I wanted to be able to send data to Tor onion endpoints within my code, mixed with regular IP or DNS addresses. This modification allows the Linux system resolver handle Onions as it would any other address.
Be careful with this if you're expecting anonymity though. The Tor browser does a lot of work trying to prevent identifying information from being sent to the other side. If you run an arbitrary protocol over Tor without any of that, it's much easier for the server to fingerprint the client.
Absolutely. I highlighted this as one of the warnings in the Howto I made. Any protocol you use must be vetted for security and privacy, if you intend to use Tor for those purposes.
My purpose is very different. I wanted to communicate with any machine I owned. Every machine has an Onion hidden service, and every machine can talk to Onions seamlessly.
What this allows is I can code against a [hash].onion, and know that the data goes where I want it. I can run Mosquitto (MQTT database) on one node, and other nodes can publish data to it. It matters not where they are, what networks they reside on, or if I get the "DynDNS, firewall holes, dynamic-static internal IP", and the rest of that junk set up right.
I also use Node-Red, and can use .onion addresses as valid services elsewhere. It allows me the ultimate network flexibility. I think of .onion addresses as being on a "Really Long Ethernet Hub" that only listens to the machine talked to.
EDIT:
> If you run an arbitrary protocol over Tor without any of that, it's much easier for the server to fingerprint the client.
I have been using privoxy as a system wide proxy with this rule `forward-socks4a .onion localhost:9050 .` to do this. I didn't know this was possible, great.
If debian generated an onion address like debiandebxwnjx6t.onion (just made that up), how would that help you determine that the .onion address is owned by debian?
All it proves is that someone ran a vanity key/address generator on his GPU for a couple of days to get a nice-looking prefix. I could do the same thing at home and get a different address with the same prefix, and you wouldn't be able to tell the difference without comparing the whole address.
You need a trust path to the Debian sysadmins. The best option right now is the HTTPS on onion.debian.org and the knowledge that Debian uses Lets Encrypt.
Sure, but variations are there so the reproducible builds are more robust and can be done natively. It doesn't mean that you can't reproduce these packages, just stick to the standard build paths, filesystems, etc...
I wrote this: https://trac.torproject.org/projects/tor/wiki/doc/LinuxDNSre...
I wanted to be able to send data to Tor onion endpoints within my code, mixed with regular IP or DNS addresses. This modification allows the Linux system resolver handle Onions as it would any other address.