Official Tor Hidden Service for the Kiwi Farms

  • The site is having difficulties because our bandwidth is totally overextended. Our 1Gbps line is at 100% even when there aren't 8000 people on the site. We were supposed to get a second Gbps line months ago but I'm struggling to get technicians scheduled to set it up.

glow

Softly glowing in the dark
kiwifarms.net
Joined
Aug 13, 2020
I am interested in Tor for my haramposting but concerned that the .onion URL is plain HTTP, whereas other .onion sites are HTTPS.

I can't find a good answer about this but I'm guessing that because the connection is terminated at the KF server, the final hop is still encrypted? I know that if you go to a regular HTTP site the exit node can see everything.
 

Null

Ooperator
kiwifarms.net
Joined
Nov 14, 2012
I am interested in Tor for my haramposting but concerned that the .onion URL is plain HTTP, whereas other .onion sites are HTTPS.

I can't find a good answer about this but I'm guessing that because the connection is terminated at the KF server, the final hop is still encrypted? I know that if you go to a regular HTTP site the exit node can see everything.
Read how the onion router works. Https over Tor does nothing and can even weaken security.
 

Kosher Salt

(((NaCl)))
kiwifarms.net
Joined
Mar 10, 2019
I am interested in Tor for my haramposting but concerned that the .onion URL is plain HTTP, whereas other .onion sites are HTTPS.

I can't find a good answer about this but I'm guessing that because the connection is terminated at the KF server, the final hop is still encrypted? I know that if you go to a regular HTTP site the exit node can see everything.
You never go through an exit node for an onion URL. It's strictly within the Tor network, it never exits.
 

hundredpercent

kiwifarms.net
Joined
Jun 9, 2020
Because it accomplishes nothing and trains users to accept invalid certificates. Google it dude.
I mean, you can get valid certs for onions these days, but it'll cost you $50 or something. Price is going down rapidly so shouldn't be far off until it's free.
 

TheSkoomer

Ahahahahahhahahahahahahahahahahahahahahhahahahahah
kiwifarms.net
Joined
Feb 4, 2020
I am interested in Tor for my haramposting but concerned that the .onion URL is plain HTTP, whereas other .onion sites are HTTPS.

I can't find a good answer about this but I'm guessing that because the connection is terminated at the KF server, the final hop is still encrypted? I know that if you go to a regular HTTP site the exit node can see everything.
HTTPS over Tor gives no added benefit, and has a negative effect of querying CRLs from certificate authority servers whenever you visit an HTTPS .onion URL, thus revealing to a third party that an .onion URL has been visited.
 

hundredpercent

kiwifarms.net
Joined
Jun 9, 2020
HTTPS over Tor gives no added benefit, and has a negative effect of querying CRLs from certificate authority servers whenever you visit an HTTPS .onion URL, thus revealing to a third party that an .onion URL has been visited.
This doesn't happen with OCSP stapling, but you're right in that the benefit is very minimal regardless.
 

3119967d0c

"a brain" - @REGENDarySumanai
True & Honest Fan
kiwifarms.net
Joined
Mar 17, 2019
@Null imagine you're aware, but the onion site is unavailable for the moment. If it isn't possible to have that up during the DDOS, maybe turning the automatic redirect off would make sense?
 

hundredpercent

kiwifarms.net
Joined
Jun 9, 2020
@Null imagine you're aware, but the onion site is unavailable for the moment. If it isn't possible to have that up during the DDOS, maybe turning the automatic redirect off would make sense?
The hack is: go to https://a.kiwifarms.net in tab 1. Go to https://kiwifarms.net in tab 2. In tab 1, ask for a new circuit for https://a.kiwifarms.net. Go to https://kiwifarms.net in tab 2. Ask for a new circuit for https://a.kiwifarms.net. Go to https://kiwifarms.net. Ask for a new circuit for https://a.kiwifarms.net. Go to https://kiwifarms.net. Ask for a new circuit for https://a.kiwifarms.net...

In theory, onion services resist DoS. In practice, it's all on the same server. You could do some hack where the DB+PHP gets another server and the current exposed one just runs a reverse proxy, and that would allow you to make the onion service stay online during DoS attacks, but I don't know if it's worth the trouble. What's the purpose of being on a website if you can't talk to your frens?
 

Kosher Salt

(((NaCl)))
kiwifarms.net
Joined
Mar 10, 2019
The hack is: go to https://a.kiwifarms.net in tab 1. Go to https://kiwifarms.net in tab 2. In tab 1, ask for a new circuit for https://a.kiwifarms.net. Go to https://kiwifarms.net in tab 2. Ask for a new circuit for https://a.kiwifarms.net. Go to https://kiwifarms.net. Ask for a new circuit for https://a.kiwifarms.net. Go to https://kiwifarms.net. Ask for a new circuit for https://a.kiwifarms.net...

In theory, onion services resist DoS. In practice, it's all on the same server. You could do some hack where the DB+PHP gets another server and the current exposed one just runs a reverse proxy, and that would allow you to make the onion service stay online during DoS attacks, but I don't know if it's worth the trouble. What's the purpose of being on a website if you can't talk to your frens?
It's not that the onion service doesn't resist DoS attacks, it's that the onion service goes down and then remains down when the site is otherwise basically working again. Hence I'm accessing the .net site through TOR because it's the only way to access the site through TOR.

And TOR's fucking broken because it'll still redirect to an onion service even if you don't want it to. I assume your "hack" is to get a TOR circuit that doesn't redirect to the onion site? It works in TOR browser (not Brave for some reason), although if you sit idle for 5 minutes or so it decides to randomly change your circuit and then sometimes you get one that redirects to the onion service again, which means you have to do the hack again to get one that works.
 

Kosher Salt

(((NaCl)))
kiwifarms.net
Joined
Mar 10, 2019
I access the site through TOR via https://kiwifarms.hk, it doesn't have the redirect.
I'm not sure if it has whatever's specifically broken that makes it follow the redirect even if you've configured it not to, but it does still have the ".onion available" button the address bar, so it does have the redirect.

1625436148700.png


I'll give it a try for a while though and see if it works better.
 

3119967d0c

"a brain" - @REGENDarySumanai
True & Honest Fan
kiwifarms.net
Joined
Mar 17, 2019
It's not that the onion service doesn't resist DoS attacks, it's that the onion service goes down and then remains down when the site is otherwise basically working again. Hence I'm accessing the .net site through TOR because it's the only way to access the site through TOR.

And TOR's fucking broken because it'll still redirect to an onion service even if you don't want it to. I assume your "hack" is to get a TOR circuit that doesn't redirect to the onion site? It works in TOR browser (not Brave for some reason), although if you sit idle for 5 minutes or so it decides to randomly change your circuit and then sometimes you get one that redirects to the onion service again, which means you have to do the hack again to get one that works.
It isn't an issue with Tor as such. It's an issue with Josh having a redirect that sends you to the onion site when accessing it from certain Tor endpoints. When the onion site is down, that's an issue.

Admittedly, if you had the 'Prioritize .onion sites' option set to 'Always', the fact that the onion site is down would be a problem regardless. But most people don't have that setting set.
 

Fek

What could possibly go wrong?
True & Honest Fan
kiwifarms.net
Joined
May 7, 2019
I'm sure the onion isn't your first priority and all, but could you expand on what's broken with it exactly, Null? Error below:

Welcome to nginx!

If you see this page, null fucked up the web config. The site should be back to normal very soon. Or not, who knows.

Thank you for sperging.
 

Kosher Salt

(((NaCl)))
kiwifarms.net
Joined
Mar 10, 2019
@Null the problem is that sometimes kiwifarms.net is issuing a 302 redirect to the onion service. It shouldn't ever do that.

When I access view-source:kiwifarms.net with the network tab to capture the request, it triggers this series of requests:

1625502907200.png

1625502938900.png


(that's fine)

1625502989200.png

1625503015300.png


That's the problem. The onion-location header's present but instead of actually serving the page it's also 302 redirecting to the onion location. So it's impossible to access the clearnet site via TOR when this is happening, but it's not always happening. Some exit nodes trigger it and others don't.

The next request, obviously, is to load the onion site, which is just the nginx landing page.

1625503078200.png


Also the .hk site appears to be broken differently. Several of the post editor buttons don't work because for some reason they're trying to load it in over http instead of https:
1625502640900.png

The .net site doesn't have this problem.
 

hundredpercent

kiwifarms.net
Joined
Jun 9, 2020
It's not that the onion service doesn't resist DoS attacks, it's that the onion service goes down and then remains down when the site is otherwise basically working again. Hence I'm accessing the .net site through TOR because it's the only way to access the site through TOR.

And TOR's fucking broken because it'll still redirect to an onion service even if you don't want it to. I assume your "hack" is to get a TOR circuit that doesn't redirect to the onion site? It works in TOR browser (not Brave for some reason), although if you sit idle for 5 minutes or so it decides to randomly change your circuit and then sometimes you get one that redirects to the onion service again, which means you have to do the hack again to get one that works.
Not Tor's fault. It's because of the way Josh has configured it. There's not even any need for that 302 anymore, because of Onion-location.

Presumably, what first caused it to go down is that the onion is on the same server as the main site. So whenever the main site gets DoSed to shit, that also takes down the onion. Then, the configuration was changed during the DoS, and that's what's causing it to keep being down.