Still Under DDOS, but here is a status update anyway. The Tor network is breaking.
/d/HiddenService icon

/d/HiddenService

7,737 subscribers

The best parts of the anonymous internet!

Post all your i2p, freenet, and darknet links here. A reddit style directory to discuss experiences with certain hidden services.

Click here to start your tor journey!

Not sure about a site? Post it here!

NO MARKET ADS

The Correct way to Verify a Site's Mirror: (Pinned post)

by /u/darkdirect dark [dot] direct · 6 votes · 9 months ago

You can find the guide at dark.direct/guides or dddirectinfv3htc4vl6mied5lpaatora7mmqkcf3sfjrx37fajigmyd.onion/guides

Phishers have started to sign their fake mirrors with fake keys located in pgp.txt, rendering the traditional method of verifying mirrors obsolete. Always get your keys from trusted 3rd party sources.

Never trust a mirror to provide you with a genuine key. Never get a pgp key from the same place you get a mirror. Never trust pgp.txt

Trusted sources to obtain your keys: pgp.fail, darknetlive.com and Dread. Comparing keys from 2 of these sources makes the process almost trustless.

P.S Onion administrators consider replicating the format of my pgp.txt

P.S 2 Gracias Shakybeats for writing the original guide.

-dd

Comments (4)
/u/visitorsearch · 1 votes · 8 months ago · Link

i just returned on the tor network and reviving an old onion search engine and link directory.

it is not my first priority at the moment, but automating these checks are on my todo list.

anybody knows about or is interested in creating a RFC in order to make these checks an industry standard easily applied by multiple listing sites?

/u/darkdirect dark [dot] direct OP · 2 votes · 8 months ago · Link

Only a small number of websites follow the current Onion Mirrors Guidelines and that number won't increase, significantly, any time soon due to the overall size of the tor network and how it's used. The majority of tor websites don't need to implement OMG due to the threat of phishing being non-existent. I'll be sticking to manually checking for the foreseeable future

You have to remember following the OMG standard gives a website no extra credibility. The only thing OMG provides is proof you're on a websites correct mirror. That website could be malicious

P.S Someone created a script to check OMG compliance. If you search Dread I'm sure you will find it

-dd

/u/visitorsearch · 1 votes · 8 months ago · Link

yes, you are right, also did not mean it should be a standard for all the 20.000 + onions out there, as a webcrawler i am already happy when they set the Title in HTML ;)

but for those of us who crawl and find all the onions and feed them down the chain it might be a good way to have an already figured out implementation at hand, not that it solves everything, but certainly useful as one of the many routine checks as i check their uptimes etc already anyway.

will certainly look for existing documentation as you mention and have that listed on my site as well in case it might be useful for another site lister to stumble upon, thnx for the tip.

/u/whatupp · 1 votes · 5 months ago · Link

The only trusted source for a canary should be whateveronionsiteyadiya.onion/canary.txt, the canary.txt should contain the public key in txt format, that is used to sign canary.txt.

Having third parties host the canary.txt always poses a certain danger!