[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Using HTTPS Everywhere to redirect to .onion

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Using HTTPS Everywhere to redirect to .onion
From: Griffin Boyce <griffin@xxxxxxxxxxxxx>
Date: Thu, 27 Feb 2014 00:28:54 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 27 Feb 2014 00:41:51 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptolab.net; s=stigmate; t=1393478936; bh=NxSuc4H6A26W4EKxjJ+iYl9FFpFmnvWtMCbVMT6YXuQ=; h=Date:From:To:Subject:References:In-Reply-To; b=UYQK+LWC+6gA4Jd1BUnPdA3L4NPYAW8LLUGSbUftEjzo16oiaLVQuz3BDSRs5btVE UpW9veJKN4Mv01wsAIvKAa5iOXHn/VPYcrTyme1nOGGZdTu3MrbPFS0sVEp+MpOFWM 2A8v5ZaOZGVpjZJKrykSGqJAZIoR9akOcLTy1/iE=
In-reply-to: <530E784E.4010004@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <530E784E.4010004@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0

Well, it's an interesting idea, and one that has cropped upthroughout the years. This is something that makes the most sense forwebsites that are at huge risk of being taken down through domainseizures or DNS shenanigans, with a number of rulesets in the TBB. ButI *think* this problem is a little trickier than it appears on firstblush. If the site is down because the server is down/seized/wiped,then the onion's key information could be gone too.

It would be cool if the TBB redirected to the backup onion of a siteif the primary domain is down. cryptic.be > 404! > cryptic000000000.onion

Problem there is kind of obvious in that it's not easy to get a listof websites which offer an alternate address. One thing that might beinteresting is to incorporate some kind of a meta tag that lists their.onion. So while you might go to https://yahoo.com, yahoo.onion isavailable and gets added to a list of hidden services. Or site ownerscould opt-in with relevant information in an onion.txt. Or visitorscould recommend a website for inclusion/spidering similar to eitherpingomatic or google's old webmaster tools site. (Note that thisparagraph likely contradicts some of Tor's current dev goals aroundhidden service enumeration).


~Griffin

ps: <3 https-everywhere hacks ^_^


fortasse wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello all,

I am the web admin on the Whonix project (www.whonix.org /
kkkkkkkkkk63ava6.onion), where we serve the same wiki, blog, and
forums on both a .org and .onion, for censorship-resistance purposes.

Most web applications expect to "be" at one base URL, and generate
dynamic links based off the "known" location, which is usually entered
by hand during installation. That works great for most use cases; but
.onions are not a typical use case.

While trying to come up with a way for the forum users to be able to
browse without having to manually edit the .org links into .onion
links, I threw together a HTTPS Everywhere user ruleset:

<ruleset name="Whonix Onion">
   <target host="www.whonix.org" />
   <target host="kkkkkkkkkk63ava6.onion" />
   <rule from="^http(s)?://(www\.)?whonix\.org/"
to="http://kkkkkkkkkk63ava6.onion/"/>
</ruleset>

and it works beautifully. With this ruleset enabled, the user can type
in "whonix.org/forum" and the browser will actually make the request
for "http://kkkkkkkkkk63ava6.onion/forum";. If the user wants the .org
version, they can toggle the ruleset off.

My question is does this have more potential than being a weird
(rather effective) hack? Could we make an "onion Everywhere" as it
were to help solve the difficult-to-remember onion names? Or is this
just another layer of confusion that further increases the barrier of
entry on successful Tor use?

It's a pretty simple idea, and I am open to any questions, comments,
or rude remarks.

Thanks!

~~Fortasse
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTDnhNAAoJEEPTfXfAqYu3I9kP/3MO32PAxC3OGXspvTF963yG
jcmD26RYxDqcrZmzSV4m/Y8eiGIIfzt8RO6/rr4xlQmyRpzCw072LFAKKr3Matmj
romheo4k+PQHzantlU90MU6RprHb+7zEO+3F779417N82RuGdyjiNYIfQW65XC+y
Mc25gKcf3n4ywEC45FIvZ+fvuU8yVl++r+azdDUcvtCJDJteVJabp/x8sV1S+Jm9
z4prenfsn8Q5aBtAfOKx5VObqIeMbTIZafakkkdPDSPDWf5zdK6RJQXhZ7gbwls/
3tiVe2/XErkJ6uqan2jUecv/wN0apblc4K1wT5v2cGeUI9NeQ1cf8/oKyA4lpv+9
Njk8ssjqZAU5+vxp2l6Ij8g8ZjB0pb4zJzJLkSUwBHY3ac7HVW3bDgWfwjn6FDUI
u3Y/gMXJF2w43Xv/bkSVWkCkw9SUlQnur9T3slZd7qIL1nR7d5rGfMuegFrRyQh6
lBQ3DbFn+XwKCF7RyfXP7SoH/90kTPIzH+ipa8PFgbAUiYWZmB9hb0iYSoWIBEJZ
x3YXs/YAbxRDOlHe1VC+HenpPcd+dsZec7Q2lp3Ev/NDAwBq14sE9ECdzukid36o
YqTqe0scIqN/JNSM4407Pk66WNzuI7DB+W/QJWsaoGkQsAh3g6JZW/89SPX9Ad2U
uBccDBlcWMAtcjO6J91p
=O3HR
-----END PGP SIGNATURE-----


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Using HTTPS Everywhere to redirect to .onion
  - From: fortasse

Prev by Author: Re: [tor-talk] Why so many bugfixes?
Next by Author: [tor-talk] Tor Weekly News â February 19th, 2014
Previous by thread: [tor-talk] Using HTTPS Everywhere to redirect to .onion
Next by thread: Re: [tor-talk] Using HTTPS Everywhere to redirect to .onion
Index(es):
- Author
- Thread