Dread's Daunt Directory
Daunt is a new platform within the Dread Network, maintained by HugBunter and the team behind Dread. Daunt was developed as the first hidden service link directory with DDoS protection as its core pillar. DDoS attacks have plagued Dread from 2020 to late 2022, leading to a year-long rebuilding of the infrastructure behind Dread.
DDoS attacks hinder the accessibility not only to the targeted services but also to the network as a whole, causing instability across the board. Developed as a platform within the Dread Network, the Dread team is able to use login APIs to verify statistics related to a user and group them with similar users. These groups will be granted access to different tiers of mirror links provided by the services listed within the directory. Similarly, it also allows us to restrict certain user groups from accessing the links, creating a filter. In Daunt's new model of permission mirrors and protected access points, it acts as a deterrent to malicious activity while still allowing significant traffic to reach the end service.
Full announcement from the Dread team and HugBunter
Today (March 6th, 2023), I can proudly announce the
Daunt is a new platform as part of the Dread Network, which will serve as a trusted third party for sharing addresses to known and verified services on the Tor and I2P network. However, it is not JUST a link directory. This platform will serve as a "solution" to the on-going DoS attacks through the private mirror sharing concept I have built into it. While it doesn't solve the problem at hand, it should allow the possibility for a lot more organic traffic through to affected services. Essentially, side-stepping the DoS attacks. The idea is to buy time as we await PoW fixes for the Tor network, which has saw extremely positive progress in the last month alone.
I conjured this concept based on a question I have been asking myself since the very first attacks started in 2019: "How do we share mirrors without an attacker gaining access to them?". The answer is Daunt. We have years of user data, that can act as a method of verification for you to prove yourself as a legitimate and contributing user in order to access different sets of mirrors based on your "level" in the community. I've been working hard on this and while this first iteration, I don't expect to be perfect, we will look to improve it based on feedback and monitoring of the results.
Daunt works by providing service operators with a method of easily submitting their mirrors in an automated manner, to be served in the directory under their service. The API endpoint for submitting the links also allows them to group links by a "Tier" name. They can then set restrictions for each of their mirror tiers, for who can access it and who cannot. They can also submit Tiers with no authentication required, or merely a captcha challenge within Daunt to access mirrors. There are no limitations to this and operators can individually curate their settings.
Some examples of authentication that determine your access to a Tier may be simply verifying you are a Dread member, whether you have a Dread premium membership, the age of your account, among many other account stats. Unless the service specifically publishes the requirements for their Tiers, this will not be made aware to you as a user. You may also have access to more mirrors from one service, than you do another. This is determined by the range of Tiers the service is providing.
To authenticate your account at Daunt, you must login using a static authentication key, which you can generate through the Dread code generator. This is available by going to Account -> Code Generator within Dread. Your key is an encrypted value which reflects statistics of your Dread account. You can re-generate the key every 7 days to update it.
You may have a lot of questions at this point, which I will cover below, copied from the Daunt FAQ Pages:
What if Daunt is offline?
We do expect outages on the Daunt onion address, so make sure to save all Daunt mirrors listed in the directory. We will be trying our best to scale the service out which should take a lot of the heat away from other services that are being targetted and we then have the fallback clearnet address here: Daunt.link. This is not recommended for use, however if you are unable to access any of our onion addresses, the clearnet service will always be online and still allows authenticated mirror access.
[We will also launch an I2P Gateway when possible]
Is it safe to use the Dread login on the Daunt clearnet gateway?
My initial thoughts on this were to disable the login API access on the clearnet gateway, due to the information provided by the API in its existing state as it was used on Recon. Data such as your account username and PGP Key were required to be passed in the API response, which is out of the question completely when passing the data over a clearnet accessible server. The solution we implemented for this was to create new trustless authentication keys for Dread accounts. These use an encrypted dataset of your account stats with only rounded values and no other identifying factors. This also doesn't rely on Dread being online to login, which is why it is extremely important that you SAVE YOUR KEY.
Why are there no working links that I can access for X service?
It will happen, this is not an all around solution due to the possibilities of human intervention with an attacker managing to gain access to certain links or a user sharing them to the attacker. However, this also depends on how far the service is able to scale out so that they can provide a variety of tiers for accessing unique mirrors. If you are unable to access a site listed on Daunt, always be patient, our API supports repetitive polling to update mirror links and rotate to new ones when they are available from the service.
NOW, something extremely important for you all. Login to Dread, get your Auth Key and SAVE IT. This may become a must have for accessing some services where you fit the requirements of their Tiers. So SAVE IT, you never know if Dread will become inaccessible.
The last thing worth noting here is the sorting of Markets in the directory. To ensure it is fair between all included established markets, Daunt will ALWAYS use randomized sorting, on every page load for Market categorized services. Rather than relying on either arbitrary stat values which can be falsified, or even worse "opinion" of the directory admin. As always, we are a neutral third party, so there will never be any pay offs to manipulate market positions, unlike some other directories in the past.