Reword Namecoin / Tor Onion Services FAQ entry for ease of reading #577
Conversation
| The Tor Project's Onion Services, with the `.onion` top-level domain, use domain names that are hashes of public keys. | ||
| This means that their domain names are not human-meaningful, unlike Namecoin's. | ||
| Namecoin’s `.bit` domains can point to `.onion` domains. | ||
| This makes it possible to give human-meaningful names to Tor Onion Services. |
There was a problem hiding this comment.
I would prefer to retain the word "layer" here, as it invokes the good engineering practice of layering protocols.
There was a problem hiding this comment.
This makes it possible to use Namecoin as a naming layer, to give human-meaningful names to Tor Onion Services.
Would that work?
| Namecoin’s `.bit` domains can point to `.onion` domains. | ||
| This makes it possible to give human-meaningful names to Tor Onion Services. | ||
|
|
||
| Right now, blockchain-based systems like Namecoin are less secure against impersonation and deanonymization attacks than systems like Onion Service names, used directly, are. |
There was a problem hiding this comment.
The existing text emphasizes that the cryptographic security of Namecoin is weaker than that of onion services; this is a reference to the fact that Namecoin relies on game-theoretic security in combination to cryptographic security, which is weaker than purely cryptographic security (as onion services use). I do not think it's accurate to say that Namecoin is less secure (in the general sense) against impersonation, because phishing attacks and other kinds of UX-related vulnerabilities are a form of impersonation.
There was a problem hiding this comment.
That's fair. How about just explaining the vulnerabilities in further detail?
Block chain systems like Namecoin are less secure against some deanonymization and impersonation attacks than direct cryptographical systems like Onion Service names.
With Onion Service names, nobody can impersonate you unless they either steal your key or there's a break in the underlying cryptography. Namecoin's security is only game-theoretic; even if your keys are safe, a miner with infinite resources could steal your domain.
When you register a Namecoin name, anyone can trace this like they could a Bitcoin transaction. This could compromise your anonymity, depending on from where you got the namecoins.
| This makes it possible to give human-meaningful names to Tor Onion Services. | ||
|
|
||
| Right now, blockchain-based systems like Namecoin are less secure against impersonation and deanonymization attacks than systems like Onion Service names, used directly, are. | ||
| However, Namecoin's human-meaningful names protect against phishing attacks better; it's much easier to remember a meaningful name than an arbitrary public key. |
There was a problem hiding this comment.
Again, the existing text emphasizes that cryptographic attacks and psychological attacks are both real classes of attacks; we should preserve that information.
There was a problem hiding this comment.
And this text should be preserved: "Attackers can exploit this property of Onion Service names in order to trick users into visiting the incorrect website."
There was a problem hiding this comment.
I think it's better to explain it in detail. How about this?
On the other hand, Namecoin's human-meaningful names protect better against phishing attacks; it's much easier to remember a name that has meaning to you, like namecoin.bit, than an arbitrary string of characters, like namecoinf358fqe4z99u81bkojwcsn8qyogb4f8i9hzkmdnrw84bb7hd.onion. There are attacks where scammers generate onion names that look similar to existing websites', but that point somewhere else. Since there's no meaning or structure to them, many users can't tell the real and fake names apart unless they look closely.
We should probably use our real onion, though. Maybe there is a nice picture somewhere showing what a phishing attempt looks like.
No description provided.