[messaging] Are vanity onion domains a good idea?

Mon Oct 26 17:55:05 PDT 2015

Philipp Winter <phw at nymity.ch> writes:

> The Tor network uses self-authenticating names for onion services, e.g.,
> 3g2upl4pq6kufc4m.onion.  These onion domains are difficult to recognise
> and remember, which is one reason why some onion service providers
> started generating vanity domains.  The idea is to keep generating key
> pairs until the hash's prefix contains a desirable string.  Facebook got
> a pretty good one with facebookcorewwwi.onion.
>
> Attackers have now started to impersonate onion services by generating
> onion domains whose prefix resembles the original.  An example is
> DuckDuckGo's search engine:
>
> Original:      3g2upl4pq6kufc4m.onion
> Impersonation: 3g2up5afx6n5miu4.onion
>                ^^^^^
> Users who encounter an impersonated onion domain might mistakenly assume
> it's the original because they recognise the prefix.  I worry that this
> kind of phishing attack is particularly effective against vanity onion
> domains because they might incentivise users disproportionately to only
> verify the easily recognisable prefix.
>
> As a result, I wonder if vanity onion domains raise more problems than
> they solve.  Should onion domain generation be made deliberately slow to
> render vanity onion domains and phishing attacks impractical?  Should we
> provide browser-based tools to manage onion domains instead of treating
> them like normal, memorable domains?

I actually had written a section in the original draft of the Onion
Services Best Practices document[0] something about avoiding vanity
onions, specifically this is what I drafted:

You can do it, but don't do it for things that matter. Vanity onion
addresses are easier to spoof, and if you have to regenerate a lot of
hidden services (eg. if there was a vulnerability like heartbleed), it
will take a lot longer to bring them online

However, when I asked for review of these suggestions from Tor folks,
not everyone agreed on this point. The argument primarily was that
people can impersonate regular onion addresses just as well, and there
is no difference between that impersonation and one based on a vanity
onion because people don't read them carefully regardless if its a
seemingly random string of letters, or one that starts with an actual
identifiable prefix.

I personally worry in the same way you do Philip. I feel like it
encourages people not to verify the full onion address, or easily be
duped by one that looks very similar to the original, but is one letter
off (perhaps one letter that is easily mis-transposed, such as 1 and
l). Having a good way to verify the legitimacy seems important, and
doing it visually, or through a simple copy and paste which can be
fooled with HTML doesn't seem like the right way to do that.

micah

0. https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices