11 Nov 2019 - tsp
Last update 11 Nov 2019
First this is not a page that describes what TOR is, what hidden services are or how to run your own. This is described on my previous two blog posts
This page tries to list a few non-shady WWW services to illustrate that TOR is not only used for criminal and shady purposes but also for some other more respectable reasons. Note that there are many more reasons to use TOR for your services like mutual authentication (stealth hidden services), reaching services even in case of glboal routing problems, being able to dial into dialup networks even if adresses change, manage devices as they move through different networks, etc. There are many more reasons to use TOR for services besides WWW (i.e. webpages). Of course there is the potential to use TOR for criminal purposes but it’s the same with every technology: It either protects one from the bad and the good ones or from none of the groups.
Note that plain HTTP over TOR is not unsafe when accessing hidden services but it’s unsafe (don’t use) when accessing clearnet pages via TOR!
By any means the largest hidden service currently known. It’s reachable via facebookcorewwwi.onion. It’s running since about 2015 and is used by over a million people per month. It allows anonymized access to the webpage and - as it’s a hidden service - allows to be sure that the accessed resource is really in posession of the keys belonging to the URI, so there is no need to verify any SSL certificates any more. On the other hand it allows to access the social media site without allowing any ISP or VPN provider to make statistics about your social media usage.
The organization behind one of the oldest Linux distributions made many of it’s services reachable via TOR hidden services. This guarantees to prevent profiling of your local infrastructure by external listeners (like your ISP, VPN providers or anyone else). The public site is available via sejnfjrq6szgca7v.onion. They have a whole bunch of services available as listed on https://onion.debian.org/ and one can even point the package management tool towards the TOR pages to install packages via TOR.
Of course. The public www page is reachable via expyuzz4wqqyqhjn.onion - as well as a whole bunch of internal services (see onion.torproject.org). The recommended way of updating the TOR browser once deployed is also via TOR for enhanced security (i.e. authentication of the endpoint via URI embedded fingerprint).
Keybase is an service that maps social media identities to encryption keys (like OpenPGP keys). It’s reachable via keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion.
Found at bbcnewsv2vjtpsuy.onion this is really the BBCs news page. Noone will know which articles you access and that you are reading this newspaper if using the onion service. And as usual you can be sure that you are really accessing BBC.
Anoter newspaper trying to protect the privacy of it’s readers. Reachable via nytimes3xbfgragh.onion.
A search engine that claims to honor your privacy. When using their onion service at 3g2upl4pq6kufc4m.onion to search the clearnet they are simply not capable of collecting data about you - so you don’t have to beleive in their promise.
A (webmail) mailprovider that claims to be privacy centered. They claim to honor privacy and protect your mail. You can narrow down the data they collect by using their onion page protonirockerxow.onion
Is also reachable via jugujbrirx3irwyx.onion. Why? Because … why not.
Not a webpage but one of the applications that exploits TOR for a simple and easy file sharing service (i.e. a service where one user can share a file with some other user without having to setup a webserver, etc. himself). Of course the webpage of this tool is also accessible via a hidden service at lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion
There are many more non-shady services available via TOR hidden services. Many of them list their onion URIs at the bottom of their webpage or at a special onion subdomain.
If you are running your own services - please consider also running them via your own onion URI.
This article is tagged: