This is a great idea! Any thoughts on extending parts of this to Chrome? I understand there are significant issues with Chrome & Tor, though I also think making Tor more visible and accessible to end-users is a good goal.
Some options: - Flashing the HTTPSe icon when a .onion site is available (or showing another symbol, etc.) - Allow one-click to tor2web (this has some broader implications ... I worry users would think they were somehow anonymous using tor2web) - Nick [1] https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting On Mon, Nov 3, 2014 at 7:08 AM, Alex Xu <[email protected]> wrote: > On 03/11/14 12:48 AM, yan wrote: > > +tor-dev. tl;dr: Would be nice if there were an HTTP response header > > that allows HTTPS servers to indicate their .onion domain names so that > > HTTPS Everywhere can automatically redirect to the .onion version in the > > future if the user chooses a "use THS when available" preference. > > > > I imagine the header semantics and processing would be similar to HSTS. > > It would only be noted when sent over TLS and have the max-age and > > include-subdomains fields. > > > > -yan > > > > yan wrote: > >> Hi all, > >> > >> Some people have requested for the "Darkweb Everywhere" extension [1] to > >> be integrated into HTTPS Everywhere. This is an extension for Tor > >> Browser that redirects users to the Tor Hidden Service version of a > >> website when possible. > >> > >> I'm supportive of the idea; however, I'm worried that since .onion > >> domain names are usually unrelated to a site's regular domain name, a > >> malicious ruleset would be hard to detect. AFAIK Darkweb Everywhere only > >> defends against this by publishing a doc in their Github repo that cites > >> evidence for each ruleset [2]. > >> > >> What if, instead, we asked website owners to send an HTTP header that > >> indicates the Tor Hidden Service version of their website? Then HTTPS > >> Everywhere could cache the result (like HSTS) and redirect to the THS > >> version automatically in the future if the user opts-in. > >> > >> If this is something that EFF/Tor would be willing to advocate for, I > >> would be happy to draft a specification for the header syntax and > >> intended UA behavior. > >> > >> Thanks, > >> Yan > >> > >> > >> [1] https://github.com/chris-barry/darkweb-everywhere/ > >> [2] > >> > https://github.com/chris-barry/darkweb-everywhere/blob/master/doc/EVIDENCE.md > >> _______________________________________________ > >> HTTPS-Everywhere mailing list > >> [email protected] > >> https://lists.eff.org/mailman/listinfo/https-everywhere > >> > > > > _______________________________________________ > > HTTPS-Everywhere mailing list > > [email protected] > > https://lists.eff.org/mailman/listinfo/https-everywhere > > > > https://lists.torproject.org/pipermail/tor-talk/2014-May/032906.html > > > _______________________________________________ > HTTPS-Everywhere mailing list > [email protected] > https://lists.eff.org/mailman/listinfo/https-everywhere > -- Nick Semenkovich Laboratory of Dr. Jeffrey I. Gordon Medical Scientist Training Program School of Medicine Washington University in St. Louis https://nick.semenkovich.com/
_______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
