[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site



#27513: Add-on for redirecting users to onion site
-------------------------------------------------+-------------------------
 Reporter:  cyberpunks                           |          Owner:  legind
     Type:  enhancement                          |         Status:  new
 Priority:  Low                                  |      Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS           |        Version:
  Everywhere                                     |
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by legind):

 It is not always clear that a user would rather access the onion service
 for a given site rather than the clearnet site.  Onion services have in
 the past suffered from problems that the clearnet sites lacked.  In
 Facebook's case, certain videos would fail to load due to improper onion
 CDN configurations and the like.  Also, accessing onion sites on TB can be
 slower than the clearnet alternatives.

 I think giving users the option to redirect to onion sites is the right
 path: perhaps an option within HTTPS Everywhere or TB that, when
 explicitly allowed, forwards a site to the onion URL.  This can be
 advertised by the HTTPS version of a site via the HTTP Alternative Service
 header, for instance. (https://tools.ietf.org/html/draft-ietf-httpbis-alt-
 svc-14)

 There is the additional problem of discovery and maintenance of such
 rulesets within HTTPS Everywhere.  What if an onion service needs to do a
 key rotation?  How is that communicated to the ruleset maintainers?  This
 can be tricky business.

 Note that with the addition of update channels in HTTPS Everywhere
 (https://github.com/EFForg/https-everywhere/blob/master/docs/en_US
 /ruleset-update-channels.md) it is now possible for some entity (say, the
 Tor Project) to publish rulesets for HTTPS Everywhere that allows users to
 opt in to being automatically forwarded to the onion-service equivalent of
 a site.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27513#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs