[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Proposal: HTTP header distinguish TBB users



Yesterday Lief compellingly argued that if a TBB user accidentally clicks on a link to my tor2web proxy (onion.link), that they should be redirected to the .onion address. It hadn't occurred before that a Tor user might accidentally click a onion.link URL, but yes I completely concur and I told Lief I would prioritize this and would owe him a Bitcoin if I didn't get this implemented within a week.

Now the trouble starts. If the TBB user gets to the tor2web backend I check if they're coming from an Exit relay and redirect them---all good. But a CDN (Fastly.com) sits in front of my backends and right now it's unclear how to detect TBB at the CDN level.

Going over my CDN's documentation. They do have the standard MaxMind database for geo-IP. So that's good. But plugging in an exit-node IP# merely reports as an "A1" for "Anonymous Proxy". Unfortunately there are many anonymous proxies other than Tor so that won't do.


There are two ways to solve this.

(1) For an given IP#, MaxMind reports numerous entries aside from the "A1" for country code. We could ask MaxMind to specify whatever else it knows about the Anonymous Proxy in the other fields such as the "Location" or "Organization" field. So when plugging in a Tor exit relay it would return something like:

{ "countrycode": "A1", "location": "Tor", "domain": "torproject.org" }

or some such. This seems a reasonable request. Do we know someone at MaxMind to forward this request to?


(2) If we (Tor Project) is going to ask MaxMind to do something special to distinguish TBB users, it seems reasonable we should make the same effort. I know in the past it's been proposed for TBB to include a special HTTP header, e.g.,

Tor-Browser-Bundle: true

to distinguish TBB users. If this header existed, I could detect it at the CDN-level and do the appropriate redirect. Alternatively, We could do something equivalent with the "Via": HTTP header, but that seems overkill.

Between these two options, I personally opt for (2) because it seems inappropriate to request MaxMind to help us do X when we have not done what we can do to achieve X.

Q: Does anyone (especially Mike Perry) have any objections to (2)? If not, I will write the proposal.


-V

P.S. Lief... even if we go at maximum speed, it looks like I'm going to owe you that Bitcoin. Email me your BTC address? How embarrassing.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev