Added Protection For Tor’s .onion Addresses

torlogo

The .onion domain used for sites accessed via Tor has been officially recognized as a top level domain. Rather counter-intuitively, the move is designed to give .onion sites special treatment for added protection.

Until now, the presence of .onion in a website address wasn’t officially recognized as a traditional domain and instead was designed solely for Tor-enabled browsers to find the relevant server on the Tor network. That involves a lengthy series of relays designed to obscure the link between the visitor and the site, thus making anonymity much more likely.

The main drawback was that this only worked as designed as long as browsers or other apps knew how to process a .onion address. If they didn’t, or there was a mistake in the set-up, there was a risk that the software would contact a public DNS server to try to translate the site address into an IP address

A third party could thus fairly easily figure out when a specific person was trying to access a Tor-based site. While this wouldn’t necessarily reveal the details of any communication, it could be enough to draw attention to the user’s desire to access “secret” sites and undermine the whole point of Tor.

IANA, the international group that takes care of the technical side of Internet technologies such as DNS, has now agreed to treat .onion as a “special case” domain name. That means that all software and organizations following internet protocols must treat it differently compared to normal domains, with safeguards throughout the process including the following:

  • Applications which can use Tor must do so when processing a domain name.
  • Applications which can’t use Tor must return an error message for .onion rather than run a DNS lookup.
  • DNS servers must be configured so that they  process .onion addresses through the Tor protocol if technically possible and otherwise return the NXDOMAIN error message.
  • DNS registries are not allowed to register names ending in .onion.

Meanwhile the Internet Engineering Task Force has approved a range of changes to technical standards that will further prevent software from mistakenly “going public” with .onion lookups.


Free eBook: Real-World Time Management (A $12.00 Value)

time

Today, we’ve got another free ebook for you guys: Real-World Time Management (A $12.00 Value!)

An indispensable plan for creating more time and less stress in your life.

Most of us dream about having a few extra hours in our day for taking care of business, relaxing, or engaging in the activities we most enjoy. But how can we make the most of our time when it seems as though there aren’t enough hours in the day? This instructive guide to time management is full of tips, techniques, and commonsense advice that will make anyone more productive.

[Free eBook: Real-World Time Management (A $12.00 Value)]

‘Dark Souls III’ Statue Looks In-Game (And It’s Real Life)

statue

So this statue that is an ode to Dark Souls III actually looks like it was captured using in-game footage. Thing is, this is actually a statue. Badass, huh?

I wonder how many times they had to die while making it just to get it right. (<Best Dark Souls joke ever).

(Imgur)

Tags: , , , , , , ,