On Sun, Nov 15, 2015 at 09:42:23PM +0100, Uwe Werler wrote: > On Sun, Nov 15, 2015 at 08:15:57PM +0100, Stefan Sperling wrote: > > On Sun, Nov 15, 2015 at 01:32:25PM -0500, Raul Miller wrote: > > > But treating this as "extremely dangerous" without offering a path > > > forward means that people need to "roll their own" approaches when > > > faced with related needs. > > > > The way forward is use tor properly to access hidden services. > > > > tor2web was conceived in 2008 to make it easier for whistleblowers > > to use tor instead of nothing. Unfortunately in 2015 whistleblowers > > have very good reasons to use something better than tor2web. > > > > Hello Stefan, > > what do You mean with "use something better"? I'm really interested in Your > suggestion.
It depends. As discussed, if tor2web is used to set up a site which receives leaks, IPs making submissions can be de-anonymized so tor2web should not be used in this case. So "something better" might be tor or something else. In the reverse scenario, where a site sends leaks obtained from who knows where out to the open internet from a hidden service location, tor2web may make sense. Or it may not. I'm not quite sure. Tor has so many edge cases as is even if both sides run Tor. I won't believe random stranger's from the internet opinions about any of this. If Pascal is not willing to put effort into maintaining a port flavour for this feature, I won't mind that in the slightest.