To view the list of links, please access this site using Tor Browser.
If you’re seeing this message, access is restricted for regular browsers.
Already using Tor? If you are sure you’re currently in Tor Browser, proceed to our .onion version:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Today, I can proudly announce the launch of Daunt: The authenticated Darknet link directory. http://dauntdatakit2xi4usevwp3pajyppsgsrbzkfqyrp6ufsdwrnm6g5tqd.onion https://daunt.link Daunt is a new platform as part of the Dread Network, which will serve as a trusted third party for sharing addresses to known and verified services on the Tor and I2P network. However, it is not JUST a link directory. This platform will serve as a "solution" to the on-going DoS attacks through the private mirror sharing concept I have built into it. While it doesn't solve the problem at hand, it should allow the possibility for a lot more organic traffic through to affected services. Essentially, side-stepping the DoS attacks. The idea is to buy time as we await PoW fixes for the Tor network, which has saw extremely positive progress in the last month alone. I conjured this concept based on a question I have been asking myself since the very first attacks started in 2019: "How do we share mirrors without an attacker gaining access to them?". The answer is Daunt. We have years of user data, that can act as a method of verification for you to prove yourself as a legitimate and contributing user in order to access different sets of mirrors based on your "level" in the community. I've been working hard on this and while this first iteration, I don't expect to be perfect, we will look to improve it based on feedback and monitoring of the results. Daunt works by providing service operators with a method of easily submitting their mirrors in an automated manner, to be served in the directory under their service. The API endpoint for submitting the links also allows them to group links by a "Tier" name. They can then set restrictions for each of their mirror tiers, for who can access it and who cannot. They can also submit Tiers with no authentication required, or merely a captcha challenge within Daunt to access mirrors. There are no limitations to this and operators can individually curate their settings. Some examples of authentication that determine your access to a Tier may be simply verifying you are a Dread member, whether you have a Dread premium membership, the age of your account, among many other account stats. Unless the service specifically publishes the requirements for their Tiers, this will not be made aware to you as a user. You may also have access to more mirrors from one service, than you do another. This is determined by the range of Tiers the service is providing. To authenticate your account at Daunt, you must login using a static authentication key, which you can generate through the Dread code generator. This is available by going to Account -> Code Generator within Dread. Your key is an encrypted value which reflects statistics of your Dread account. You can re-generate the key every 7 days to update it. You may have a lot of questions at this point, which I will cover below, copied from the Daunt FAQ Pages: What if Daunt is offline? We do expect outages on the Daunt onion address, so make sure to save all Daunt mirrors listed in the directory. We will be trying our best to scale the service out which should take a lot of the heat away from other services that are being targetted and we then have the fallback clearnet address here: Daunt.link. This is not recommended for use, however if you are unable to access any of our onion addresses, the clearnet service will always be online and still allows authenticated mirror access. [We will also launch an I2P Gateway when possible] Is it safe to use the Dread login on the Daunt clearnet gateway? My initial thoughts on this were to disable the login API access on the clearnet gateway, due to the information provided by the API in its existing state as it was used on Recon. Data such as your account username and PGP Key were required to be passed in the API response, which is out of the question completely when passing the data over a clearnet accessible server. The solution we implemented for this was to create new trustless authentication keys for Dread accounts. These use an encrypted dataset of your account stats with only rounded values and no other identifying factors. This also doesn't rely on Dread being online to login, which is why it is extremely important that you SAVE YOUR KEY. Why are there no working links that I can access for X service? It will happen, this is not an all around solution due to the possibilities of human intervention with an attacker managing to gain access to certain links or a user sharing them to the attacker. However, this also depends on how far the service is able to scale out so that they can provide a variety of tiers for accessing unique mirrors. If you are unable to access a site listed on Daunt, always be patient, our API supports repetitive polling to update mirror links and rotate to new ones when they are available from the service. NOW, something extremely important for you all. Login to Dread, get your Auth Key and SAVE IT. This may become a must have for accessing some services where you fit the requirements of their Tiers. So SAVE IT, you never know if Dread will become inaccessible. The last thing worth noting here is the sorting of Markets in the directory. To ensure it is fair between all included established markets, Daunt will ALWAYS use randomized sorting, on every page load for Market categorized services. Rather than relying on either arbitrary stat values which can be falsified, or even worse "opinion" of the directory admin. As always, we are a neutral third party, so there will never be any pay offs to manipulate market positions, unlike some other directories in the past. As much as I never even wanted to operate a link directory, it is essential right now to try and improve the balance of things through this authenticated mirror concept and it comes at a good time where there aren't many reliable, up to date options from a proven operator. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYTOs4fS4fFHb8/6l6GEFEPmm6SIFAmQFpQgACgkQ6GEFEPmm 6SLN3Q//YruBjl9tFRIMm04BcsEiey9g4j3699nviUO0CmkOD9Eyj745mfGEFe1G aaXjV4lBRQkVn6PCr5JVrCPL5sSAZJOpHLQJ1UWu2d0sb5320TWIlQVQgYxZMAem xqckCR8WQdl4+XBg7QemwvMokYSwDxCl+4folJWkovmMw1xYGAAFUNccVplclcqF gIgqkDJWwj+Zv3bbCtxN2gUt85WWt5c2OELEwQtEKG1DRlT7IW+agc0REi+yv2EP kf+KQk6x7mqPUqkwCOxj8Sx1Ph0Vml74oPBN9XwE613yGCKBcZ/NlYWwmnZolJJS bJ2dIquZn28Arm48gObzJX+OME94/ZFi7Q6wGE/+eFK2qXOxuCZEQL/TRBoeneqx +VcOx47cteoOLwCLjhv2IN8Dq0sFSe1mBBT9Er4nQ124u0uFVcg1O6zck74aCNad nkjGYYH0+u6sGklXC5VmLft0r6S00ddQyHbnlzy0WjwiwXTux4Jb663fl7+Tc94Y sB/eOZ3cJK/qJhh4EbUh93Jqlpu41BHNf3RHGbpLDaxq04dKxOI45A0HgIFOdcAB EiJrHV76DfAI7Qa27HH1m+fIAkcuCMGm17p7snDavL5g5tOiY1yflPJOWo/09juW vuEpKzuqVJ5oQfzs3d3NEiqCLIPdUz76TqOQ6TfqAmx6f/4vLec= =9o30 -----END PGP SIGNATURE-----
If/when such a thing happens then that could be good in a sense of separating the wheat from the chaff in terms of raising the waterline of the quality of contributors and members who have the opporunity to participate, which I am wholly unopposed to.
I like the idea of a system that puts the power in the hands of the community. Decentralize TOR by giving everyone a (unique?) private mirror, and let access to the onions flow organically by who they decide to share their mirror with. Those who invite access to attackers or otherwise undesirable community members can be identified by the originating referral link and denied futher privileges.
This would encourage a more tribal, peer-to-peer way of sharing information and encourage networking among the individuals. Sort of a mesh-network of humans, wouldn't that be an ideal implementation of decentralization in one of its truest senses?
I'd like to see TOR evolve in a way that encourages the people to also evolve to become more decentralized themselves. The potential for pay-to-play and elitism seems like a sticky situation that could end up 'mirroring' the very system that the idea was originally designed to be resilient against.
It's likely that I'm overlooking something on the technical side, huge respect to the whole team for everything that they've been through and accomplished over the years.
Daunt does not have links with no authentication, aside from the primary mirrors of services. Services which are attacked, these links will be down anyway. Any mirrors that are intended to be protected, require authentication and there is nothing an attacker can do other than pass a captcha and take down a single mirror and in the case of captcha only tiers, services are using mirror rotation, so it will simply rotate and be replaced. They can do this continually, by hand, but nothing more. Resulting in these mirrors not being consistently down and allowing initial access to most users, who can then retrieve a private mirror from said service. Any lower access tiers, if breached by an attacker through either building a reputation on Dread or having an authentication key shared with them, will be locked out pretty quickly. The whole process and every fall back was thought through thoroughly, until this concept reached a point of being as air tight as possible.
Instead of each user having a personalized mirror, could it be allowable for users to share their Daunt authentication keys instead? They would need to be willing to risk their Dread reputation to vouch that the individual who they are sharing the key with is trustworthy enough to be granted access. Maybe a feature of premium that allows you to share the same tier access that you have with 5 trustees.
It wouldn't mean fewer points of failure, but it could help in terms of people being able to share with those who can't afford a premium membership or are new or just getting back into the DN and haven't had the time to build a reputation yet.
Users could share their authentication keys, but if it reached an attacker, that means that you would have your auth key permissions disabled if it was found to be in use to poll addresses for an attack.
Low level tiers won't generally require much reputation, which is why it will work well and again, an attacker breaching this won't do much if any harm.