[tor-bugs] #33705 [Internal Services/Tor Sysadmin Team]: Add header to redirect websites visitors using tor-browser to the .onion address

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#33705: Add header to redirect websites visitors using tor-browser to the .onion
address
-------------------------------------------------+-------------------------
     Reporter:  hiro                             |      Owner:  hiro
         Type:  defect                           |     Status:  assigned
     Priority:  Medium                           |  Milestone:
    Component:  Internal Services/Tor Sysadmin   |    Version:
  Team                                           |
     Severity:  Normal                           |   Keywords:
Actual Points:                                   |  Parent ID:
       Points:                                   |   Reviewer:
      Sponsor:                                   |
-------------------------------------------------+-------------------------
 We have received a number of tickets by Tor Browser users that we should
 keep people visiting the .onion version of a website in the .onion space.

 I am willing to implement a header that signal the .onion address for all
 of our onions and I am currently considering two options.

 1. Implement alt-svc. This is what facebook does. Specifically the browser
 receive a alt-sv header like:

 {{{
 alt-svc:
 h2="facebook2futmrduts5uqn3ahwg4qyqoks6h3alxf5drhsgyhzujyqad.onion:443";
 ma=86400
 }}}

 2. Use onion-location:

 {{{
 Onion-Location:
 http://sbe5fi5cka5l3fqe.onion/~acat/test/onionlocation/header/
 }}}

 3. Use a onion-location meta-tag:


 {{{
 <!DOCTYPE html>
 <html>
   <head>
     <meta http-equiv="onion-location"
 content="http://sbe5fi5cka5l3fqe.onion/~acat/test/onionlocation/meta/"/>
   </head>
   <body>
     Onion-Location meta tag test.
   </body>
 </html>
 }}}

 I would personally prefer to use one of the two headers options. Either
 the alt-sv or the onion-location one. Both have advantages. I like that
 with alt-sv the connection is upgraded to an onion location without the
 address bar changing. At the same time we should also showcase our onions!
 And if we launch the onion-location header support we should show it on
 our websites.

 Something I would avoid is following the model that Privacy International
 use, and issue a "Location:" redirect when the client comes from an exit
 node. We currently do not check in our infrastructure where a user is
 coming from and I wouldn't like to start doing that.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33705>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs