[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] darkweb-everywhere - was: Using HTTPS Everywhere to redirect to .onion



Mike Cardwell:
> * on the Tue, May 13, 2014 at 08:51:28PM -0400, Michael Wolf wrote:
> 
>>> darkweb-everywhere
>>>
>>> "HTTPS Everywhere rulesets for hidden services and eepsites."
>>>
>>> https://github.com/chris-barry/darkweb-everywhere
>>>
>>
>> I had an idea recently that might be an improvement (or might not?) on
>> the darkweb-everywhere concept.  What if we introduced an HTTP header
>> similar to HSTS -- `X-Onion-Address` perhaps -- which could be sent by
>> sites that wished to advertise their .onion address?  Just like HSTS,
>> the header would only be acted upon if received over HTTPS (we don't
>> want malicious parties injecting headers and redirecting people).
>> Future versions of TBB could perhaps automatically redirect users to the
>> .onion site when this header is present, or perhaps prompt users to
>> inform them of the hidden service.
> 
> I would prefer it if the people who run websites with hidden service
> alternatives would simply check if the client IP is a Tor exit node,
> and then advertise the availability of the hidden service to such
> users inside the actual website.
> 
> This wouldn't be that difficult either. We have the Tor DNSEL, and
> there are also a few Apache modules which allow you to perform DNSBL
> style lookups on the client IP and perform different actions based on
> the result, such as setting environment variables/headers etc.

I also like that idea.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk