[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Onion-Location HTTP header
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Onion-Location HTTP header
- From: Iain Learmonth <irl@xxxxxxxxxxxxxx>
- Date: Fri, 26 Oct 2018 11:38:58 +0100
- Autocrypt: addr=irl@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFZp8zEBEACxOYriD+tEuc3Wpnbh+GGnyiaLEMABBrfn6JlDQphbBq/YTz9M9OPkttjx hLL/yrxlM1nD69XbGKQ9gIL3LEgOz9+OdivPbN+Q5iNMqk/WCQUqd3bCFbbsn1yvoTumFy9S 9kYX45Db3jRJoN/Nye6Stf7KKPxHxot14iY+PUR/5Gx5KbeWVKfDtQejGnhxQD73KjrX4wds BAaxnQ7KbjQyUf+IxE+8qSDcyTP+pPqxspVzx+eFqsW5+kK1eJMHxJmY/KsAs6IsGf5lvyDJ JECc2iE0mFS6vc14lGcD7BAYMPRnvlK3OcDlbdJS3ZU0LQu3/AplM7cNcesq2Btm06OUTsbj 10ZiyLi7Q0WZRuUbn7t3jOQVyOlNfjUpJhKPMMobBL2R0KzcptJbUrKc08wZD/TPaXuHKWAE JuA6kFMXtHhV8Qhxz5/d2KUA8ex+zpVd2xSR6q4llcYu1w8zHZtLN+YKSmjjKs+AjiTrCMYs OYxt4cwxuaIIhBNvCC9WqZOxHX7YHmpVcSV6K9Wwhk9mVIU3Ii0G2HWs6OQ0vIueCDGMEdVk ig/a7cVlfXNz7WuaXuhOJmHz6d6Yk4dFn5mLbEY9cZhBxf5hjCwtp9b6v+ueuptfcnOd+38G 9KH6NyHKZyS4jcd3E6Dp0+9Isbl/EohjPCujevoW3/DlT08OKQARAQABzSBJYWluIFIuIExl YXJtb250aCA8aXJsQGZzZmUub3JnPsLBlwQTAQoAQQIbAwULCQgHAwUVCgkICwUWAgMBAAIe AQIXgAIZARYhBKj3ulBB4TMznLoWlnbVgJP1QKvNBQJbdd1aBQkF+TgpAAoJEHbVgJP1QKvN EkwP/2YqUwPxN81uEE62hu37Vsn4USvpuOicFbh4i4reNRDBRtHk/vGvez9lJHC456LWb2pr 0Gg3nSBgeZrjkqdREgnxf3DG6sW5xpEIMXB65MzJ03EVvFrURnbygR6Ft+FOrjDjN1RnpyxP 6zbH15XJpGAI0eEt0oVRk+PUNxXJ6AklG/xqIPj/S9XIHGUAGbGEFdmeG5xphfjTG+fwsEqX cPD5f9QnahtGMxSx6GQKzrx5Mm0Q078ViYW8jhdhPQMQPdYOjZeZ8/UP/SYgv7o+WrTi+Y2v A8wZnmzbAdfL7oqlAfEMcuBijF16NX4i96c23x/W1r6kiazfMd98o9Hvgg9UEOe4VIZeIZ1l KcYO0Q24X69XpdtXERKdwER1hlfkbk4Hw5FQpXA98hE43LMqorSjK4tLa8ndNoMvcNPLsxpi TLKF6pozhqM/FrJ58oKV3sgfSouJ7auzCZOBSHPZ+bkJPtGo4NmOyU7CgFeDowpyayuMwyb+ tHjFafn1sgYC04E79j97nMXBdMoKOoP8Y+txHNzXtXEkgB6jo6PDjKNNy2WmIhA7sANI5Vn0 hiFb7UNKot227pEWm8uDUIcLlNaJoQOOgSGggvHPtNHnSnptEjL2l65X/epXbMk29/xMIspp /tzsYPtbk+RfWQGaC0gm1890ziTuWo3ZY79m9335zsFNBFprf6sBEADOANf22so7uoGcvok2 TM/T8BHI5+TqHEc4hVe+JGGJ1ZnWlgtGmpOs0fOQj3WAgGI0ZmTqMuozKF/K9ljbjaMXsLD+ JIBTD4rINy60VX2zHhmWhNaOcJvq+wbuHx0tMbhqsTStGnSkvRhH61ncMqVqlTTTLVQQSxKl 9D2l7ZGwEPLHRFlydTOOix+F+Y1ehxYLVaPkaycs8wvgjYsDLo3T8TmuOL+rcEfvxJ6lT2V5 I51xqievqoBazAfXvA8FW/0G+Z9LUJmViOVluWg3xjP8okKYgOkOeX00vMBCVaiEA08oaxY0 ebS7uBEgppjWSwn+WAhB+6spd67d4W+DmAnM262lxFMhVYhXpfeV9zygULQOofdE6xtFkaxr /y8xQ4Bf7zX8ko6X9aFQFB/vc+zUtjzjg4VaQvWrThjaHlbEKR55MDxJu2T9S7g5bR4zxZNv 36gwlIdmx33a1AeR1nGcWa/7OtoS53+lUwyFVWLOnucqKh71Y38AAMd5L9Fsb+ArQem71knE UTC+HvBGkPb2Y2PzGnnzhZyC8zgE8AjVD0wB+RMDNI3+fIW6biKAHDqrS6ZCVkzJ1R9nOjXM HRYZ5qlG+rCOeu6Jp4yNwp46z4PqiiLJ9NtmdNttLCEn5PDVF3g9g811JcadvFVH1ZELoDGW Mg3Q+QOHQBFYj7cj2QARAQABwsF8BBgBCgAmAhsMFiEEqPe6UEHhMzOcuhaWdtWAk/VAq80F Alt13YwFCQH3q+EACgkQdtWAk/VAq83bIQ//UEUryjH/AEwY7R2j6KDjQ0QmGsxa+zXN20rG 8YgHkeweBDpIcgT96miYb818kfQn+lAew8mdlOfTpld0YgsVopWxQFumEDUthMD4oYUX5a1m n0YhjtbqlDZwx5jolEnNGPOf0d0hDbOAzie6/rPbdS/yLsBgAp+THfKmxA/PEtQcmtirtUWP XTLNLMGrZFI0pJqsFe9GwLhWejFS+KqS9uWRsHLct1gb61LSbro3sOIUZb/JQf3Vv4mnCViK Ds8qIM5SaIdLY9c8jlYBDJdr5CZw+SDmQN2rWCFWYU07ngs7ETD6Lj47NO+yALntH6gC0Olj Qylt0xyiKdnmwakX7h0PpLbGbyAILZ4a2f8hC/rJhfraLpGVl+E7OdIEbHdySt2HYefMw8A0 8bXvC6/k7t2FXqfQ13uWDOSHjvJodFS5fkfLl0VX/r26B6dGWi3vaMG7skF7hn2VDt9WcRD6 leOUH8AaIFOZRLLoxRlc4A39pFjqvQNt+tzxPZR5L5lSEWlLs/WsePQhn68eIwP3PMN27y32 Jl7DJIMX0eCaR7+wAyBZaeK0+Zw9Oja8tNshWEhkzZhsVIa1iKcekmxPMtpC9lQiOqwurRzu C0elrs4WDU29Lnd1lgeyl7+5jxHXyFMVjnssnHg5ltw/J4G7aYAffxWaFd3wBssRsxkTR4c=
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Fri, 26 Oct 2018 06:39:17 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=aJ+tGN zBH6Daq9U/iw6oflIw35EaaOU6OP3Zs0jDly4=; b=tk5Bt4Ip5fzXssrWIVehzb 4fuSE6o7LCxBaGysLte1T/y1ygs5UBhzwzEkza/9/SJQYMIY498kiZsYfjawF/+7 rjeXWDgUi13Npxoc024qsF1PHjlXn7NUsLK5fm2NK06TWzpqQE+GFJeHSUbJ40SK /z4y6nr8/z1Lepp/3MrV+HW+HC+at3NgL6q/GMLZ6W3DV+SI0gTi1FtZpb6QrSql AovlNsO2sw+nQn9Kr71Cz+243Ou5sV7cHOt1eeuaJcr5MNmf9v6fk88zi7k0K/oB AFIw/00DAYpzk+/FVqmr5buu53Z+hbaIGokjXpXmCxxRxShq5j929IwAi3do3T2A ==
- In-reply-to: <CAFWeb9+bneFUbvJULgE3V4RAhj_QKWGA22R5_ufphrG5ooJO3w@mail.gmail.com>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- Organization: Tor Project
- References: <87ined2fbo.fsf@riseup.net> <878ted6yzq.fsf@riseup.net> <9772edff-d447-fa8b-2523-5a348ff9875a@torproject.org> <87fu6j8ywr.fsf@riseup.net> <34ace321-bf7d-4271-e13c-19c22bf74dc0@torproject.org> <a2368e05-0ba8-8c55-cf85-930dd75da0f9@riseup.net> <CAA3cHps9Sf50DfT69TFaASr6D_zrYqrpCAcFdy-U0T1FWRpp7g@mail.gmail.com> <CA+cU71m3buCHkU4Xr24Md4SOFZoM7JtyZw2EGBy3EkWz9b2hZg@mail.gmail.com> <CAFWeb9+bneFUbvJULgE3V4RAhj_QKWGA22R5_ufphrG5ooJO3w@mail.gmail.com>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
Hi,
On 23/10/18 18:15, Alec Muffett wrote:
> But any website that takes an interest (e.g. tracks Cloudflare's
> "xx-tor" country geolocation, or whatever it is called) - regarding the
> reputation of the source IP address will KNOW that the user is coming
> from Tor.
>
> We live in a weird world where the Tor community still believes that
> systems administrators don't have trivial access to IP reputation databases.
IP reputation databases do not reflect the current state of the Tor
network exactly. They may be pretty close, even 99%, but they're not
exact. You will get false positives, and a lot of false negatives too.
Improving exit detection is on the list of tasks for Tor Metrics but it
is not our top priority.
> 3) if sites wish to follow Privacy International's example and
redirect from a DNS TLD to ".onion" then that is something they should
implement at layer 7, by dint of identifying whether the user has
arrived over Tor.
Given that false positives are possible, doing this conditionally is
going to give some people a terrible user experience by redirecting them
to an onion they cannot possibly reach in their browser.
This is why I like the Onion-Location header. You don't have to have
this conditional. You don't need to have any infrastructure to provide
lookups from databases (which ideally would need to be refreshed
constantly). You just always serve the header. This also gives you the
opportunity to advertise that a service is available via Onion service
to all users, some of which might have a browser add-on that lets them
know about these things.
Thanks,
Iain.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev