Please disable it immediately!
With other link directories, they are usually independantly ran by an unknown individual without any prior reputation, which isn't necessarily a bad thing at all and we have good working relationships with most and have promoted them from the start. However, it does beg the question as to their intentions at times, which aren't always clear, at least not until it is too late. Many times in the past we have saw services like this come and go, many of which turned out to be phishers, who built up a following for their platform, before eventually replacing the links they displayed with phishing clones. These phishing sites are designed to steal login credentials of users and their crypto funds.
With Daunt being developed as a direct attempt to solve accessibility issues, by the Dread team, who have proven time and time again to be neutral in decisions towards all services and users within the community, as well as working hard to provide what is in the best interests of them very users, there is an assumed trust.
Aside from the reputation we already have behind us, we have the statistics of every user with a Dread account. That data is extremely useful in determining legitimate users and filtering out unproven anons. This is very beneficial when it comes to discretion of sharing mirror links within the community, without these links being exposed to a malicious actor.
These are mirror links that will require a form of authentication from the user to retrieve the link. This may mean you need to complete a captcha challenge or login with your Dread account to prove your own reputation.
Authentication in many cases is not as simple as just logging in to your user account, you may need to meet other arbitrary criteria, which is defined by the service provider. The service is able to define different tiers of access to their mirrors, all with different requirements from you. This will vary per service with some having more complex rules applied for different sets of mirrors or some may also offer additional mirrors with more "entry level" requirements.
As the rules are set by the service themselves as to what requirements are needed per mirror address they provide, there is never going to be anything set in stone and it is unlikely we will ever display the true requirements, in order to avoid manipulation. Some examples of variables a service can set are: User is logged in with a Dread account, their Dread account has a premium membership, the age of the user account.
As always, whenever receiving links from a source other than the service itself, make sure to verify a signature of the address from the service's official PGP key. We require a signed message for all links that we display on Daunt, so you can verify them at your own leisure.
To login to Daunt, click here and paste in your trustless authentication key which you can generate within your account settings over on Dread An important note to make is that it is essential, that you save/backup your authentication key. This ensures access to links at Daunt, even if Dread becomes inaccessible.
We do expect outages on the Daunt onion address, so make sure to save all Daunt mirrors listed in the directory. We will be trying our best to scale the service out which should take a lot of the heat away from other services that are being targetted and we then have the fallback clearnet address here: Daunt.link. This is not recommended for use, however if you are unable to access any of our onion addresses, the clearnet service will always be online and still allows authenticated mirror access.
My initial thoughts on this were to disable the login API access on the clearnet gateway, due to the information provided by the API in its existing state as it was used on Recon. Data such as your account username and PGP Key were required to be passed in the API response, which is out of the question completely when passing the data over a clearnet accessible server. The solution we implemented for this was to create new trustless authentication keys for Dread accounts. These use an encrypted dataset of your account stats with only rounded values and no other identifying factors. This also doesn't rely on Dread being online to login, which is why it is extremely important that you SAVE YOUR KEY.
It will happen, this is not an all around solution due to the possibilities of human intervention with an attacker managing to gain access to certain links or a user sharing them to the attacker. However, this also depends on how far the service is able to scale out so that they can provide a variety of tiers for accessing unique mirrors. If you are unable to access a site listed on Daunt, always be patient, our API supports repetitive polling to update mirror links and rotate to new ones when they are available from the service.