[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor advice for web developers

On Fri, Jun 22, 2012 at 8:03 PM, Micah Lee <micah@xxxxxxx> wrote:
> I will be giving a talk at HOPE called Privacy Tricks for Activist Web
> Developers. I was planning on including a section about exit enclaves,
> how they work and how to set them up on your server. But then I
> discovered that they will be deprecated soon:

Great! I will be at HOPE as well.

> https://trac.torproject.org/projects/tor/wiki/doc/ExitEnclave
> "Overall the use of enclaves is not advised for these two main reasons:
> - - They will not be supported in future versions of Tor (> 0.2.3.x)
> - - They do not fit any particular threat model"
> So it seems like I should leave this out of my talk.
> Is there other advice I can give to web developers and sysadmins who
> run websites for activists to make them easier for Tor users to use
> securely?

I can think of a few things; provide information about where to get
Tor and how to use it correctly (even if the site just points users at
the short user manual), make the site available as a Tor hidden
service, make sure the site is functional for Tor users (e.g. no
Flash), make sure the site is accessible for Tor users (e.g. don't ban
a set of exit relays, serve Tor users different content, tell Tor
users to not use Tor). An added bonus would be to tell non-Tor
visitors that they really should be using Tor.

Runa A. Sandvik
tor-talk mailing list