's kind of interesting that
the _" drug addicts, paedophiles and terrorists"_ rhetoric seems to have lost
almost all of its potency.

I found the reference to hate groups to be a much more effective argument, I
think purely because everybody is so used to the kids/drugs/terror angle being
overused and abused to chip away at liberties.

Surveillance-state dystopians take note.

~~~
joe-collins
Hate groups also seem to be much more abundant and visible. You don't see your
local pedophilia lobby getting involved in politics.

------
angel_j
If only it was this easy to publish a website from your home computer to the
web regular.

~~~
rohan1024
Yeah a small Raspberry Pi hosting the website at home is my dream

~~~
angel_j
The book I am reading, main character is named Rohan. #synchronicity

~~~
rohan1024
What book are you reading?

~~~
angel_j
It was "The Invincible" by Stanislaw Lem

------
aabbcc1241
How is it comapre to zeronet ?

~~~
icebraining
Zeronet is sites-over-bittorrent: you connect to people seeding the site,
download it, and then you also become a seeder for other people. By default
everyone can tell you (that is, your public IP) are serving a particular site,
but you can use Tor to make it much harder to find out what is your IP.

OnionShare is just a regular webserver (every visitor accesses the site by
connecting to a single machine: yours), but it automatically only serves it
behind Tor, for the same reasons as above.

The advantage of this seems to be mostly simplicity (both in implementation
and in setting Tor and such up) and possibly speed of first download for
lightly used sites.

The advantage of Zeronet is that more people can serve the site, even if the
original machine is offline or overwhelmed.

------
dang
Url changed from [https://blog.torproject.org/new-version-onionshare-makes-
it-...](https://blog.torproject.org/new-version-onionshare-makes-it-easy-
anyone-publish-anonymous-uncensorable-websites-0), which points to this.

------
tunnuz
Amazing!

------
t0mbstone
very cool!

------
peterashford
I've been in tech my whole life. I really enjoy technology, I'm pleased with
the career I chose. But man am I tired of technologists "moving fast and
breaking things" without any concern whether those things being broken might
be better left whole. Just because you can smash social norms, doesn't mean
you should.

~~~
luckylion
The social norm that is "privacy is bad"?

~~~
peterashford
Privacy for pedophiles is bad. Privacy for terrorists is bad. Privacy for
illegal acts is often bad (this is entirely the point of whistle-blower
legislation, after all)

~~~
luckylion
Sure, sure, my basic assumption is that you can't have _privacy_ for certain
acts only. If the idea is that somebody watches and completely ignores all
legal behavior but steps in when they witness illegal behavior, that's not
privacy, it's something else.

Privacy means that nobody watches, so if you want to build tools for privacy,
you'll always end up _also_ enabling people to use them for illegal things. We
(as Western societies) have mostly decided that general privacy is so valuable
to citizens that we accept the collateral damage of crime being possible. I've
not heard a lot of arguments against privacy in general, the arguments tend to
be "I don't need privacy in this particular part of life, so it better be
removed".

