On Wed, Sep 19, 2012 at 1:36 AM, grarpamp <grarp...@gmail.com> wrote: >> People use robots.txt to indicate that they don't want their site to >> be added to indexes. > And if a site is so concerned about someone else publishing a link, > however obtained, then they should name it something innocent and > password protect it or use better operational security to begin with.
And they should all move to places where they won't be killed for disfavored political views, and we should all personally audit the source that we run, and we should anticipate any attack or abuse... It seems to me that there is a common expectation is that onion urls provide a degree of name privacy— generally, if someone doesn't know your name they can't find you to connect to you. If someone violates that expectation it risks harming people until the new risks are well known (and still even then some, as no matter how well known it is some people will miss the fact that something enumerates the darn things). Perhaps the convention is dumb. But that doesn't make it right to act in a way that can be expected to harm people when you know better and can avoid it. Hopefully some kind of NG onion would include addition data in the link which is used for introduction so rendezvous collection couldn't get usable addresses (e.g. something as simple as an additional secret used to complete a challenge-response knock with the end host, or as complicated it could pack in a small ECDSA private key, the onion site provides the RP with the public key, and for a connection to proceed the connecting host must sign a permission slip to get past the RP, before even getting to knock). Though this wouldn't do anything to prevent a service like tor2web from data harvesting. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
