Using InfluxDB, Telegraf, Grafana & Tor .Onion’s To Build a Surveillance Resistant Distributed Metrics Infrastructure
At Ablative Hosting we prefer to use .onion networking everywhere we can. .onion’s ensure that our web properties can never be blocked, our employees can trust the end-to-end nature of the connectivity, our endpoints aren’t exposed in Certificate Transparency Logs. Most importantly; Tor prevents adversaries from tapping the upstream of our metrics or log servers and trivially discovering the IP addresses of all our other servers (or employees) when they connect.
With the sad loss of Daniel’s Hosting the .onion hosting ecosystem has lost a home for ~7600 sites. Whilst Ablative.Hosting is a commercial venture it is one with the aim of assisting people to resist Internet censorship. If you can’t afford a VPS, an always on Internet connection, a domain or our MHO512 service then the lack of access to finance is a form of censorship. Free shouldn’t mean co-operation with surveillance capitalism machinery, Free shouldn’t mean having to hand over personal details or content rights.
Did you know that Ablative.Hosting has a .onion only IRCd? Available at irc.hzwjmjimhr7bdmfv2doll4upibt5ojjmpo3pbp5ctwcg37n3hyk7qzid.onion/6667 this IRC server is available for anyone interested in .onion technology whether they are a customer or not. There’s usually one or two members of staff luking in #ablative and we’ll happily help you with any .onion technical queries without a sales pitch! We don’t support services such as NickServ or ChanServ at the moment (mainly as we’re only expecting people to drop in to ask questions / get support for a problem rather than spend any sustained period of time here).
HTTP headers can greatly improve the security of a website and in the cases of Content-Security-Policy or Feature-Policy can greatly improve the security and privacy of users too. Just because a website is hosted on a .onion rather than .com doesn’t mean webmasters shouldn’t make use of this security functionality. Inspired by OnionScan from OpenPriv‘s Sarah Jamie Lewis Ablative Hosting’s https://onionheaders.website/ intends to help .onion webmasters improve their httpd security configuration.
Ablative makes heavy use of Ansible, this allows us to push changes to servers quickly, ensure that all instances are hardened appropriately and, by following a secure software development lifecycle, we can automate all interaction with customer servers meaning no human (beyond the customer themselves) ever has access to a server. One of the biggest issues with automation is protecting the credentials that grant access to the customer servers. We’ve seen APTs target MSPs and we can’t ignore the possibility that the UK Government can interfere with our equipment or even seize our infrastructure.