Updated onion address: 2017-March-12

Previous work here. The rest of this post is for technical individuals.

I recently moved to a new DN! host mainly because my first one ran out of storage. I apologize to those who have not been able to access the last few episodes due to the old host filling up. This post goes into detail how I set up the new Onion site, then how I transfered all ~30GB of existing DN! files from the old host to the new host exclusively over Onion service via rsync.

Some major improvements include Democracy Now’s third-party services all support TLS now, meaning that I’m finally pulling the media via authenticated and confidential (exluding metadata) transport. My updated shell script is below, too.

Please note that not all traffic is torified on the new host, the DN! files are still getting pulled via port 443, outbound DNS via port 53, and outbound NTP via port 123.

New Ubuntu 16.04 Xenial host setup

Enable the firewall disabling all inbound traffic:

sudo ufw enable

Edit sources list to remove the default HTTP repositories with Wikimedia’s HTTPS repositories for transport authentication and confidentiality, and add Tor Project’s HTTP repository:

sudo vim /etc/apt/sources.list

deb xenial main restricted universe multiverse
deb xenial-updates main restricted universe multiverse
deb xenial-backports main restricted universe multiverse
deb xenial-security main restricted universe multiverse
deb xenial main

Add the Tor Project’s signing key:

gpg --keyserver --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Update, upgrade, then install the necessary Tor apps:

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get install tor apt-transport-tor -y

Edit torrc to create the new Onion site address:

sudo vim /etc/tor/torrc

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22
HiddenServicePort 80

Restart the Tor service:

sudo service tor restart

View the new Onion site address:

sudo cat /var/lib/tor/hidden_service/hostname


Edit sources list again so that the repositories will only be accessed via Onion service:

sudo vim /etc/apt/sources.list

deb tor+ xenial main restricted universe multiverse
deb tor+ xenial-updates main restricted universe multiverse
deb tor+ xenial-backports main restricted universe multiverse
deb tor+ xenial-security main restricted universe multiverse
deb tor+ xenial main

Update and upgrade again, and install Open-SSH, all via Onion service:

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get install openssh-server

Configure the SSH server to only accept connections via Onion service. Also harden the security a little bit:

sudo vim /etc/ssh/sshd_config

AllowUsers user
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 30
ServerKeyBits 4096
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes

Install Apache via Onion service, disable status, and enable headers:

sudo apt-get install apache2 -y && sudo a2dismod status && sudo a2enmod headers

Configure the index view of the Apache landing page:

sudo vim /etc/apache2/mods-available/autoindex.conf

IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 SuppressDescription SuppressIcon SuppressLastModified SuppressRules
IndexOrderDefault Descending Name

Harden Apache’s security configuration:

sudo vim /etc/apache2/conf-available/security.conf

Directory /
AllowOverride None
Require all denied

Header always set X-XSS-Protection: "1; mode=block"
Header always set X-Permitted-Cross-Domain-Policies: "master-only"
Header always set Cache-Control: "private, no-cache, no-store, must-revalidate"
Header always set Pragma: "no-cache"
Header always set Expires: "-1"
Header always set X-Content-Type-Options: "nosniff"
Header always set X-Frame-Options: "sameorigin"
Header always set Content-Security-Policy: "default-src 'self'"
ServerTokens Prod
ServerSignature Off
TraceEnable Off

Configure Apache to only work via Onion service:

sudo vim /etc/apache2/sites-available/000-default.conf

ServerName gnt3qwmxads3yytg.onion
DocumentRoot /var/www/html/dn/
LogLevel info
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

Restart Apache:

sudo service apache2 restart

Make the DN! directory:

sudo mkdir /var/www/html/dn/

Create the shell script to download the various DN! files:

sudo vim

cd /var/www/html/dn/
daystamp=$(date +%Y-%m%d)
wget -m -p -E -k -K -np -nd -e robots=off -H -r$daystamp.mp4
wget -m -p -E -k -K -np -nd -e robots=off -H -r$daystamp-1.mp3
wget -m -p -E -k -K -np -nd -e robots=off -H -r$daystamp.mp4.torrent
chown -R www-data:www-data /var/www/html/dn/*

Edit cron to check for new files every 15 minutes:

sudo crontab -e

*/15 * * * * bash /home/user/

Old Host

Configure SSH client to be torified:

sudo vim /etc/ssh/ssh_config

Host *
ProxyCommand nc -X 5 -x %h %p
CheckHostIP no

Rsync all files from the old host (ssh client) to the new host (ssh server):

sudo rsync -v /var/www/html/dn/* user@gnt3qwmxads3yytg.onion:/var/www/html/dn/


The Tor Project has lied to its community

I can confirm the identity of River given many of the details in her story, but I do not know her personally. I am a victim of rape and I sympathize with presumed victim’s stories. I was also a guest of Jacob’s on the evening of New Year’s Day, 2016.

“One night, he invited me to his apartment to party with him and several of his friends. I went, not thinking twice that anything further would happen.”

There were no parties going on this particular evening. It was in the late afternoon when our group started organizing to go to a sauna in Berlin. It was then that several more of Jacob’s friends came over to the apartment. There were at least 10 of us. At the sauna, after we all checked in, and since I am an introvert, I split off from the group because I wanted to relax and get dinner. After finishing my dinner, I found Jacob and rest of the group eating and I sat down on the edge of a couch to join them. After dinner I ran into River, and she asked me, “Do you know where our group is?” I told her the group’s last known location. She said thanks, we both smiled at each other, and I remember thinking that she seemed like a really nice person. She walked away and I continued exploring the sauna by myself. That was the extent of our interactions that entire evening.

After the sauna had closed and after getting back to Jacob’s apartment, there were five of us watching a movie together. The four of them were on Jacob’s couch that was pulled out so they could lay down under blankets. I was not on the couch; instead, I was off to the side sitting on a pad. Jacob and River were laying on the far side of the couch. Two other guys, both gay, one of whom had a flu-like illness, were laying together nearest me. I was effectively a “fifth wheel” since I was not part of either one of the two couples on the couch.

“We were all watching a movie and laying on the couch. I was intoxicated and not thinking clearly, and it took me a long time to realize that Jacob was going down on me, in the living room, in front of everyone.”

During my visit to Berlin, there was only one night at Jacob’s where we had watched a movie together while River was visiting. I did not witness anyone having alcoholic beverages or any manner of drugs on this night. There were no stops between the sauna and returning to Jacob’s apartment. Several hours had passed between dinner and the sauna closing if any of them had consumed anything intoxicating at dinner. Very little time had passed between getting back to the apartment and starting the movie.

I cannot claim that River did not have any drugs or alcohol, I just never saw any. I had brought Jacob a bottle of my favorite vodka that I purchased in Iceland on my way to Germany. However, I explicitly remember Jacob not having any mixers available, so I did not even have any despite wanting to. Again, this does not mean that River did not become intoxicated somehow, it just seems very unlikely.

“I told him that I didn’t want to do that, and he stopped, but I don’t remember what happened directly after, except that he kept touching me.”

Jacob and River were cuddling throughout the entire movie.

“The next thing I realized was that one of his friends in the room was touching me instead of Jacob, and Jacob told me to go down on his friend.”

The two others, both gay men, were not only calmly snuggling, but the one that was not ill had been spending the entire day taking care of the other. I did not witness any contact between either of the two couples on the couch, and I was within arms-reach of the two nearest me.

“I asked them to stop, however, all of this had a really long delayed effect because I was under the influence. I remember that his friend did stop touching me when I asked him to, but then I blacked out, and when I came back into consciousness, Jacob was having sex with me in the living room with his friends watching.”

If River was under the influence of drugs or alcohol, it was not apparent. At no point did she seem distressed or abused. Nobody did. Further, no one was having sex in the living room.

“When I realized what was happening, I told him again that I wanted to stop. He asked why, and I said that I didn’t want to do that in front of everyone. He did stop, but replied, “well, that’s what we’ve already been doing”, and turned extremely cold. Eventually, he brought me into his room, but I felt like I was being punished.”

I remember River saying something to the effect of “Not in front of everyone.” What River said was the only thing I heard from the four of them throughout the entire movie. What she said sounded playful, and not distressed, but it does mean stop. As far as I could tell, nothing happened thereafter; but again, I had not witnessed any sexual actions throughout the entire movie between anyone.

“Later, when I wasn’t intoxicated, Jacob again tried to persuade me to have sex with his group of friends. It was then an easy no, but it felt like I lost my value to him once I wouldn’t give him or his followers what they wanted.”

If Jacob was pressuring River to have sex with him or with anyone else, nobody else had any part in it. When the movie ended, I immediately laid down on the pad and went to sleep. The gay couple, if they were not asleep already, did the same.

“What is most terrifying about this situation is how systematic all of this felt. I very clearly understood that I was not the only woman that this happened to. In fact, it felt like this was quite common. No one in that situation seemed to be surprised about any of these events, chillingly, not even my discomfort.”

I am very sorry, River. I would never tolerate violence against a woman, not even a stranger. If I had perceived any actions of abuse against you, I would have said something. I would not be Jacob’s friend if I had ever witnessed him abusing anyone, especially to the degree that you are purporting.

This allegation against Jacob is serious. However, I do not condone The Tor Project’s biased investigation against him. Rebecca Speer, who was asked to speak to me at Shari Steele’s request, did not include my account because she did not take it. I was advised not to speak to an investigator without a witness present, and by the time I was ready to speak to Rebecca, she had already left Seattle.

This testimony was referenced by The Guardian.