Allen Gunn: > Hello friends, > > I hope 2018 is off to a good start wherever this finds you. > > So for those who aren't aware, my NGO, Aspiration, advises other NGOs > and activists on technology as part of our core mission. > > And a common piece of advice we proffer is "make sure your web site > works well with Tor Browser", i.e., doesn't use Flash or overly depend > on Javascript. For *years* I've had a custom "badge" of sorts on queair.net indicating the site is "Tor friendly." It seems a worthwhile low-level campaign to wage that might not be relevant today, but can be tomorrow. A well-signed but small log (maybe like the 'valid css' one?) could be useful. Or even a "Tor-friendly check" www-based tool might be an interesting direction. It could check Flash easily enough, and maybe diff the site over plain old HTTP versus over torsocks. > > The more I have given that advice, the more I have wondered if it was > documented anywhere what it actually takes to be a "Tor-friendly" site. Yes. Simple enough with old-school HTML and perl-based mailforms. Not so much with more complex contemporary sites. > > Big thanks to GeKo, who first confirmed for me that no such > documentation seems to exist. And then for helping me to bootstrap this > page: > > https://pad.riseup.net/p/torfriendlysite While not prolific, it's a solid start. > > I'm writing to ask folks on this list to both add any thoughts you have > on the matter, and to correct or comment on anything that's already > there and doesn't seem quite right. > > Any contributions, both to the pad or emailed to me directly, are most > appreciated. > > This is especially true if you know of relevant documentation anywhere > else that I should be looking at. > > Once folks have weighed in, I will figure out where to post this on the > Tor wiki and elsewhere in order to make it more broadly and reliably > available. > > And if for any reason you think this is an ill-informed endeavor, I > welcome that feedback as well :^) All of the guidelines might be useful for sites not yet online, but for sites already up and functional, migrating to "Tor friendly" is going to be the challenge. I also think it might be useful to give a brief "tagline" to the idea of a Tor friendly www site, such as "allowing anonymity by design, not by privacy policies" since I think it could be counterposed to long and legelese-written privacy policies. From one angle, it's about enabling anonymity by the user, and not necessarily doing anything in particular for them. g -- 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-project mailing list tor-project@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project