We.riseup.net over tor

Riseup provides a .onion address for we.riseup.net so it also can be accessed as a hidden service. Let's collect information about this and encourage the use of tor and collect workarounds for common issues.

What’s it good for

Tor routes all your traffic over three different servers in order to minimize the information that can be gathered about your connection. we.riseup.net is already only available over https which adds nicely to tor. Even better… riseup even provides a .onion address for we.riseup.net – an address that can only be reached through the tor network and only exhibits to an observer that you are connecting to tor: 7lvd7fa5yfbdqaii.onion.

Using tor will prevent your local government, your ISP and anyone on you local network from learning the fact that you are connecting to we.riseup.net. It will also prevent riseup, riseups ISP and the government where riseups server runs from learning that it’s YOU who is connecting to we.riseup.net. They can only tell that there is a connection from the tor network if you are not using the .onion domain.

How to use tor

There are two ways to savely connect to Tor:

  • the tor-browser
  • the TAILS operation system.
    If you are running linux you might want to install the tor-browser launcher and use it. It will check if your tor browser is up to date on a daily basis and take care of upgrades etc.

Precautions when using Tor

https

Tor only serves as a private connection from your computer to the last Tor server – the so called exit node. IF you transfer any unencrypted data over that channel it will be unencrypted when leaving the exit node. So please make sure to use https (or a .onion address)! This is easy with we.riseup.net as we.riseup.net only works with https.

create new Tor sessions

if you do everything you do over the same Tor connection the exit node (and anyone monitoring its traffic) can still learn a lot about you. In particular if you use Tor to login anywhere without https or on a very specific server such as your own homepage. This information can be related to everything else you do with the same tor connection. So in order to prevent that you should change the Tor connection after you are done with one thing. The Torbrowser has a button for this and it will restart the entire browser to make sure your browser history does not leak.

Noscript – blocking javascript

Torbrowser blocks all javascript by default. This prevents a lot of attacks but at the same time makes life more difficult with we.riseup.net as we rely on javascript for some functionality. You can enable javascript for we.riseup.net only – but this also has security implications. I hope to detail them later on this page. Or you can look at we.riseup.net without javascript to see how the support for javascript less browsers is moving along and to report issues you run into.

 

my expierience was that most of the functionality is NOT working, if javasript is forbidden!
to prevent that click on the s-button left to the url-window and choose “temporary allow all this page” but take into account the security risks mentioned above in the last wiki text Noscript – blocking Javascript

 
 

Tor-Browser states that your server is configured improperly. Snort says your website tries bad things.

 
 

I was told by someone I trust in I.T that the FBI host a lot of the Tor nodes so that they can ‘keep an eye’ on gun traffiking and peodophiles (and of course political activists etc). They told me it’s much better to use VPNs. Do any of you know any more about this? I guess if lots and lots and lots of people use Tor that makes it ‘safer’ but still doesnt address issue of who hosting nodes…

 
   

Well, Tor advises against entering on 7lvd7fa5yfbdqaii.onion because it’s an insecure connections. It happens at any security level. It seems to be something to do with the certificate. Hypothesis anyone?