SlideShare a Scribd company logo

Setting-up a .Onion address for your Website, v1.5

A
Alec Muffett

Setting up an .onion address allows websites to be accessed through the Tor network in order to provide greater privacy, security, and accessibility for users. There are several options for serving content on .onion addresses, including creating a dedicated onion site, configuring content management systems to be onion-aware, or installing an onion shim to rewrite requests and responses between a normal website and its onion domain. Considerations for onionifying a website include certifications, content leakage prevention, and whether to restrict certain features like payments over Tor.

Technology
1 of 20
Download to read offline
setting up a .onion address …for your website v1.5 - @alecmuffett 2017
why .onion? • you have an audience, or you have a community • for some, ability to access content is hampered • for some, risk of fake websites, credential theft,
 or political repercussions for accessing content • for some, privacy, assurance & trust is paramount
how does onion help? • greater assurance • facebookcorewwwi.onion => genuine facebook • greater availability • .onion => hard to block, hard to monitor • fewer digital footprints • people using onions are perforce using tor browser • tor browser is generally better at data "hygiene"
mobile ux? yes! • mac / win / linux • tor browser (integrated) • android • orbot (tor) + orfox (browser) • ios • onion browser • other ios in progress
so: what is .onion? top level domain name for the "onion" namespace
what is a namespace? • namespace is "an address & what it means/looks like" • ipv4 addresses look like: 192.168.1.1 • ipv6 addresses look like: fe80::226:21ff:fed8:fbc2 • dns addresses look like: www.foo.com • onion addresses look like: ylzpg2givhwizoep.onion
how do addresses work? • all these addresses can be typed into a web browser: • http://192.168.1.1/- ipv4, supported everywhere • http://[fe80::226:21ff:fed8:fbc2]/ - ipv6, variable • http://www.foo.com/ - dns, supported everywhere • http://ylzpu2givhwizoep.onion/ - needs tor browser • …they all connect you to a remote computer
how is .onion unusual? • "under the bonnet", an onion is a raw network address • …just like 192.168.1.1 or fe80::226:21ff:fed8:fbc2 • but: it is formatted like a traditional dns domain name • ".onion" looks like ".com" or ".co.uk" • this means browsers treat the addresses equitably • including subdomains: www.facebookcorewwwi.onion
wait, subdomains on
 a network address? • yes! this would never work with ipv4 … • www.192.168.1.1 would not mean anything sensible • but www.facebookcorewwwi.onion is meaningful to HTTP • …still means facebookcorewwwi.onion • …the "www…" bit is transported in the Host: header • thus: standard HTTP/HTML/browser behaviour
how do you
 choose addresses? • ipv4 addresses: you take what you are given (mostly) • ipv6 addresses: ditto • dns addresses: you choose a name, & register it • …unless someone beats you to it… • onion addresses: you "mine" one, a little like bitcoin • more mining => "better quality" address
how to serve .onion? several options: 1. set up a dedicated website with duplicate content • e.g.: various dedicated onion sites 2. make your CMS aware of ".onion" domain/traffic • e.g.: facebook 3. install an onion shim • e.g.: propublica, new york times
1. dedicated server • hypothetical: you have a separate web server, and it… • is configured to know about its onion address • serves duplicate content where necessary • essentially runs as a standalone service
2. onion-aware CMS • hypothetical: you have a web server, and it… • serves content to .com, .co.uk, .za, .in, … • distinct content for each domain / different URLs • why not just add yet another domain name? • tag all requests arriving from your .onion • ensure that such tagged requests are properly responded-to, citing your onion address(es)
3. onion shim • hypothetical: you have a web server, and it… • primarily serves content as (say) nytimes.com • install a shim between it and tor • which bidirectionally rewrites requests & responses • nytimes.com <=> nytimes3xbfgragh.onion • via custom engineering, or Enterprise Onion Toolkit
 (free, libre, open-source toolkit for enterprise onions)
summary
 (or: blend these together...) 1. dedicated onion site • rare, use-case dependent 2. onion-aware CMS • excellent for primarily-dynamically-generated content • modest engineering, ongoing commitment, can be 100% solution 3. onion shim • onionifies all content, including static or static/dynamic mix • minimal/zero engineering, some edge cases, 95..99%+ solution
notes • don't forget to onionify your CDN where possible • try to avoid content-leakage between domains • accidentally wandering-off to the .com site • e.g. OAuth redirects • use horizontal load-balancing for backend scale • free solution (onionbalance) exists • onions (even via rewriting) are astonishingly efficient
finally • you will almost certainly need to buy a special HTTPS cert • cost: probably from mid $$$ to low $$$$ • plus associated paperwork & faff • if you take payments / subscriptions? • you may want to restrict access to payments over tor? • chiefly because payment providers sometimes block tor, and this can lead to poor user experiences…
summary • this is an evolving environment! • provide additional access, security & safety opportunities for your audiences & communities! • cutting-edge experimental fun!

Recommended

Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEFMichele Orru
 
I'm the butcher would you like some BeEF
I'm the butcher would you like some BeEFI'm the butcher would you like some BeEF
I'm the butcher would you like some BeEFMichele Orru
 
Dark Fairytales from a Phisherman
Dark Fairytales from a PhishermanDark Fairytales from a Phisherman
Dark Fairytales from a PhishermanMichele Orru
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Michele Orru
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Michele Orru
 
Practical Phishing Automation with PhishLulz - KiwiCon X
Practical Phishing Automation with PhishLulz - KiwiCon XPractical Phishing Automation with PhishLulz - KiwiCon X
Practical Phishing Automation with PhishLulz - KiwiCon XMichele Orru
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Alec Muffett
 
Why and How to use Onion Networking - #EMFCamp2018
Why and How to use Onion Networking - #EMFCamp2018Why and How to use Onion Networking - #EMFCamp2018
Why and How to use Onion Networking - #EMFCamp2018Alec Muffett
 

Recommended

Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEF
Rooting Your Internals: Inter-Protocol Exploitation, custom shellcode and BeEFMichele Orru
 
I'm the butcher would you like some BeEF
I'm the butcher would you like some BeEFI'm the butcher would you like some BeEF
I'm the butcher would you like some BeEFMichele Orru
 
Dark Fairytales from a Phisherman
Dark Fairytales from a PhishermanDark Fairytales from a Phisherman
Dark Fairytales from a PhishermanMichele Orru
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Michele Orru
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Michele Orru
 
Practical Phishing Automation with PhishLulz - KiwiCon X
Practical Phishing Automation with PhishLulz - KiwiCon XPractical Phishing Automation with PhishLulz - KiwiCon X
Practical Phishing Automation with PhishLulz - KiwiCon XMichele Orru
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Alec Muffett
 
Why and How to use Onion Networking - #EMFCamp2018
Why and How to use Onion Networking - #EMFCamp2018Why and How to use Onion Networking - #EMFCamp2018
Why and How to use Onion Networking - #EMFCamp2018Alec Muffett
 
Web design - How the Web works?
Web design - How the Web works?Web design - How the Web works?
Web design - How the Web works?Mustafa Kamel Mohammadi
 
Wp 3hr-course
Wp 3hr-courseWp 3hr-course
Wp 3hr-courseRich Webster
 
But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?gagravarr
 
Geek basics
Geek basicsGeek basics
Geek basicskdmcBerkeley at UC Berkeley
 
Domino testing presentation
Domino testing presentationDomino testing presentation
Domino testing presentationAri Elias-Bachrach
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?But We're Already Open Source! Why Would I Want To Bring My Code To Apache?
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?gagravarr
 
LecWeek2 lecture-whatiswebdesign-part2
LecWeek2 lecture-whatiswebdesign-part2LecWeek2 lecture-whatiswebdesign-part2
LecWeek2 lecture-whatiswebdesign-part2Katherine McCurdy-Lapierre, R.G.D.
 
Domain racer web-hosting
Domain racer web-hostingDomain racer web-hosting
Domain racer web-hostingimrose khan
 
WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...
WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...
WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...venkata ravi kanth pokala
 
Recon like a pro
Recon like a proRecon like a pro
Recon like a proNirmalthapa24
 
CNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsCNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsSam Bowne
 
Gopher & Search Engines.pptx
Gopher & Search Engines.pptxGopher & Search Engines.pptx
Gopher & Search Engines.pptxApurvSingh65
 
WordPress Solutions for Startups
WordPress Solutions for StartupsWordPress Solutions for Startups
WordPress Solutions for StartupsHafiz Rahman
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 
WordPress Hosting Basics
WordPress Hosting BasicsWordPress Hosting Basics
WordPress Hosting BasicsChris Burgess
 
How to get started in Open Source!
How to get started in Open Source!How to get started in Open Source!
How to get started in Open Source!Pradeep Singh
 
Winning the Big Data SPAM Challenge__HadoopSummit2010
Winning the Big Data SPAM Challenge__HadoopSummit2010Winning the Big Data SPAM Challenge__HadoopSummit2010
Winning the Big Data SPAM Challenge__HadoopSummit2010Yahoo Developer Network
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesBrent Shaffer
 
The Dev-Admin Chimera: Customising Connections (with Gab Davis)
The Dev-Admin Chimera: Customising Connections (with Gab Davis)The Dev-Admin Chimera: Customising Connections (with Gab Davis)
The Dev-Admin Chimera: Customising Connections (with Gab Davis)Mark Myers
 
How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2Alec Muffett
 
Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3Alec Muffett
 

More Related Content

Similar to Setting-up a .Onion address for your Website, v1.5

But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?gagravarr
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchainjasonhaddix
 
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?But We're Already Open Source! Why Would I Want To Bring My Code To Apache?
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?gagravarr
 
Domain racer web-hosting
Domain racer web-hostingDomain racer web-hosting
Domain racer web-hostingimrose khan
 
WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...
WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...
WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...venkata ravi kanth pokala
 
CNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsCNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsSam Bowne
 
Gopher & Search Engines.pptx
Gopher & Search Engines.pptxGopher & Search Engines.pptx
Gopher & Search Engines.pptxApurvSingh65
 
WordPress Solutions for Startups
WordPress Solutions for StartupsWordPress Solutions for Startups
WordPress Solutions for StartupsHafiz Rahman
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 
WordPress Hosting Basics
WordPress Hosting BasicsWordPress Hosting Basics
WordPress Hosting BasicsChris Burgess
 
How to get started in Open Source!
How to get started in Open Source!How to get started in Open Source!
How to get started in Open Source!Pradeep Singh
 
Winning the Big Data SPAM Challenge__HadoopSummit2010
Winning the Big Data SPAM Challenge__HadoopSummit2010Winning the Big Data SPAM Challenge__HadoopSummit2010
Winning the Big Data SPAM Challenge__HadoopSummit2010Yahoo Developer Network
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesBrent Shaffer
 
The Dev-Admin Chimera: Customising Connections (with Gab Davis)
The Dev-Admin Chimera: Customising Connections (with Gab Davis)The Dev-Admin Chimera: Customising Connections (with Gab Davis)
The Dev-Admin Chimera: Customising Connections (with Gab Davis)Mark Myers
 

Similar to Setting-up a .Onion address for your Website, v1.5 (20)

Web design - How the Web works?
Web design - How the Web works?Web design - How the Web works?
Web design - How the Web works?
 
Wp 3hr-course
Wp 3hr-courseWp 3hr-course
Wp 3hr-course
 
But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?But we're already open source! Why would I want to bring my code to Apache?
But we're already open source! Why would I want to bring my code to Apache?
 
Geek basics
Geek basicsGeek basics
Geek basics
 
Domino testing presentation
Domino testing presentationDomino testing presentation
Domino testing presentation
 
The Web Application Hackers Toolchain
The Web Application Hackers ToolchainThe Web Application Hackers Toolchain
The Web Application Hackers Toolchain
 
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?But We're Already Open Source! Why Would I Want To Bring My Code To Apache?
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?
 
LecWeek2 lecture-whatiswebdesign-part2
LecWeek2 lecture-whatiswebdesign-part2LecWeek2 lecture-whatiswebdesign-part2
LecWeek2 lecture-whatiswebdesign-part2
 
Domain racer web-hosting
Domain racer web-hostingDomain racer web-hosting
Domain racer web-hosting
 
WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...
WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...
WORKSHOP ON OWN WEBSITE LAUNCHING On March, 11th Sunday 2018 Morning 10 A.M ...
 
Recon like a pro
Recon like a proRecon like a pro
Recon like a pro
 
CNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsCNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating Applications
 
Gopher & Search Engines.pptx
Gopher & Search Engines.pptxGopher & Search Engines.pptx
Gopher & Search Engines.pptx
 
WordPress Solutions for Startups
WordPress Solutions for StartupsWordPress Solutions for Startups
WordPress Solutions for Startups
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 
WordPress Hosting Basics
WordPress Hosting BasicsWordPress Hosting Basics
WordPress Hosting Basics
 
How to get started in Open Source!
How to get started in Open Source!How to get started in Open Source!
How to get started in Open Source!
 
Winning the Big Data SPAM Challenge__HadoopSummit2010
Winning the Big Data SPAM Challenge__HadoopSummit2010Winning the Big Data SPAM Challenge__HadoopSummit2010
Winning the Big Data SPAM Challenge__HadoopSummit2010
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our Lives
 
The Dev-Admin Chimera: Customising Connections (with Gab Davis)
The Dev-Admin Chimera: Customising Connections (with Gab Davis)The Dev-Admin Chimera: Customising Connections (with Gab Davis)
The Dev-Admin Chimera: Customising Connections (with Gab Davis)
 

More from Alec Muffett

How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2Alec Muffett
 
Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3Alec Muffett
 
You and Your Phone are Huge Threats to the Net
You and Your Phone are Huge Threats to the NetYou and Your Phone are Huge Threats to the Net
You and Your Phone are Huge Threats to the NetAlec Muffett
 
Sex, Lies and Instant Messenger v2
Sex, Lies and Instant Messenger v2Sex, Lies and Instant Messenger v2
Sex, Lies and Instant Messenger v2Alec Muffett
 
How To Think Clearly About Cybersecurity v1
How To Think Clearly About Cybersecurity v1How To Think Clearly About Cybersecurity v1
How To Think Clearly About Cybersecurity v1Alec Muffett
 
Sex, Lies and Instant Messenger v1
Sex, Lies and Instant Messenger v1Sex, Lies and Instant Messenger v1
Sex, Lies and Instant Messenger v1Alec Muffett
 

More from Alec Muffett (6)

How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2How To Think Clearly About Cybersecurity v2
How To Think Clearly About Cybersecurity v2
 
Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3Sex, Lies & Instant Messenger v3
Sex, Lies & Instant Messenger v3
 
You and Your Phone are Huge Threats to the Net
You and Your Phone are Huge Threats to the NetYou and Your Phone are Huge Threats to the Net
You and Your Phone are Huge Threats to the Net
 
Sex, Lies and Instant Messenger v2
Sex, Lies and Instant Messenger v2Sex, Lies and Instant Messenger v2
Sex, Lies and Instant Messenger v2
 
How To Think Clearly About Cybersecurity v1
How To Think Clearly About Cybersecurity v1How To Think Clearly About Cybersecurity v1
How To Think Clearly About Cybersecurity v1
 
Sex, Lies and Instant Messenger v1
Sex, Lies and Instant Messenger v1Sex, Lies and Instant Messenger v1
Sex, Lies and Instant Messenger v1
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Setting-up a .Onion address for your Website, v1.5

  • 1. setting up a .onion address …for your website v1.5 - @alecmuffett 2017
  • 2. why .onion? • you have an audience, or you have a community • for some, ability to access content is hampered • for some, risk of fake websites, credential theft,
 or political repercussions for accessing content • for some, privacy, assurance & trust is paramount
  • 3. how does onion help? • greater assurance • facebookcorewwwi.onion => genuine facebook • greater availability • .onion => hard to block, hard to monitor • fewer digital footprints • people using onions are perforce using tor browser • tor browser is generally better at data "hygiene"
  • 4.
  • 5. mobile ux? yes! • mac / win / linux • tor browser (integrated) • android • orbot (tor) + orfox (browser) • ios • onion browser • other ios in progress
  • 6.
  • 7. so: what is .onion? top level domain name for the "onion" namespace
  • 8. what is a namespace? • namespace is "an address & what it means/looks like" • ipv4 addresses look like: 192.168.1.1 • ipv6 addresses look like: fe80::226:21ff:fed8:fbc2 • dns addresses look like: www.foo.com • onion addresses look like: ylzpg2givhwizoep.onion
  • 9. how do addresses work? • all these addresses can be typed into a web browser: • http://192.168.1.1/- ipv4, supported everywhere • http://[fe80::226:21ff:fed8:fbc2]/ - ipv6, variable • http://www.foo.com/ - dns, supported everywhere • http://ylzpu2givhwizoep.onion/ - needs tor browser • …they all connect you to a remote computer
  • 10. how is .onion unusual? • "under the bonnet", an onion is a raw network address • …just like 192.168.1.1 or fe80::226:21ff:fed8:fbc2 • but: it is formatted like a traditional dns domain name • ".onion" looks like ".com" or ".co.uk" • this means browsers treat the addresses equitably • including subdomains: www.facebookcorewwwi.onion
  • 11. wait, subdomains on
 a network address? • yes! this would never work with ipv4 … • www.192.168.1.1 would not mean anything sensible • but www.facebookcorewwwi.onion is meaningful to HTTP • …still means facebookcorewwwi.onion • …the "www…" bit is transported in the Host: header • thus: standard HTTP/HTML/browser behaviour
  • 12. how do you
 choose addresses? • ipv4 addresses: you take what you are given (mostly) • ipv6 addresses: ditto • dns addresses: you choose a name, & register it • …unless someone beats you to it… • onion addresses: you "mine" one, a little like bitcoin • more mining => "better quality" address
  • 13. how to serve .onion? several options: 1. set up a dedicated website with duplicate content • e.g.: various dedicated onion sites 2. make your CMS aware of ".onion" domain/traffic • e.g.: facebook 3. install an onion shim • e.g.: propublica, new york times
  • 14. 1. dedicated server • hypothetical: you have a separate web server, and it… • is configured to know about its onion address • serves duplicate content where necessary • essentially runs as a standalone service
  • 15. 2. onion-aware CMS • hypothetical: you have a web server, and it… • serves content to .com, .co.uk, .za, .in, … • distinct content for each domain / different URLs • why not just add yet another domain name? • tag all requests arriving from your .onion • ensure that such tagged requests are properly responded-to, citing your onion address(es)
  • 16. 3. onion shim • hypothetical: you have a web server, and it… • primarily serves content as (say) nytimes.com • install a shim between it and tor • which bidirectionally rewrites requests & responses • nytimes.com <=> nytimes3xbfgragh.onion • via custom engineering, or Enterprise Onion Toolkit
 (free, libre, open-source toolkit for enterprise onions)
  • 17. summary
 (or: blend these together...) 1. dedicated onion site • rare, use-case dependent 2. onion-aware CMS • excellent for primarily-dynamically-generated content • modest engineering, ongoing commitment, can be 100% solution 3. onion shim • onionifies all content, including static or static/dynamic mix • minimal/zero engineering, some edge cases, 95..99%+ solution
  • 18. notes • don't forget to onionify your CDN where possible • try to avoid content-leakage between domains • accidentally wandering-off to the .com site • e.g. OAuth redirects • use horizontal load-balancing for backend scale • free solution (onionbalance) exists • onions (even via rewriting) are astonishingly efficient
  • 19. finally • you will almost certainly need to buy a special HTTPS cert • cost: probably from mid $$$ to low $$$$ • plus associated paperwork & faff • if you take payments / subscriptions? • you may want to restrict access to payments over tor? • chiefly because payment providers sometimes block tor, and this can lead to poor user experiences…
  • 20. summary • this is an evolving environment! • provide additional access, security & safety opportunities for your audiences & communities! • cutting-edge experimental fun!