Cooking With Onions: Names for your onions


Hello again,

this blog post is the second issue of the Cooking with Onions series which aims to highlight interesting aspects of the onion space. Check-out our first issue as well!

Onion addresses are weird...

This post is about onion addresses being weird and the approaches that can be taken to improve onion service usability.

In particular, if you've cruised around the onionspace, you must have noticed that onion services typically have random-looking addresses that look like these:

  • 3g2upl4pq6kufc4m.onion
  • 33y6fjyhs3phzfjj.onion
  • propub3r6espa33w.onion

So for example, if you wanted to visit the Tor website onion service, you would have to use the address http://expyuzz4wqqyqhjn.onion/ instead of the usual https://www.torproject.org.

To better understand why onion addresses are so strange, it helps to remember that onion services don't use the insecure Domain Name System (DNS), which means there is no organization like ICANN to oversee a single root registry of onion addresses or to handle ownership dispute resolution of onion addresses. Instead, onion services get strong authentication from using self-authenticating addresses: the address itself is a cryptographic proof of the identity of the onion service. When a client visits an onion service, Tor verifies its identity by using the address as ground truth.

In other words, onion services have such absurd names because of all the cryptography that's used to protect them. Cryptographic material are basically huge numbers that look meaningless to most humans, and that's the reason onion addresses tend to look random as well.

To motivate this subject further, Tor developers have medium-term future plans for upgrading the cryptography of onion services, which has the side-effect of increasing onion address length to 54 characters! This means that in the future onion addresses will look like this:

  • llamanymityx4fi3l6x2gyzmtmgxjyqyorj9qsb5r543izcwymlead.onion
  • lfels7g3rbceenuuqmpsz45z3lswakqf56n5i3bvqhc22d5rrszzwd.onion
  • odmmeotgcfx65l5hn6ejkaruvai222vs7o7tmtllszqk5xbysolfdd.onion

Remembering onions

Over the years the Tor community has come up with various ways of handling these large and non-human-memorable onion addresses. Some people memorize them entirely or scribe them into secret notebooks, others use tattoos, third-party centralized directories or just google them everytime. We've heard of people using decks of cards to remember their favorite onion sites, and others who memorize them using the position of stars and the moon.

We believe that the UX problem of onion addresses is not actually solved with the above ad-hoc solutions and remains a critical usability barrier that prevents onion services from being used by a wider audience.

The onion world never had a system like DNS. Even though we are well aware that DNS is far from the perfect solution, it's clear that human memorable domain names play a fundamental role in the user experience of the Internet.

In this blog post we present you a few techniques that we have devised to improve the usability of onion addresses. All of these ideas are experimental and come with various fun open questions, so we are still in exploration mode. We appreciate any help in prototyping, analyzing and finding flaws in these ideas.


Idea 1) A modular name system API for Tor onion services

During the past years, many research groups have experimented and designed various secure name systems (e.g. GNS, Namecoin, Blockstack). Each of these systems has its own strengths and weaknesses, as well as different user models and total user experience. We are not sure which one works best for the onion space, so ideally we'd like to try them all and let the community and the sands of time decide for us. We believe that by integrating these experimental systems into Tor, we can greatly strengthen and improve the whole scientific field by exposing name systems to the real world and an active and demanding userbase.

For this reason and based on our experience with modular anti-censorship techniques, we designed a generic & modular scheme through which any name system can be integrated to Tor: Proposal 279 defines A Name System API for Tor Onion Services which can be used to integrate any complex name system (e.g. Namecoin) or even simple silly naming schemes (e.g. a local /etc/tor-hosts file).

Here is a graphical depiction of the Name System API with a Namecoin module enabled and resolving the domain sailing.tor for a user:

It's worth pointing out that proposal 279 is in draft status and we still need to incorporate feedback received in the mailing list. Furthermore, people have pointed out simple ways through which we can fast-track and prototype the proposal faster. Help in implementing this proposal is greatly appreciated (find us in IRC!).

Idea 2) Using browser extensions to improve usability

Other approaches for improving the usability of onion addresses use the Tor Browser as a framework: think of browser extensions that map human memorable names to onion addresses.

There are many variants here so let's walk through them:

Idea 2.1) Browser Extension + New pseudo-tld + Local onion registry

A browser extension like HTTPS-everywhere, uses an onion registry to map human-memorable addresses from a new pseudo-tld (e.g. ".tor") to onion addresses. For example, it maps "watchtower.tor" to "fixurqfuekpsiqaf.onion" and "globaleconomy.tor" to "froqh6bdgoda6yiz.onion". Such an onion registry could be local (like HTTPS-everywhere) or remote (e.g. a trusted append-only database).

Even an extension with a local onion registry would be a very effective improvement to the current situation since it would be pretty usable and its security model is easy to understand: an audited local database seems to work well for HTTPS-everywhere. However, there are social issues here: how would the onion registry be operated and how should name registrations be handled? I can see people fighting for who will get bitcoin.tor first. That said, this idea can be beneficial even with a small onion database (e.g. 50 popular domains).

Here is a graphical depiction of a browser extension with a local onion registry resolving the domain sailing.tor for a user:


Idea 2.2) Browser extension + New pseudo-tld + Remote onion registries

A more dynamic alternative here involves multiple trusted remote onion registries that the user can add to their torrc. Imagine a web-of-trust based system where you add your friend's Alice onion registry and then you can visit facebook using facebook.alice.onion.

A similar more decentralized alternative could be a browser addon that uses multiple remote onion registries/notaries to resolve a name, employing a majority or supermajority rule to decide the resolution results. Such a system could involve notary nodes similar to SSL schemes like Convergence.

Idea 2.3) Browser extension redirects existing DNS names

An easier but less effective approach would be for the browser extension to only map DNS domain names to onion names. So for example, it would map "duckduckgo.com" to "3g2upl4pq6kufc4m.onion". That makes the job of the name registrar easier, but it also heavily restricts users only to services with a registered DNS domain name. Some attempts have already been made in this area but unfortunately they never really took off.

Idea 2.4) Automatic Redirection using HTTP

The Alt-Svc HTTP header defines a way for a website to say "I'm facebook.com but you should talk to me using fbcdn.com." If we replace that fbcdn.com address with facebookcorewwi.onion - then when you typed in Facebook, the browser would, under the covers, use the .onion address. And this can be done without any browser extension whatsoever.

One problem is that the browser has to remember this mapping, and in Tor Browser that mapping could be used to track or correlate you. Preloading the mapping would solve this, but how to preload the mapping probably brings us back into the realm of a browser extension.

Idea 2.5) Smart browser bookmarks for onion addresses

Talking about random addresses, it's funny how people seem to be pretty happy handling phone numbers (big meaningless random numbers) using a phone book and contacts on their devices.

On the same note, an easier but less usable approach would be to enhance Tor Browser with some sort of smart bookmark/petname system which allows users to register custom names for onion sites, and allows them to trust them or share them with friends. Unfortunately, it' unclear whether the user experience of this feature would make it useful to anyone but power users.

Of course it's important to realize that any approach that relies on a browser extension will only work for the web, and you wouldn't be able to use it for arbitrary TCP services (e.g. visiting an IRC server)

Idea 3) Embed onion addresses in SSL certificates

So let's shift back to non-browser approaches!

Let's Encrypt is an innovative project which issues free SSL certificates in an automated fashion. It has greatly improved Internet security since now anyone can freely acquire an SSL certificate for their service and provide link security to their users.

Now let's imagine that Let's Encrypt embedded onion address information into the certificates it issues, for clients with both a normal service and an onion service. For example, the onion address could be embedded into a custom certificate extension or in the C/ST/L/O fields. Then Tor Browser, when visiting such an SSL-enabled website, would parse and validate the certificate and if an onion address is included, the browser would automagically redirect the user. Take a look at this paper for some more neat ideas on this area.

Idea 4) Embed onion addresses in DNS/DNSSEC records

A similar approach could use the DNS system instead of the SSL CA system. For example, site owners could add their onion address into their TXT or SRV DNS records and Tor could learn to redirect users to the onion address. Of course this approach only applies to operators that can afford a DNS domain. Oh yeah DNS also has zero security...

Conclusion

As you can see there are many approaches that we should explore to improve usability in this area. Each of them comes with its own tradeoffs and applies to different users, so it's important that we allow users to experiment with various systems and let each community decide which approach works best for them.

It's also worth pointing out that some of these approaches are not that hard to implement technically, but they still require lots of effort and community building to really take off and become effective. Involving and pairing with other friendly Internet privacy organizations is essential to achieve our goals.

Furthermore, we should think carefully of unintended usability and security consequences that come with using these systems. For example, people are not used to their browser automagically redirecting them from one domain to another: this can seriously freak people out. It's also not clear how Tor Browser should handle these special names to avoid SSL certificate verification issues and hostname leaks.

One thing is for sure: even though onion services are used daily by thousand of people, the random addresses confuse casual users and prevent the ecosystem from maturing and achieving widespread adoption. We hope that this blog post inspires researchers and developers to toy around with naming systems and take the initiative in building and experimenting with the various approaches. Please join the [tor-dev] mailing list and share your thoughts and projects with us!

And this brings us to the end of this post. Hope you enjoyed this issue of Cooking With Onions! We will be back soon, always with the finest produce and the greatest cooking tips! What would you like us to cook next?

[Thanks to Philipp Winter and Tom Ritter for the feedback on this blog post, as well as to everyone who has discussed and helped develop these ideas.]

>It seems like the existing onion addressing and network handling already works to this advantage except that it relies on the fact that no two names will ever collide.
If onion names are secure, collision should be cryptographically hard to achieve. In other words, if you can create collisions they are broken in the first place and should be ditched all together.

>In which case why not allow people to register collisions then use existing onion network measurement tools to determine the popularity of sites, returning them in the same way a search bar returns autosuggestions.
Because that entails all kinds of implementation problems plus security and privacy issues.

Why dishonest?

The mining rewards of 611 coin are not hidden; it's full open source on GitHub:

https://github.com/fflo/sixeleven/blob/master.611/src/611.cpp [line 204]
int64 GetNetworkFee(int nHeight)
{
// Speed up network fee decrease 4x starting at 24000
// if (nHeight >= 24000)
// nHeight += (nHeight - 24000) * 3;
// if ((nHeight >> 13) >= 60)
// return 0;
// int64 nStart = 50 * COIN;
// if (fTestNet)
// nStart = 10 * CENT;
// int64 nRes = nStart >> (nHeight >> 13);
// nRes -= (nRes >> 14) * (nHeight % 8192);
// return nRes;
// the standard network fee is 6.11 cent
int64 nStart = 611 * CENT / 100;
// it will decrease by factor two every 2^18 or 262144 blocks
int64 nNetFee = nStart >> (nHeight >> 18);
nNetFee -= (nNetFee >> 19) * (nHeight % 262144);
// but is was fixed for the very early developers
if (nHeight <= 10110)
nNetFee = 611 * CENT / 100;
if (nHeight <= 2880)
nNetFee = 611 * CENT / 1000;
if (fTestNet)
nNetFee = 1 * CENT;
return nNetFee;
}

All transactions (and even the name operations) can be checked with the 611 Block Explorer: https://be.611.to

611 is up and running perfectly stable since 2015. As far as I know the DNS service had no downtime since 2015!

Dev is still actively developing this coin with a good level of trust at BCT.
611 is trading at a stable level since months on https://www.c-cex.com/?p=611-btc

I agree with you that 611 coin should be traded with cautiousness, but that's not the topic of this blog post.

As a crypto coin based DNS, 611 is up and running great since almost two years. As far as I know there is no other crypto coin based DNS supporting any Internet connected device at almost no cost.

hans andersen

April 09, 2017

Permalink

Very useful blog!Thank you!But I am wondering why some onion domain names have special words for example hansa ,it's onion domain name is hansamk2bizhmib4.onion. How this work?

hans andersen

April 09, 2017

Permalink

yeah, 611 works great as a dns resolver for onion websites. For privacy reasons a direct Tor api integration would be nice.

Is there a need for a short howto/wiki?

hans andersen

April 09, 2017

Permalink

I don't think Tor should do anything. It should be up to the user to verify that they aren't being phished like regular DNS. User-friendly isn't an issue either as everyone bookmarks URLs or has them saved somewhere. These new features would make an already complex system even more complex which worries me as the implementation may have an unknown vulnerability somewhere. However, the developers clearly want to do something about this "issue". If I were in the position to choose, I would go with Idea 1) "A modular name system API for Tor onion services". A lot of questions remain but I trust that the developers will make the right decisions.

hans andersen

April 10, 2017

Permalink

I have mined some 611, so if someone likes to try it out to publish Tor-onions with 611 I'm happy to share some SILs. Share your 611 address.

hans andersen

April 12, 2017

Permalink

Could the outcome of the French presidential election adversely affect Tor users? Would Tor Project be considered a US "tech company"?

techdirt.com
Moderate French Presidential Candidate Suggests He May Pressure US Tech Companies Into Creating Encryption Backdoors
from the safety-through-insecurity dept
12 Apr 2017

> France's presidential election season has kicked in. The supposed "moderate" of the bunch -- Emmanuel Macron -- has managed to gain considerable support in the last several months. Some of this has sprung from our own recent election. Earlier this year, the candidate took digs at Trump's anti-climate change stance, stating France would welcome dejected US scientists with open arms.

hans andersen

April 13, 2017

Permalink

>One problem is that the browser has to remember this mapping, and in Tor Browser that mapping could be used to track or correlate you.
Indeed you should never let websites access your "address book". Sites will simply have to link to resources by full onion domain.

I can only recommend a proper pet name system (who knows how hard it is to securely implement that on top of any modern browser). Or namecoin only because it's less bad than DNS and lots of people would use it for free DNS and NAT bypass with short route hidden sites.

>pet name system anything less than most usable
I have no idea why people still believe this but it's not in my interest to argue with them.

>Idea 3) Embed onion addresses in SSL certificates
>Idea 4) Embed onion addresses in DNS/DNSSEC records
ISHYGYGYGYGHGGGTDT

>web of trust based name sharing
ISHYGGYDGYGGYDGTTGDDGYTDGYT
see http://longpoke.github.io/f37c5de221cb361db07f046b31047f329ddb2ca2fe3ab…

hans andersen

April 14, 2017

Permalink

Governments will flood the namespace with the most repugnant things they can imagine.

hans andersen

April 19, 2017

Permalink

The problem with human-meaningful names is that they are not global and cannot be so.

So that leaves local authorities, curators if you will, who are entrusted with the task of keeping the names for things. Maybe this means curating a local version of the names that provide meaningful services to the community; maybe this means curating a local version of the names of people in a community.

In the last century, telephone companies would maintain these sorts of locally-meaningful records, although we have seen clearly that aggregation leads to a wide range of problems, most prominently namespace collision and "gold rush" contention.

Perhaps this sort of task is best left to the non-commercial authority of local librarians granted authority by localised power centres, such as towns, small businesses, divisions of larger businesses, or religious organisations. These people would be entrusted to maintain names on behalf of, say, tens of thousands of people. They would not need to achieve global consensus and they would be discouraged from doing so. They would aim to act in the best, local interest of the people they represent.

hans andersen

April 25, 2017

Permalink

What about a system where:
1. a user types: pipeleaks.onion
2. TorBrowser detect that this is an invalid address, so
3. TorBrowser somehow looks up all/published hidden services, and presents them to the user in a webpage like interface, like:

Choose which Onion Service would you like to visit:
pipeleaksbm49bjd8cht0dvhdh28bk39iyrebhejf.onion [Verified by TorHQ and GoodGuys]
pipeleaksk20fxhb04hcvojhe0niwhgu9bnxoiehj.onion [Verified by SomeoneElse]
pipeleaksndivje9j40hgkx09euv0439bkldm39gs.onion [Unverified]

4. The user tries to recognise the good address, which is much easier than remembering the full address.

Who is GoodGuys and how do I have a secure channel to them? Even if I knew what pipeleaks is and trust GoodGuys to properly authenticate domain names (whatever that means), how do I know they have the same "pipeleaks" in mind as me? This is the same problem I commented above which affects the PGP Web of Trust. This isn't even an Impractical (TM) issue, once you step out of the big 10 or so domain names of the west (google, facebook, microsoft etc). Even in every day conversation with competent people, I run into people who have never heard of Hacker News (the ycombinator one), and think I'm talking of The Hacker News, which has a large intersection of stories, and both are basically the same format: news sites with user comments - and both appear as the first or second hit for "Hacker News" on popular search engines such as Google and Bing. If they both had hackernews*.onion, we could go on for months before realizing we are even talking about different things. In cases where security is required beyond the likes of the phony stuff which protects your bank account, this scheme would utterly fail.

GoodGuys, BadGuys, etc. would be just self-anointed hidden service directores, themselves also being hidden (or maybe clearnet) services. They would't authenticate anything, they would just help you identify the good .onion yourself. Or misguide you. Some of them could be “official” or you could add a list of other directories you got from some other source.

They would get a request
{ gimmeAllOnionDomainsStartingWith: 'hackernews' }
and they would return
[{ domain:      'hackernews123blabla.onion',
   description: 'the ycombinator one',
   known: 'since 2013',
}, … ]

TorBrowser would gather these and display it to the user, and it would be the dear user's responsibility to choose the proper one.

Also, TorBrowser could generate some colours and an image from the .onion address, like those avatar generators that make unique unicorn images from your user id to help choose/mess up things even more. :)

> description: 'the ycombinator one',

1. This wouldn't help in most cases because normal people don't care who is behind a service or product or other establishment. Apart from a small community around the San Fransisco startup scene, nobody knows or cares what ycombinator is, even if they know what Hacker News is. If they see hackernews (the ycombinator one) and hackernews (the joe shmoe one), it effectively looks like this to them: hackernews (a4h1byk91n) and hackernews (ma95hb1g5hg6) - indistinguishable aside from the gibberish. Even if they had title attributes set to Hacker News and The Hacker News, that would still be largely meaningless.

2. At the time of creating the Hacker News domain, they likely wouldn't even have thought to put this additional context of "the ycombinator one", since they didn't know of The Hacker News at the time. Of course maybe there would be a company field, in which case they would probably put ycombinator without a second thought.

The problems of this happening by accident aren't even a big issue. The problem is when an adversary forces this situation. Back the first time I installed Linux, I wanted to cryptographically verify that I download the right files, but I didn't even know who is behind the distro I was downloading. The download page could have designated any PGP key with any person's name, and I would have no way to tell if this is even the same name as what most people believe to be the real name. So of course Jon Doe could replace the page (by MITM or similar) and put his own keys (which are verified, because he is indeed the real Jon Doe). Do you know who is behind Fedora? Most people don't. Now even that issue aside, if it was common knowledge throughout the world of who is behind Fedora - let's say his name is Chris James, and he signs the files himself instead of some other developer doing it - I would still have no way to verify I have the real Chris James, as discussed in the link about the OpenPGP Web of Trust I posted above.

hans andersen

April 27, 2017

Permalink

So if an onion service can have a name, the only way to prevent collisions is for all names to be known. Or is there some cryptographic magic that can test for a collision without knowing the names? Could the dining cryptographers problem or zero-knowledge proof offer us any insight?

I think that if many onion services had given names rather than randomly-generated addresses, that would lend itself to name guessing. Onion services hoping to remain secret (after we figure out how to better ensure that) should not have a name!

Which term is better: name, alias, domain name, onion name or something else?

Should the system have a limit to the number of names an onion address may have?

hans andersen

August 28, 2017

Permalink

What if FBI sets up tens of thousands of middle and exit nodes? Could they end up monitoring the traffic?