Hi Ringo,
Thanks for your soon to be improvements! I have a couple of
requests/questions if you do not mind:
1. I believe the current state of Hidden Service (HS) is one where access to an
HS can be username:passphrase protected? Please correct me if I am wrong, but
I believe someone made HS security/usability improvements a while ago which
included the username:passphrase option and making it possible to keep the URL
hidden from anyone except those who are provided the URL? (ie. 'Toogle' (sp?)
(Tor-google) will not 'find' the HS URL if the administrator of the HS chooses
to keep the URL private).
If the above is correct could you please make it possible, or describe how an
administrator could setup the HS access page (ie username:passphrase) to
accept a PGP key in place of username:passphrase? Or maybe a username:PGP key
to access the HS?
2. Could you please setup or describe how to use a CAPTCHA in the form of a
'word of the day'? For example, the police have a "color of the day", a
colored band they where when in plain cloths. This color changes everyday. If
they are in question to clothed police they can show the color of the day to
prove they really are police. In this fashion an administor could setup a
'word (or phrase) of the day' (or week, etc). The administor could contact the
members via TorPM (for example) to tell them the new 'word of the day'. Thus
an adversay would need a legitamte members private PGP key AND the 'word of the
day' to access the HS.
3. Could you please make it possible or describe how to setup forums in a
secure fashion? I like the idea of "Onion Forum" but I have no idea if it's
setup in a secure fashion or not.
4. Other services which an administrator could offer would be great. Maybe a
blog? However, to me the use a forums in OnionLand is most interesting and
useful; for example a section of the forums could be a quasi-blog.
5. I have always been interested in the idea of a colo-HS. Could you please
describe how one could be setup? And could you please detail the associated
risks vs benefits? I have in my minds eye that running a colo-HS is not a
good...
6. I know this might be asking too much but info/scripts to setup FDE (Full
Disk Encryption) would be great! I know the old 'how-to' for running a node on
*nix included info on setting up FDE but the directions are/were very clunky
and hard to follow.
Thanks! (and sorry if some of those are stupid requets)
