Still Under DDOS, but here is a status update anyway. The Tor network is breaking.
/d/Dread icon

/d/Dread

238,199 subscribers

The official community for Dread announcements, discussion, and feedback. Come post any bugs!

Only posts relating to this site in this subdread allowed! Posts here are manually reviewed before public posting!

Dread is back?

by /u/welcomebackFELLOWWW · 1 votes · 2 months ago

I am quite surprised that dread is back, I have legitimately thought that you got busted and seeing dread online makes me happy however some security concerns remain.

I don't want to be a teacher and I know that the admins of the forum repeated more than one time that you should consider dread has already have been compromised and therefore you should have a good opsec but not all the users around here are expert enough to understand what truly means to be "SAFE".

I don't know if you already do that but I suggest to adopt some security practices:

- PM messages of 2 users should be automatically deleted from both sides if the chat is inactive for more than 30 days.

- Inactive accounts should be deleted and all the data that belongs to them should be erased. I suggest to do it after 1 year of inactivity

- dead subdreads were the admins/staff members are inactive or their accounts have been deleted or more in general if no one has made a single post within 6 months, they should be deleted.

-when a user deletes a post that he made on the forum the post,the title and all the comments under the deleted post should be deleted automatically once the main post disappears along with the title of the post.

-Every 1/2 months the logs of dread should be cleaned to ensure the maximum privacy to all the users so IP addresses and all the possible login/signup attempts should be deleted, after all there is no need to held this information because the date that states wen an account has been created remains on the system.

I think that everyone deserves privacy so I believe that this kind of security should be applied to every user on the forum even the ones that have already gone MIA to ensure that if the forum is breached which the probability is quite high none of their information are all gone, of course this should be applied even to the banned accounts.

i don't know if you like my idea but if you think about it dread has a lot of information so less the forum stores the better

Comments (14)
/u/Solar M · 1 votes · 2 months ago · Link

dread never left

you seem to be suggesting things that have been in place for quite a while

all information on dread is currently scraped and has been for quite a while, all available on clearnet sites (not affiliated with dread)

/u/Paris A · 2 votes · 2 months ago · Link

All public information that is scaped. Not private information like PMs (thought you should still encrypt it because dread admins can read PMs if we need to). We do clear out PMs and stuff occasionally (generally clearing anything over a month or three back). We also do clear inactive accounts.

We don't want people who make a post to have power over the comments on the post. Your content is your own to delete. Nobody else's action (other than mods and staff with reason) can do so.

Being that we operate on the Tor and I2P network there are no IP addresses or personal information to clean up. Our last activity systems detect only when someone changes the state on the site (like makes a comment or post, sends a PM, votes, etc) not when they sign in. Of course you should assume we record every single thing you do on the site. But unless you personally identify yourself there is basically nothing a compromise can do to your privacy.

/u/welcomebackFELLOWWW OP · 1 votes · 2 months ago · Link

I will say what I have said to hugbunter:

Personally I disagree on the points to not delete a subdread, I may understand it for the big ones like the defunct empire market but what about the little subdreads that have like less than 100 subs,the admins and staff are all inactive or their accounts have been deleted? I think that the content should be deleted because in any case no one would even notice that such subdread is no more because no one cares. I also disagree with the fact that title posts are never deleted, I do understand that they can't be modified by why can't they be deleted? by the other people's comments you can still understand what that user was talking about. I may agree with the choice of not removing other people's comments if the main author of the post deletes it but I think that all the posts about an user should be automatically be deleted (even after 1/2 months if you do it manually) if he deletes the account, sure he can remove them manually but it takes a lot of time if he has a long history on dread and if he already has deleted the account without deleting the posts first then that would mean that the posts would stay on dread forever.

I had the idea of deleting even logs such as the IP addresses in case of a potential leak but deleting logs of login attempts or signup attempts is indeed useful because it can potential information about a specific user (the user may have entered the wrong credentials, he may have even have entered an username and a password related to a darknet market account by mistake because he was in a rush)

/u/Paris A · 2 votes · 2 months ago · Link

People need to realize that just because you deleted it on Dread it doesn't mean it's deleted elsewhere. Those titles are a reminder that while the content is removed the trace is still here. Deleting on Dread doesn't remove that trace. Plus it makes it easier for moderators to know what the fuck is happening in the comments if the title remains. It is not to us to protect users but users to protect themselves.

/u/HugBunter A · 1 votes · 2 months ago · Link

We were never gone, still facing DoS attacks and have been available through private mirrors and I2P, I've been publishing small updates to Reddit and will be making a post to our emergency subreddit /r/DreadAlert as the main onion can and will go down again.

We already have everything you mentioned in place, however Subdreads will always remain as they preserve historic post and comments.

The title of posts is never deleted so the subject cannot be altered. Deleting the post would not remove comments, because again that is then giving power to the author to remove other user's content. That's not how this platform works.

There are no IP logs, we are all anonymous here. When using Tor to access a hidden service, everyone's IP address is 127.0.0.1

/u/IamLegion · 4 votes · 2 months ago · Link

everyone's IP address is 127.0.0.1

OMG HOW DO YOU KNOW MY IP??!!

/u/welcomebackFELLOWWW OP · 1 votes · 2 months ago · Link

Personally I disagree on the points to not delete a subdread, I may understand it for the big ones like the defunct empire market but what about the little subdreads that have like less than 100 subs,the admins and staff are all inactive or their accounts have been deleted? I think that the content should be deleted because in any case no one would even notice that such subdread is no more because no one cares. I also disagree with the fact that title posts are never deleted, I do understand that they can't be modified by why can't they be deleted? by the other people's comments you can still understand what that user was talking about. I may agree with the choice of not removing other people's comments if the main author of the post deletes it but I think that all the posts about an user should be automatically be deleted (even after 1/2 months if you do it manually) if he deletes the account, sure he can remove them manually but it takes a lot of time if he has a long history on dread and if he already has deleted the account without deleting the posts first then that would mean that the posts would stay on dread forever.

I had the idea of deleting even logs such as the IP addresses in case of a potential leak but deleting logs of login attempts or signup attempts is indeed useful because it can potential information about a specific user (the user may have entered the wrong credentials, he may have even have entered an username and a password related to a darknet market account by mistake because he was in a rush)

/u/HugBunter A · 1 votes · 2 months ago · Link

Defeats the purpose of the platform if content without a violating site-wide rules is deleted without the consent of the author, it is intended to be retained forever unless the author wishes to remove it.

But yeah there are no IPs to log so that idea is redundant.

/u/rambouk2uk P · 1 votes · 2 months ago · Link

Ultimate Guide to I2P friend check it out

/u/superspeedbros · 1 votes · 2 months ago · Link

It would be great to know how many time a comment or post has been edited. It would be nice too that after a prudent time, post were locked and comment could not be edited. The past should remain unchanged. Greetings to /d/all.

/u/FyodorMD · 1 votes · 2 months ago · Link

[removed]

/u/GhostDopw · 1 votes · 2 months ago · Link

Its been my first week here and i really appreciate all teh content Dread have for everyone

/u/donkeysquadreborn · 0 votes · 2 months ago · Link

i thought paris went out for a pack of cigarettes an never came back dawg shit was scary when u aint got I2P

/u/TheMethadoneMan · 1 votes · 2 months ago · Link

Kinda feels like it should be stressed more just how easy i2p is. Ppl see that huge guide and think they have to read a book first.