DuckDuckGo operate a tor hidden service to help protect their user’s privacy, this allows tor users to access the service without their data transiting the public internet and would have helped with the recent openssl bug.
Could NewsBlur provide such a service? It’s quite straightforward to setup on the small scale, I can’t comment as to how it operates on the large though.
reference: http://www.gabrielweinberg.com/blog/2…
I actually do already, it’s just not well publicized. Also, I seem to have lost the address and can’t remember which server it’s on. So, I guess I don’t really. Is there any more interest in this? I could start generating my onion address, which at 8 customer characters (I want it to start with newsblur*.onion), it’ll take 25 days to generate.
If the 25 days number is from Shallot, note that they benchmarked on a 1.5GHz core. There’s some interesting discussion on custom links here: https://security.stackexchange.com/qu…
If newsblur is accessed over TLS over Tor then there’s less of a need to have a custom string. The end user can accept the cert for the .onion address even though it’s only valid for the .com address - but I think users of this sort would understand that.
Thanks for the reply.
Tor was affected by Heartbleed too:
Tor hidden services might leak their long-term hidden service identity keys to their guard relays. Like the last big OpenSSL bug, this shouldn’t allow an attacker to identify the location of the hidden service, but an attacker who knows the hidden service identity key can impersonate the hidden service.
Impersonation seems like the more relevant threat in this instance (NewsBlur’s location is hardly secret), so I’m not sure how much it would really have helped. PFS might have helped more.
Would be interested in this feature.
I’m not clear, do you offer this service or not? If not, would you reconsider? If so, please provide the address. Thank you.