Bitcoin Forum

Well the subject line pretty much says it all. Any chance that the new forum could be hosted at an .onion URL to prevent TLAs from snooping the SSL traffic?

I don't use Tor that often, but I agree, it may be nice to have for the more privacy concerned.

I thought Tor was broken a while back and using it only arouses suspicion and brings attention to you?   

+1 on this. Or at least have the ability to access the forum via a hidden service in a similar way that blockchain.info allows access via a hidden service (they actually force access via the hidden service when connecting via tor)

i think a tor site would be great. i too hope to see it when the new forum releases, it sounds like it has been development for quite a while now.

I also agree with the dserrano5's idea, would it be easy to add or not ?

The problem with that is that many of the current anti-DoS measures distinguish between users by looking at their IP address. For example, if you're not logged in then your IP is limited to one search every 100 seconds (or something like that -- I don't remember the exact number) to prevent you from overloading the server. IMO Tor needs to add some configurable proof-of-work mechanism to hidden services for them to be widely usable. For example, one thing that comes to mind is that the client could prove that he's holding x GB of data unique to a certain hidden service, and after verifying this, Tor could pass a unique private IP for that client (eg. 10.1.2.3) to the hidden service's web server. (The IP would be different per hidden service, so it would only be a minor reduction in privacy -- the hidden service would only be able to track you across its own pages.) Then the standard idea of "block IPs that abuse the server" could be used by the hidden service.

Thanks for the reply theymos, if not .onion, possibly a .bit domain? Seems to be perfect for this forum, and it has to do with bitcoin. None of the privacy of tor, but still would be cool.

Wouldn't it be somewhat of a moot point to access the forum via a hidden service if you are not logged in? I don't see any real downsides to connecting to bitcointalk.org via TOR if you are just browsing (and do not log in). However once you are logged in via TOR, you are subject to a number of MITM attacks.

One possible solution to DDoS concerns with running a hidden service would be to force users to log into their account when accessing the hidden service (a captcha could be used to avoid someone spamming login attempts), and then the time limits that are imposed to the IP address can be replaced with the username in question (you could also do things like disable search to users under a certain activity level when accessing the forum via a hidden service).

Actions that are time restricted really should be linked to your username anyway as someone could simply change their IP address (maybe via connecting to a different VPN gateway) to get around time restrictions.

personally I'm surprised this forum isn't hosted on a .bit domain for decentralized dns.

.bit domains are used via NMC. This is bitcointalk.org. I don't see any real value that a .bit domain would give the forum, especially since it cannot host anonymously (the public already knows the identity of the people that run/own it) 

yes I'm aware it's bitcointalk but does that stop all the altcoins from posting on here? NO
it's a crypto forum basically at this point. So why not support what the crypto coins are trying to do?
whats your animosity to namecoin? It isn't even about being hosted anonymously which is what the hiddenservice suggestion is more about than mine.
personally you sound like a fed trying to prevent users from exercising their right to privacy.

Ah, then it can't run on SMF, or nginx or linux because, well, none of those are bitcoin.



The most paranoid among us would answer "Even if you're not logged in, they know who you are and what threads you spend most time in". I'm not in this group, although I can conceive some people thinking along these lines.

Well the .bit domain system is very much using an altcoin. There is no SMF coin.

The real benefit of using a .bit domain over a "traditional" is anonymity, however theymos's identity is already publicly known (I assume the same is true for Sirius, however I have not actually seen his dox) therefore operating a .bit domain becomes a moot point

These people can still connect to bitcointalk.org via tor, but would not be subject to the same MITM attacks that people who are logged in via tor are subject to.