Delivery-Date: Wed, 13 Jan 2016 17:19:42 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 31D311E0AD7;
	Wed, 13 Jan 2016 17:19:41 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5787D21450;
	Wed, 13 Jan 2016 22:19:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 754DC2140E
 for <tor-talk@lists.torproject.org>; Wed, 13 Jan 2016 22:19:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id qbYQ1lMuJLDJ for <tor-talk@lists.torproject.org>;
 Wed, 13 Jan 2016 22:19:32 +0000 (UTC)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com
 [IPv6:2a00:1450:400c:c09::22e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 329FD20429
 for <tor-talk@lists.torproject.org>; Wed, 13 Jan 2016 22:19:29 +0000 (UTC)
Received: by mail-wm0-x22e.google.com with SMTP id f206so394480329wmf.0
 for <tor-talk@lists.torproject.org>; Wed, 13 Jan 2016 14:19:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tig.as; s=gmail2;
 h=from:subject:openpgp:to:message-id:date:mime-version:content-type
 :content-transfer-encoding;
 bh=HEjsD4Dhgakt9WOlgUvW/hTnNRyTD5Z6ppZNsZ+Xmmo=;
 b=phF22eALiszNDqsL21rhuEIyzvPngT2+zJ8NZD5YojnMcvgsNUNxvpBstCMqFIBIcL
 w20RSuIPlrvRJPjPweN1PIYuNy3NS6ipAb9L5hsYbxtBBRcuYnTxXkrXsH5jUKod9+mU
 xUdGYK2ivkP68QbNx7MR2HALxqgVKrUxqaHtY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:subject:openpgp:to:message-id:date
 :mime-version:content-type:content-transfer-encoding;
 bh=HEjsD4Dhgakt9WOlgUvW/hTnNRyTD5Z6ppZNsZ+Xmmo=;
 b=Q+VjC9QAbIARY6mHxpYh0RuRuVs2SltUzbwEmHsIDJpqAIKeXf5m6bkwcAyjHsCuQ+
 ArK8D8opoOLnEfdWOBoT4dqV8T4VZphTvrL3MqICsy+HV+aYsVVGumsvGAZAFzYXx0rY
 PrC1J0Yj5mBzqekj9s+8NNtY3d8R7FO/kQ/ujI7hEqaoCwZAJyHl33k5eCe/1ps1UFlY
 qWhE1djDmMWa9tLs3043lTRj1EtMWq1KOSUITldbY6aRxiy5szDH4vIheyPHoBPz1j54
 XmRwOkqz54CSUCKhAOzpwgHP+FffHDu5aQ7Gmm+7mJS7Kh9IsGEJ4673+bze+PdPKL73
 8wvQ==
X-Gm-Message-State: ALoCoQkSmJM39snfFwSXK8J6VjHWsf5AlXVN0g/e2OlKzMggOVpKrhFRY6VgC4raohahfbHYSJVu3jQ3LRq56XRLrP0CmOIHVQ==
X-Received: by 10.28.8.142 with SMTP id 136mr1302027wmi.54.1452723566298;
 Wed, 13 Jan 2016 14:19:26 -0800 (PST)
Received: from 127.0.0.1 (chomsky.torservers.net. [77.247.181.162])
 by smtp.gmail.com with ESMTPSA id ha9sm3284368wjc.3.2016.01.13.14.19.24
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Wed, 13 Jan 2016 14:19:25 -0800 (PST)
From: Mike Tigas <mike@tig.as>
Openpgp: id=4034E60AA7827C5DF21A89AAA993E7156E0E9923;
 url=https://mike.tig.as/pubkey_6E0E9923.txt
X-Enigmail-Draft-Status: N1100
To: tor-talk@lists.torproject.org
Message-ID: <5696CD6B.7040403@tig.as>
Date: Wed, 13 Jan 2016 17:19:23 -0500
MIME-Version: 1.0
Subject: [tor-talk] =?utf-8?q?ProPublica=E2=80=99s_Tor_hidden_service?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hey folks,

Last week, you may have seen a story making the rounds that ProPublica
(the investigative news outlet I'm at) launched "the Dark Web's First
Major News Site"[1]. (Wired's words, not mine.)

In short, I've set up an onion service way of accessing the content on
our clearnet site: propub3r6espa33w.onion. We're doing this
experimentally because we write a lot about things like privacy and
surveillance[2], and we have projects where folks search for somewhat
personal information like their doctor (so they can see if said doctor
has ever received money from drug companies[3] & things like that). And
also because I thought it'd be a fulfilling thing to try in between
other projects here. (If you wonder why a news dev would find this sort
of thing fulfilling, I am also "that guy" who created Onion Browser[4]
for iOS a few years ago.)

We've heard from my nerd counterparts at other news orgs, asking how we
put it together and etc. Since we like sharing and open-sourcing a lot
of the things we work on, I've written a fairly thorough piece about our
onion site, how to set one up, and our own configuration:

https://www.propublica.org/nerds/item/a-more-secure-and-anonymous-propublica-using-tor-hidden-services

It covers a lot of ground -- the terminology, pointing out non-www
services like Ricochet, comparing clearnet-over-Tor with onion services,
subdomains for onion sites, vanity onion names and whether they're a bad
idea, etc. I've tried to write it as accessibly as possible at first,
descending into more technical detail as you read on.

I'm still worried that I may have missed some best practices or that I
may have left something dangerous in or otherwise mis-configured
something in that post, so please do let me know if you see anything
like that.

Appreciate any feedback y'all might have. Judging from the responses
I've already received, our use of this service and sharing this work has
already spurred some new, constructive conversations around onion sites
and the role of tools like Tor in the media.

Best,

Mike Tigas
News Applications Developer, ProPublica
https://www.propublica.org/
@mtigas | https://mike.tig.as/ | 0x6E0E9923


[1]:
http://www.wired.com/2016/01/propublica-launches-the-dark-webs-first-major-news-site/
[2]: https://www.propublica.org/series/dragnets
[3]: https://projects.propublica.org/docdollars/
[4]: https://mike.tig.as/onionbrowser/
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJWls1nAAoJEGQdTjqn+ftyTv4IANwQL0TiMeGwbhRYLRIgfiIE
5xs3tFcyYdpogIBRoRbvdhDZjRWqRh6CcTV2PggVcgzWO3nZCKISJSp9DAO4Hdd9
vrxWO51zG8DTFR1zBB7hH3SzQRrG91fJnNCCwkdnv/AYdIcDaYk+yZdVL2femRkC
rbTf+gJsp4JcVTzyXS8M4QY2Ang3eA/devXhyPY0Pi7WJ3G8wDEKKjDYPupX94x8
dmTq11HTOnBNAFiNmO5BDSggOTOrseO/DmN8ryrfrN2Tl/37DPh7OQlFDKnUkRYX
moXWLcIALbXurA5bSJMDDdnsoupozMStjRbRjwfIDlRL5iS3+7lKQrxxuTrRzUw=
=89+e
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

