Design an opt-in Hidden Service Public Directory Submission system
Hidden services are not as visible as the normal Internet. There are interesting hidden services out there that no one knows about, not even search engines like ahmia. Also, unlike the real internet, the onion space is not very well connected so search engine crawlers have a hard time harvesting more addresses.
We've been discussing adding some kind of system that Hidden Services can use and it will automatically publish their onion address for the whole world to see. This fits to the threat model of Facebook or of blog sites, and we should make sure that it never happens to our private SSH hidden services etc.
This ticket is about designing such a system. I2P has been doing something very similar, apparently with good success and with no drama. See section Incoming Subscriptions and Merging of https://geti2p.net/en/docs/naming. Furthermore, their system is basically a FIFO petname system, where people can register their public keys and match them with a human memorable name.
There are many questions here:
- Should this be a little-t-tor-feature? Sebastian feels that there is too much complexity in Tor already and adding features like this only intensifies it. He suggested to make this a controller feature, and just have the controller submit our descriptor to a directory. Unfortunately, there is no real controller for hidden services, since TBB is not in the picture, and arm does not work with hidden services. Maybe we could make this a feature of txtorcon or stem?
special pointed out that this feature is not much better than hidden service operators manually submitting their URL to ahmia through the web UI. The problem is that operators might not know of ahmia. A suggestion here was to improve hidden service operator education, and just suggest ahmia in the hidden service documentation. Maybe in the future, if ahmia or onioncity become a big thing, this will be an obvious step to do if you are a hidden service operator.
- Another big question here is where the onions should go? Would we have an OnionAddressAuth that accepts these announcements, and then spits out a list of onions and their descriptors? But who runs this authority? Is it Tor? Or a friend, like tor2web or ahmia, like the other authorities? Or we decentralize the URL list through the existing directory system (which increases disk space and traffic for directories...). There might be certain legal issues here that we should examine carefully before proceeding.
Also, we are still on the loookout for better names for this system. Especially names that make it obvious that you should only enable this if you belong to the Public Hidden Service threat model.