We’ve released ncdns v0.3. This release adds Tor Browser configuration support to the Windows installer. If you have Tor Browser installed already, the Windows installer will offer to configure Tor Browser to use Namecoin. This Tor Browser support is aimed at a different audience than the support currently shipped with Tor Browser Nightly; the major features that the ncdns installer brings to the table compared to Tor Browser Nightly are:

  1. Windows support (Tor Browser Nightly only supports Namecoin on GNU/Linux).
  2. Choice of Tor Browser Stable, Alpha, or Nightly (Stable and Alpha do not have Namecoin built-in).
  3. Choice of Electrum-NMC or Namecoin Core (Tor Browser Nightly only supports Electrum-NMC).
  4. .bit domains fall back to IP address resolution if no onion service exists (Tor Browser Nightly only supports onion services).

Additional features we intend to add to the ncdns installer in the future include:

  1. TLS support (important for Tor since exit relays are in an excellent position to do MITM attacks, and also important given the censorship attacks we’ve observed from public CA’s such as Comodo and ISRG in the past few years).
  2. Recursive DNS support (will allow more complex setups such as NS/DS records to be used with Namecoin over Tor).

While we are looking forward to all of the above features making their way into Tor Browser, we want to give power users the option to experiment with these features now. We expect the feedback from that experimentation to make it easier and faster to migrate these features into Tor Browser.

Meanwhile, here are some important caveats you should be aware of in this integration:

  1. Download size is much larger than Tor Browser Nightly’s Namecoin integration. If you are on a heavily metered data plan, you may be better off with Tor Browser Nightly.
  2. The build system is less strict on reproducibility than Tor Browser Nightly. In particular, Electrum-NMC is built with the upstream Electrum reproducible build system, and BIND and DNSSEC-Trigger use official upstream binaries. If you are concerned about these components, you may be better off with Tor Browser Nightly.
  3. You must launch Electrum-NMC or Namecoin Core yourself and keep it running while Tor Browser is running; otherwise .bit resolution will fail. If you want Electrum-NMC to automatically start when Tor Browser does, you may be better off with Tor Browser Nightly.
  4. Some timing metadata (in particular, the date and time at which you exit Tor Browser) will be written to the Windows event log, which could be a privacy leak. Timing metadata about Tor Browser usage has been used against alleged whistleblowers (e.g. alleged Vault 7 source Joshua Schulte) in the past, so if you have a strong requirement for disk nonpersistence, you may be better off with Tor Browser Nightly.
  5. The TorButton patch for showing the underlying onion service in the circuit display is not included. If you care about being able to easily view which onion service a .bit domain is pointing to, you may be better off with Tor Browser Nightly.
  6. The Firefox patch for adding bit.onion to the eTLD list is not included. This means that the address bar will default to search mode if you type a .bit or .bit.onion domain without a URL scheme (leading https://). More importantly, it means that FPI (first-party isolation) will treat bit.onion as an eTLD+1; as a result, all .bit.onion websites that you visit will be trivially linkable to each other. To work around this privacy leak, you can use .bit instead of .bit.onion (but see the conflicting advice below), or you can limit yourself to one .bit.onion first-party domain at a time (use the New Identity button when you want to switch to another .bit.onion domain). If you’re worried that you may not remember to do this, you may be better off with Tor Browser Nightly.
  7. TLS is not mandated for .bit domains that point to an IP address. This means that you cannot be confident that .bit domains are secure origins. Tor Browser will correctly tell you that these origins are not secure; you should heed that warning. To work around this, you can use .bit.onion instead of .bit (but see the conflicting advice above), or you can use the https:// URL scheme; either of these will guarantee a secure origin. If you use HTTPS, you will need to verify the certificate chain yourself. If you’re worried that you may accidentally use the http:// URL scheme with .bit domains, or if you’re worried that you may accidentally click through a TLS certificate dialog without checking the chain, you may be better off with Tor Browser Nightly.
  8. Our QA team has reported occasional timeout errors when accessing .bit domains in Tor Browser. We are investigating the cause. If you require solidly reliable connectivity without timeouts, you may be better off with Tor Browser Nightly.
  9. Our QA team has reported various breakage on Windows 7. We are working on fixes, but this is not a high priority since Windows 7 is EOL. If you require Windows 7 support, you may be better off waiting for us to fix that.

Some of the above caveats are easier to fix than others. We expect some of these to be fixed very soon; others are longer-term efforts. We reiterate that this is intended for power users who want to experiment with Namecoin in Tor Browser, so that their feedback can facilitate future efforts to get these features added to Tor Browser. As such, we very much appreciate feedback so we can improve this functionality.

Full changelog of what’s new since v0.2.2:

  • certinject
    • Add dexlogconfig support. Patch by Jeremy Rand.
    • Add –capi.watch flag (paves the way for better sandboxing). Patch by Jeremy Rand.
    • Code quality improvements. Patches by Jeremy Rand.
  • dexlogconfig
    • Support custom Windows event log source name. Patch by Jeremy Rand; code review by Hugo Landau.
    • Clarify help text. Reported by Jeremy Rand; patch by Hugo Landau.
  • easyconfig
    • Support durations. Reported by Jeremy Rand; patch by Hugo Landau.
  • Encaya
    • Add README. Patch by Jeremy Rand.
    • Clarify license as GPLv3+. Patch by Jeremy Rand.
    • Code quality improvements. Patches by Jeremy Rand.
  • ncdns
    • Use new certinject package. Patch by Jeremy Rand.
    • Remove Layer-1 TLS support (100% of Namecoin domain owners moved to Layer-2 by now). Patch by Jeremy Rand.
    • Code quality improvements. Patches by Jeremy Rand.
  • ncprop279
    • Documentation: add sample config file. Patch by redfish; code review by Jeremy Rand.
    • Code quality improvements. Patches by Jeremy Rand.
  • StemNS
    • Use StreamStatus.CONTROLLER_WAIT when available. Patches by Jeremy Rand and Lola Dam.
    • Code quality improvements. Patches by Jeremy Rand
  • tlsrestrictnss
    • Fix compatibility with ncprop279. Patch by Jeremy Rand.
  • x509-compressed
    • Fix GOROOT paths containing a space. Patch by Jeremy Rand.
  • Windows installer
    • Configure Tor Browser. Patch by Jeremy Rand.
    • Remove Layer-1 TLS support (100% of Namecoin domain owners moved to Layer-2 by now). Patch by Jeremy Rand.
    • Code quality improvements. Patch by Jeremy Rand.
  • Build system
    • Add coredns-utils project, by Miek Gieben, Steve Winslow, and Andrew Heberle.
    • Add python-windows project. Patches by Yanmaani and Jeremy Rand; code review by Nicolas Vigier.
    • Add winsvcwrap project, by Hugo Landau.
    • Bump BIND to v9.16.28.
    • Bump Electrum-NMC to v4.0.0b0.
    • Bump godns to v1.1.48.
    • Bump gointernal to v1.8.1.
    • Bump gopkcs11 to v1.1.1.
    • Bump gotoml to v1.1.0.
    • Bump gounits.
    • Bump tor-browser-build to v11.5a11.
    • Code quality improvements. Patches by Jeremy Rand.
    • Improve Cirrus CI integration, as we continue to incubate RBM Cirrus support in preparation to send upstream to Tor. Patches by Jeremy Rand.

You can download it at the Downloads page.

This work was funded by NLnet Foundation’s Internet Hardening Fund and Cyphrs.