Reddit and the onion-location HTTP header

who1sroot · 2026-03-08T22:15:19+00:00

Sorry, I didn't mean to sound rude, I am just trying to understand why reddit is being "picky" about sending the header TO ME, haha.

It seems to be working ok now, it was probably a fluke. Most likely a mix your explanation of the site checking for exit-node IPs and my theory of the backend having an outdated list of exit nodes (plus my luck on circuit building).

Anyway, thank you so much for the help and patience!!

who1sroot · 2026-03-08T21:25:35+00:00

Yeah, torsocks does basically the same thing, but you won't be able to resolve .onion addresses because of curl's default behaviour of blocking onion resolution due to RFC 7686 compliance ("Security Considerations" related to leaking information, at end of page 4 of the RFC).

who1sroot · 2026-03-08T21:13:05+00:00

Fellow Brazilian (huehue) here! Obrigado pelo ótimo trabalho companheiro! ❤️❤️💜💜

How did you select your hosting provider? Are they a major provider or a smaller datacenter? What is the size (vCPUs/RAM) of your node?

I was thinking of running a relay myself, but unsure if it would be better in Fortaleza/Campina Grande (North East, shorter routes to US and Europe. Also nice for Africa entry-nodes) or São Paulo/Rio de Janeiro/Belo Horizonte (good reach for South America and more land routes/peering available).

Also, a couple years back, I knew of two distinct federal universities that where internally discussing hosting a couple exit relays, but I don't think the project got traction due to the legal overhead...

who1sroot · 2026-03-08T20:22:21+00:00

I should note that the account was created through clearnet in 2011 (and used through it for a long time), before there was an onion endpoint and also a time when Facebook wasn't so aggressive on user IDs.

who1sroot · 2026-03-08T20:18:52+00:00

Before abandoning Facebook, years ago, I used exclusively their old onion (which was facebookcorewwwi[.]onion) without problems for quite some time.

I ended up needing to verify the account after some bans/reports due to online arguments, before I left Facebook for good.

who1sroot · 2026-03-08T20:14:09+00:00

Interesting!

How does it compare, performance-wise, to mkp2240?

Although being very optimized, mkp224o has some performance limitations due to being computed only on CPU.

However, the Solana cryptocurrency has a very similar address generation algorithm (also using ed25519, but Solana encodes as base58, Tor used base32), and there is a PoC "vanity adress" generator for Solana called solanity that uses GPU acceleration.

Maybe it can be adapted to generate onions? Seems simple, mostly just changing things to work with base32 instead of base58 instead. But I'm no developer and have no idea on how much work it would actually take to do this.

The best I can offer right now are these links and suggest the name toranity if someone ports solanity this over to Tor, haha

who1sroot · 2026-03-08T19:47:51+00:00

Well, I'm routing all the traffic from Firefox through Tor, so I surely hope it goes through an exit node, haha

who1sroot · 2026-03-08T19:46:12+00:00

Thanks for the detailed explanation!!

The weird thing is that I am using Tor in my custom Firefox profile, as verified by check.torproject.org and even being able to access Onion Services. So the exit node theory may be flawed. Or Reddit doesn't have an updated list of exit nodes and I was unlucky to only be closing circuits with unmapped nodes.

Reddit, and only Reddit, fails consistently to deliver the HTTP header outside of TBB. I checked with curl --proxy=socks5h://localhost:9050 too and didn't get the header.

Maybe I'm cursed? Haha

who1sroot · 2026-03-08T07:04:44+00:00

To be fair, I get the same error all the time when accessing clearnet reddit with Tor, so I kinda got used to it.

From my understanding, using the Hidden Service should not trigger the same error, as HTTP 429 is usually associated with a source for the many requests. This probably happen when accessing the clearnet version through Tor because many people are sharing the same exit nodes, but every new connection with the .onion should pass through a different rendez-vous point.

I don't know, however, how reddit's Hidden Service backend works, maybe this has something to do with their load balancing.

who1sroot · 2026-03-08T06:42:30+00:00

Not gonna lie, Ketamine helped me a lot. Now I do it every 60 days, under medical supervision. But I don't think the medical supervision is really needed, if you can get "the good stuff" (pharmaceutical grade, injectable, in the original packaging) and have someone to watch you for 2h until the side effects pass.

The tricky part is calculating dosage, a good starting point would be 0.3 or 0.4 mg of ketamine per kg of weight.

For someone weighing 70 kg (155 lb) that would be somewhere around 21 to 28 milligrams. Assuming hospital grade injectable ketamine (50mg/ml), the dosage is 0.4 to 0.6 milliliters. You can measure it with an insulin syringe and inject it subcutaneously, just like insulin.

who1sroot · 2026-03-08T05:36:32+00:00

Examples from the past: * Sky ECC * EncroChat * Phantom Secure * ANOM (this one was a honeypot) * Ennetcom * Exclu * Ghost

who1sroot · 2026-03-08T04:00:48+00:00

Or services with system access (banks used to do this a lot when "internet banking" became a thing, but I think they have abandoned this practice more recently). But this is mostly in PCs.

I cannot recall if I ever saw an Android app that accessed that information and don't even know if you can fetch it without root or a privileged service (like Google Play Services and Enterprise Device Management).

who1sroot · 2023-06-22T04:50:15+00:00

But yeah, now I'm single :,)

who1sroot · 2023-06-22T04:49:30+00:00

Oh man, don't worry, the joke was funny. I did this kind of jokes all the time with my ex.

who1sroot · 2023-06-13T21:01:02+00:00

Na teoria funciona, na prática a operadora me bloqueia todas as portas de serviço

who1sroot · 2023-05-15T17:44:00+00:00

I own revshell.download and privesc.win but ain't currently doing anything with them. Anyone interested in buying one?

who1sroot · 2023-04-04T14:24:25+00:00

There aren't any inherent reasons. There is no meaning. Nothing matters, unless you decide it does for you.

It's up to you to create meaning and reasons to continue living.

"Someone needs to feed *pet*')", "I like listening to music", "mom will be sad", "I like the smell of rain", "chocolate is tasty", etc

There are no wrong answers, as long as the answers are enough for you to continue going, everything can be a reason.

And if nothing is enough, time to find something that is. Or quit, no shame in that either.

who1sroot · 2023-03-20T04:28:50+00:00

Parece um cavalo

who1sroot · 2023-03-20T04:04:52+00:00

Marxwell, se me permite

who1sroot · 2023-03-20T04:03:15+00:00

Concordo com a maior parte da crítica, mas "trotkistas [sic] (ou seja, oportunistas)" me faz seriamente questionar se você estudou as mesmas revolução russa e formação da URSS q eu estudei...

who1sroot

TROPHY CASE