WingNews logo WingNews GitHub [2]
top | item 21343241

BBC News launches 'dark web' Tor mirror

765 points| worldofmatthew | 6 years ago |bbc.co.uk

288 comments

order
[+] andrewaylett|6 years ago|reply
I know there are good reasons why it's not fully secure, but I'd really like to be able to access `.onion` addresses in my regular browser over TOR and everything else directly as usual. In _this_ I'm not over-worried about the risk of deanonymisation as my aim is on one hand access to resources I don't have access to now and on the other hand legitimisation of TOR as something that anyone could reasonably use, even (or especially!) if they have "nothing to hide".
[+] throwaway8491|6 years ago|reply
Some of BBC News' .onion neighbors are forced to constantly rotate their URLs to evade DDoS attacks (notably Empire Market). Admins constantly publish new PGP-signed links to https://dark.fail . DDoS attackers then scrape this site, shift their attacks. Sites stay online, but users are trained to expect URLs to constantly change. This has resulted in a huge spike in phishing attacks.

Tor hidden services are notoriously difficult to protect from DDoS attacks due to its code being mostly single-threaded. Build 5000 circuits to any darknet site, max out one core on the server, and you take it offline. Cheers to BBC for this great step forward for privacy. Hopefully their traffic surges to bring more attention to .onion scaling problems.

[+] clubm8|6 years ago|reply
My pet theory is that these DDOS attacks are not just other merchants. I believe state actors are DDOSing to force traffic through nodes they control to deanonymize traffic.
[+] badrabbit|6 years ago|reply
Can't you do IP load balancing and run multiple Tor processes to handle different circuits?
[+] steeleduncan|6 years ago|reply
Potentially I am misunderstanding how Tor's onion routing works, but according to https://metrics.torproject.org/networksize.html there are about 6000 tor relays right now.

Surely if some well funded organisation (Eve) were to install a similar number of relays itself, then it is reasonably likely that for a given user a packet would eventually travel across relays solely owned by Eve, and at that point Eve could map a Tor address to a physical IP?

Operating 6000 nodes in a manner unlikely to cause suspicion , and correlating packets across those nodes, is a massive undertaking, but it seems that it would be well within the means of e.g. NSA.

Would this work, or am I missing something fundamental about how Tor works?

[+] oil25|6 years ago|reply
You're not missing anything - Tor is not designed to defend against a global passive network observer.

> A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary. Instead, we assume an adversary who can observe some fraction of network traffic; who can generate, modify, delete, or delay traffic […]

https://svn.torproject.org/svn/projects/design-paper/tor-des...

[+] xvector|6 years ago|reply
I believe this would work, and is one of the weak points of the ecosystem. I wonder what the impact of spinning up 6K relays in AWS across the globe would be like. I would say that spinning up 6K instances would be affordable for even small companies.
[+] coolspot|6 years ago|reply
That’s supposedly how silkroad was traced down. There was unusual spike of new nodes months before silkroad admin was caught.

Official version is website bug tho.

[+] abstractbarista|6 years ago|reply
Many of you with homelabs ought to check out how to run a Tor relay or bridge. It's been fun setting mine up, and after a while I started getting lots of traffic! No data cap on a symmetric fiber connection, so I might as well share the love!
[+] skissane|6 years ago|reply
Once upon a time, I tried running a relay at home. Certain websites started blocking my IP - their operators wanted to block exit nodes, but indiscriminately blocked all IPs from the Tor directory, both exit nodes and relay nodes. At that point, I stopped doing it.
[+] tenebrisalietum|6 years ago|reply
This is different from an exit node, right?
[+] cyphar|6 years ago|reply
I'm confused why they're running a v2 onion address -- v3 has many benefits in terms of privacy and DoS resistance. I get that the onion addresses are longer, but you can run both in parallel.
[+] mxuribe|6 years ago|reply
It certainly seems like they're doing this with good intentions. If so, the BBC is to be applauded!
[+] keithnoizu|6 years ago|reply
Forgive the useless quip, but it's a shame Jimmy Savile couldn't be alive to see his two worlds collide like this.
[+] farummi|6 years ago|reply
BBC World News has a similar purpose as Voice of America (VOA) and Russia Today (RT).

The purpose is to deliver the viewpoint of the UK to other countries, such as Iran, Russia, China.

[+] bouncycastle|6 years ago|reply
No, you're thinking of Fox News & Daily Mail.

Sure, there is some criticism of BBC news, but I don't think you could ever compare it to the junk filled propaganda machine that is RT.

[+] isostatic|6 years ago|reply
World News TV that you get in international hotels is a commercial arm, it's purpose is like CNN international.

World Service - mainly radio, but also TV, is to deliver a UK viewpoint to the world - traditionally "the colonies".

[+] olivermarks|6 years ago|reply
Interesting this was down voted. Presumably HN readers don't think this is accurate? From what I know of the BBC I would say this is a fair comment and that TOR might be needed for people who want to get the UK gov viewpoint in places hostile to their policies, views and positions
[+] zimbatm|6 years ago|reply
Imagine if CloudFlare or another CDN provider were to automatically public websites on Tor. This would be huge to drive legitimate traffic into the system. It should be trivial to publish your content on Tor as well as the clear web.
[+] hamilyon2|6 years ago|reply
Someone always mentions that it is already easier to publish website via tor because you don't need ip address and dns record.
[+] breadandcrumbel|6 years ago|reply
As far as I know, TOR doesn't work well in China
[+] LinuxBender|6 years ago|reply
Correct. Every time a new version / protocol is released, it works for a little while and then they adapt their firewall to block it.
[+] sanxiyn|6 years ago|reply
You can also visit facebookcorewwwi.onion.
[+] akavel|6 years ago|reply
Are you using it? does it work? when I tried to use it some long time ago, it was unusably broken (asked me to validate my account by recognizing photos of some friends, but each photo was showing as a blank white rectangle).
[+] RandomGuyDTB|6 years ago|reply
Possibly the most famous darkweb URL.
[+] nyolfen|6 years ago|reply
i’m not sure why. if someone is already using the tor network, presumably they could use it to bypass censorship to access the clearnet bbc site.
[+] Xophmeister|6 years ago|reply
From TFA:

    While the Tor browser can be used to access the regular version of the
    BBC News website, using the .onion site has additional benefits.
    
    "Onion services take load off scarce exit nodes, preserve end-to-end
    encryption [and] the self-authenticating domain name resists
    spoofing," explained Prof Steven Murdoch, a cyber-security expert from
    University College London.
[+] lacampbell|6 years ago|reply
There's a bit of irony in the UK state run broadcaster doing this, giving the UKs poor track record on freedom of speech.
[+] beokop|6 years ago|reply
I’m getting an Internal Server Error at the Tor site, I guess this means it’s more popular than they expected?
[+] zaphod420|6 years ago|reply
Ethereum has contract call ENS (Ethereum Name Service). It's kind of like a decentralized DNS.

People are starting to use that to create .eth domain names that point to .onion sites.

https://medium.com/the-ethereum-name-service/list-of-ens-nam...

[+] blotter_paper|6 years ago|reply
I think DNS is one of the top two most appropriate uses for blockchains. Besides the auctions and the TLD, what are the tradeoffs you're aware of between ENS and Namecoin? There's a part of me that feels like having One True Blockchain for everything sounds cool, but I also think Ethereum might be overkill for what is essentially a key-value store. Is there a formal ENS whitepaper with all the relevant high-level details in one document that my google-fu is failing to find, or are these web docs and the github code the best starting point right now? https://docs.ens.domains/
[+] solarkraft|6 years ago|reply
Why is this of interest?
[+] aykutcan|6 years ago|reply
I am annoyed by the clickbait title. it is like calling knife as murder weapon.
[+] eyeinthepyramid|6 years ago|reply
Dark web isn't inherently negative though, is it? It's not like they called it pedo-web.
[+] justinmchase|6 years ago|reply
They did put "dark web" in scare quotes to soften the blow a little.
[+] spoown|6 years ago|reply
Excellent initiative... would to see more of these...
[+] crusty511|6 years ago|reply
> The BBC has made its international news website available via the Tor network, in a bid to thwart censorship attempts.

Bit ironic given that the influence of the government at the BBC.

[+] tootahe45|6 years ago|reply
I don't see the point of this, nobody is censoring politically correct speech. Aren't they literally govt funded too?
[+] jtnjns|6 years ago|reply
I was in Vietnam last month and bbc.com is blocked by the ISPs. The article also mentions China and Iran.

BBC is publicly funded and unlikely to be banned in the UK but they provide global news coverage.

[+] LilBytes|6 years ago|reply
China and Russia would both like a word with you.