/t/ - Technology

Discussion of Technology

Index Catalog Archive Bottom Refresh
Options
Subject
Message

Max message length: 12000

files

Max file size: 32.00 MB

Total max file size: 50.00 MB

Max files: 5

Supported file types: GIF, JPG, PNG, WebM, OGG, and more

E-mail
Password

(used to delete files and posts)

Misc

Remember to follow the Rules

The backup domains are located at 8chan.se and 8chan.cc. TOR access can be found here, or you can access the TOR portal from the clearnet at Redchannit 3.0.

Uncommon Time Winter Stream

Interboard /christmas/ Event has Begun!
Come celebrate Christmas with us here


8chan.moe is a hobby project with no affiliation whatsoever to the administration of any other "8chan" site, past or present.

You may also be interested in: AI

(93.97 KB 1920x1080 wp8514622.jpg)

How to create TOR websites Anonymous 12/04/2024 (Wed) 02:13:09 No. 16698
I've always been curious as to know how do people get to setup their websites on TOR and assign the .onion domain. The questions are: 1- How do people assign specific name in their supposedly random name in their website name (Check duckduckgo onion website address or protonmail or even Facebook and you'll always see their names as the first thing in their address, followed by some random characters instead of the usual one like 8chan.moe on .onion) 2- Do you necessary have to have a website on the clearnet, before assigning it to the dark web? If so, then how do people upload CP on a dark web website without any of the materials gets tracked to its original clear net IP address servers? 3- What's with the hate about Javascript and how dangerous can it exactly be to someone who uses TOR? I know that these type of questions you'd expect from a newfag, but I just decided to ask, instead of just blindly following whatever is being told. It is allowed to paste copypasta or any external materials to answer this thread here.
>>16698 1)Brute force. The .onion address must be random, because generating it is a part of the mechanism ensuring that no outsider can interfere in the site's workings. It is however possible, at the work of significant computational work, to generate a lot of such addresses until you get a few symbols at where you want them. A large organization can do that, especially since it's only done once and the address is then kept indefinitely (domain changes do happen, of course). Meanwhile picking the entire address string is not possible, or at least assumed to be so: being able to do that is in the same category as being able to break encryption of any other things, like banking systems. 2)No. You can create an .onion domain with no mirror in the clearnet. The next problem then is informing others of the address without that message being tied to you. This is why Tor has multiple sites that list .onion domains, and then sites that list those sites (since individual onions often do not enjoy 100% uptime). 3)The danger is real, the extent of it incredibly unspecified. There are specific research cases on using it to extract some information about individual users, but also similar research exists that uses pure HTML5 and so on. The danger is always the danger of being identified, but how dangerous JS specifically is, is a matter of debate with little in the way of clear answers. With that in mind, do consider what identification is: from the viewpoint of whoever tries to identify you, it is a matter of reducing the list of possibilities and concentrating their estimated probability on a single one. Information is measured in bits (as seen on any anonymity testing website): when working with binary possibilities (that is, either possible or not possible) cutting the list of possibilities in half means adding one bit of identifying information. When possibilities are assigned probabilities, the formula is more convoluted, and I'm not here to write a primer on information theory. Now, JS (and, say, HTML5) can be used to give more identifying information. Tor hides your IP, which often identifies you down to a single person or single PC, and Tor also hides some other pretty specific information, but many facts could be guessed about you from other data. For example, imagine that your browser has its time zone set to UTC+26:00, a time zone used exclusively by one Pacific island state because they do not want to have a full day of time difference between theit islands. There are probably very few browsers on the whole web with this time zone. A JS instruction sending your time zone to whichever data collecting group can be pretty identifying in this case, narrowing the question of who you are down to a very short list (the term is "anonymity set"). A browser has a lot of adjustable parameters, and a combination of enough of them can easily go all the way down to singling out exactly one person. Unless, of course, the browser is specifically designed to be used with almost entirely the same set of parameters (like Tor Browser is), and you do not change them. And that's still not all. A big thing in the "use JS to identify users" research is tracking your keyboard and mouse usage. Statistics on your pauses between keypresses seems to be quite damningly identifying if collected is large enough quantities. Same with mousestrokes. I do not know enough about research on these to give you an account, but it worries people whose opinion I do value, and so on and so forth. One additional notion to mention is pseudonimity. This is when a group collecting visitor data over many different sites (what both Google and Cloudflare do) can can be reasonably sure in stating that several visits, on maybe different sites and at maybe different times, are all done by the same person, by comparing browser data, other identifying data, and even browsing habits, without being able to out a name and a face to the visitor, besides "unknown user #1488". Tor can hide your identity, but your data, behavior, and writing style can still make you pseudo-identifiable to people, to data collection algorithms, and now to still-experimental setups using AI to analyze users. God know imageboards have enough "anons" easily recognizable by other board or thread regulars.


Forms
Delete
Report
Quick Reply