Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2019-03-18 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
-+---
 Reporter:  linda|  Owner:  linda
 Type:  project  | Status:  reopened
 Priority:  Medium   |  Milestone:
Component:  Webpages |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tor-hs  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:  Sponsor27
-+---
Changes (by pili):

 * sponsor:   => Sponsor27


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2018-09-09 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
-+--
 Reporter:  linda|  Owner:  linda
 Type:  project  | Status:  reopened
 Priority:  Medium   |  Milestone:
Component:  Webpages |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tor-hs  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by mahrud):

 Replying to [comment:55 traumschule]:
 > Replying to [comment:54 dcf]:
 > #27502 asks for this feature.

 No, they are different ideas. Think of it as a permanent redirect and a
 temporary redirect (alt-svc).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2018-09-07 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
-+--
 Reporter:  linda|  Owner:  linda
 Type:  project  | Status:  reopened
 Priority:  Medium   |  Milestone:
Component:  Webpages |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tor-hs  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by traumschule):

 Replying to [comment:54 dcf]:
 > > We don’t think you should need to remember this address. Ideally, all
 you would need to do is go to [https://tor.cloudflare-dns.com/ https://tor
 .cloudflare-dns.com] and have the browser route your request to the .onion
 address. This is possible using the "[https://tools.ietf.org/html/rfc7838
 Alt-Svc]" HTTP header which is an optional header notifying the browser
 that the resources can be accessed from an alternative network location,
 possibly using a different protocol. Thanks to
 [https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
 Mozilla], using .onion addresses as alternative services is now possible
 in [https://nightly.mozilla.org/ Firefox Nightly].
 >
 > When I go to https://tor.cloudflare-dns.com/, I see
 > {{{
 > Alt-Svc:
 h2="dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion:443";
 ma=31536; persist=1
 > }}}
 >
 > As far as I can tell, the `Alt-Svc` header doesn't actually ''do''
 anything yet in Tor Browser (maybe it does in Firefox), but there is
 #26365.
 #27502 asks for this feature.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2018-07-24 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
-+--
 Reporter:  linda|  Owner:  linda
 Type:  project  | Status:  reopened
 Priority:  Medium   |  Milestone:
Component:  Webpages |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tor-hs  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by dcf):

 Perhaps you saw already: Cloudflare's DNS HTTPS server sends an `Alt-Svc`
 that points to an onion.
 https://blog.cloudflare.com/welcome-hidden-resolver/
 > How can the users remember this address?
 >
 > We don’t think you should need to remember this address. Ideally, all
 you would need to do is go to [https://tor.cloudflare-dns.com/ https://tor
 .cloudflare-dns.com] and have the browser route your request to the .onion
 address. This is possible using the "[https://tools.ietf.org/html/rfc7838
 Alt-Svc]" HTTP header which is an optional header notifying the browser
 that the resources can be accessed from an alternative network location,
 possibly using a different protocol. Thanks to
 [https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
 Mozilla], using .onion addresses as alternative services is now possible
 in [https://nightly.mozilla.org/ Firefox Nightly].

 When I go to https://tor.cloudflare-dns.com/, I see
 {{{
 Alt-Svc:
 h2="dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion:443";
 ma=31536; persist=1
 }}}

 As far as I can tell, the `Alt-Svc` header doesn't actually ''do''
 anything yet in Tor Browser (maybe it does in Firefox), but there is
 #26365.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2018-04-24 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
-+--
 Reporter:  linda|  Owner:  linda
 Type:  project  | Status:  reopened
 Priority:  Medium   |  Milestone:
Component:  Webpages |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ux-team, tor-hs  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by dmr):

 * keywords:  ux-team => ux-team, tor-hs


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2018-04-17 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2018-04-13 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by antonela):

 * Attachment "21952 - 1.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2018-01-01 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Replying to [comment:49 cypherpunks]:
 > https://addons.mozilla.org/en-US/firefox/addon/heal
 > thyonions/
 >
 > (found it here:
 https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor )


 v1.0.7.1718 added this experimental project.

 > (and please, feel free to read the code(unzip) if you're paranoid like
 me)

 {{{
 1. Configure your server to send "Onion-Location" header with appropriate
 value.
 e.g.
 add_header Onion-Location "http://grrmailb3fxpjbwm.onion;;

 a. You can write "Onion-Location" to "onION-LoCAtion". Case doesn't
 matter.
 b. The value must start with "http:" or "https:", and must ends with
 ".onion".

 2. Install the add-on and go to "Options" > "Advanced".

 3. Enable "#21952" and click Save.

 4. Open a new tab and try to open your clearnet website.

 5. Example result:

 if "website.owner.test"'s server sent
 "Onion-Location: http://xyz.x.onion; header

 https://website.owner.test/about.html
 --redir--> http://xyz.x.onion/about.html
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-12-14 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by asn):

 Pushed fixes to the Onion-Location proposal based on tjrs comments:
 https://gitweb.torproject.org/user/asn/torspec.git/log/?h=onion-location
 https://gitweb.torproject.org/user/asn/torspec.git/commit/?h=onion-
 location=09de86045e99337548f404f96d79ce9a0c4bd7b1

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-12-13 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 https://addons.mozilla.org/en-US/firefox/addon/heal
 thyonions/

 (found it here:
 https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor )

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-12-08 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by asn):

 Posted new backend proposal here: https://lists.torproject.org/pipermail
 /tor-dev/2017-December/012660.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-12-06 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arthuredelstein):

 Replying to [comment:46 phw]:

 > Also, I suppose a web site could display a very similar banner on its
 own, pretending that it's from Tor Browser. Should we worry about this?

 Yes, I imagine it could potentially be a problem, especially on an http
 site. One possible alternative we discussed on IRC is the idea of using a
 [https://developer.mozilla.org/en-
 US/docs/Mozilla/Using_popup_notifications popup notification] (aka
 doorhanger). The popup partially overlaps with browser chrome so it can't
 be spoofed by the content page.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-12-06 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by phw):

 Quick thought on the phrasing: doesn't "a secure version of this site"
 imply that the currently-open site is not secure? That may be confusing
 given that the example uses HTTPS. I wonder if something along the lines
 of "a more anonymous and secure version of this site" may be helpful?

 Also, I suppose a web site could display a very similar banner on its own,
 pretending that it's from Tor Browser. Should we worry about this?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-12-06 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by antonela):

 * Attachment "21952.png" added.


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-11-14 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by asn):

 Posted an initial proposal about `Alt-Svc` here so that we have something
 concrete to talk about: https://lists.torproject.org/pipermail/tor-
 dev/2017-November/012595.html

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-11-06 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by asn):

 FWIW, after multiple sessions during the montreal dev meeting, and also
 based on phw's survey, it seems that users are very open to the auto-
 redirect idea if it's done properly.

 People liked Tor Browser using the `Alt-Svc` header to learn about onion
 addresses for websites and the browser redirecting users. People also
 suggested that Tor Browser inserts a "pop-up"-ish thing (maybe like an
 informative strip below the address bar) informing that auto-redirect is
 taking place as a form of user education.

 Not sure how to best move forward here, but I'm mentioning my takeaways
 from the tor meeting.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-10-13 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by phw):

 * cc: phw (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-10-10 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Syverson here. (Gotta get myself a trac ID. Just noticed this ticket
 recently for the first time.)
 This proposal fits under some of the things that I spelled out at a high
 level in "The Once and Future Onion" https://www.nrl.navy.mil/itd/chacs
 /syverson-once-and-future-onion
 and that coincidentally has a section entitled "Onions Everywhere".
 Also Griffin and I discussed even earlier in "Bake in .onion for Tear-Free
 and Stronger Website Authentication"
 https://www.nrl.navy.mil/itd/chacs/syverson-bake-onion-tear-free-and-
 stronger-website-authentication
 (though I think the subdomain onions and integration of onion and TLS keys
 as discussed in the later paper is generally more promising in the long
 run than the PGP approach).
 Short term (before getting fullblown subdomain onions going), I would like
 to get a few things going.
 1. For sites with registered domain names, e.g., foo.com, look at
 usability, etc. of having a subdomain onion.foo.com that redirects to
 foo.com's onion address. This will be more compatible in the long run with
 sites providing self-authenticated access for their users who are not
 coming in via the Tor network (cf. Once and Future Onion), but redirecting
 from foo.com.onion should also be considered. I expect this is best
 accomplished via HTTPS everywhere rulesets, but am open.
 2. For onionsites with or without associated RDN, look at integration of
 TLS with onionsite keys. This won't prevent unknown authority warnings for
 non EV-certified sites (that fix is planned but further down the road) but
 will at least allow familiar HTTPS lock icon interface with any onion
 address and avoid those sorts of warnings. Many pieces here, but will stop
 now to avoid even more of a data dump on people.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-10-01 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by akrey):

 * cc: a.krey@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-08-30 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arthuredelstein):

 Replying to [comment:39 alecmuffett]:
 > Replying to [comment:38 arthuredelstein]:
 > > The client could also somehow indicate in the HTTP request that it
 supports onions.
 >
 > Cute idea, although I can entirely imagine that suggestion would cause
 the //Tor Users Should Look Nondescript// anti-fingerprinting-community,
 to have kittens.

 Good, I love kittens. :) But making it difficult to distinguish Tor
 Browser from other browsers is an unrealistic goal anyhow.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-08-30 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by alecmuffett):

 Replying to [comment:38 arthuredelstein]:
 > The client could also somehow indicate in the HTTP request that it
 supports onions.

 Cute idea, although I can entirely imagine that suggestion would cause the
 //Tor Users Should Look Nondescript// anti-fingerprinting-community, to
 have kittens.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-08-30 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arthuredelstein):

 Replying to [comment:31 tom]:

 > Now there is one wrinkle in my idea. Alt-Svc is delivered once, and then
 the client remembers it and uses it the next time. (Optionally it uses it
 the first time too, but that gains us no security.)  Remembering means
 state. State means tracking.

 Generally speaking, Tor Browser wipes all state after every session. (We
 should check that that is true for Alt-Svc.) And as Mozilla has already
 kindly implemented [https://bugzilla.mozilla.org/show_bug.cgi?id=1334690
 first-party isolation for Alt-Svc], I think it won't be usable for
 tracking.

 Replying to [comment:35 alecmuffett]:
 > Great.  I posted a long and friendly explanation, and Trac swallowed it
 because it wanted email verification.

 > 2) issuing AltSvc headers makes no sense unless the client is coming
 from an exit node, so if you want people to adopt that solution then you
 need to make it really cheap for sites to check if a client is an exit
 node

 The client could also somehow indicate in the HTTP request that it
 supports onions.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-08-30 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-08-18 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by alecmuffett):

 p.s.: when I say "it needs engineers.", I actually mean "it needs a
 'forever home'."

 Renaming and refactoring (or even, reimplementing) "Darkweb Everywhere"
 and putting it officially under the aegis of the Tor Project is certainly
 the right way to go for the near term.

 AltSvc headers are a cool idea, but nothing that cannot be achieved by a
 chunk of code that says:

 {{{
 if (client_ip_is_an_exit_node) { issue_http_308_redirect($rewritten_uri) }
 }}}

 ...where HTTP-308 is "Permanent Redirect with Method and body not
 changed".

 This, or something very similar, is how
 https://www.privacyinternational.org/ implements Onion-redirection.  I
 know the sysadmin, if you want to talk to him.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing

2017-08-18 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by alecmuffett):

 Great.  I posted a long and friendly explanation, and Trac swallowed it
 because it wanted email verification.

 So, here are the highlights of what you missed:

 1) https://github.com/chris-barry/darkweb-everywhere already exists.  it
 needs engineers.

 2) issuing AltSvc headers makes no sense unless the client is coming from
 an exit node, so if you want people to adopt that solution then you need
 to make it really cheap for sites to check if a client is an exit node

 3) nobody will issue AltSvc on every request because it's a bandwidth-
 waste for 99.99% of requests.

 4) facebook did not adopt the auto-upgrade idea because (1) worries about
 onion bandwidth (2) worries about user paranoia; both of these are now
 solvable.  source: me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing (was: Increasing the use of onion services through automatic redirec

2017-08-18 Thread Tor Bug Tracker & Wiki 
#21952: .Onion everywhere?: increasing the use of onion services through 
automatic
redirects and aliasing
--+--
 Reporter:  linda |  Owner:  linda
 Type:  project   | Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Webpages  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Description changed by linda:

Old description:

> = Background =
>
> People can't remember, or type in onion sites very easily. We should try
> to fix this somehow.
>
>  ilf is experimenting with automatically redirecting Tor users to .onion
> versions of websites that they visit (because they want more people to
> visit onion sites and they will do so if it is painless to them). But
> when users were redirected automatically to an onion site, they freaked
> out about it because they didn't know what happened, didn't know what
> onion sites were, and the "https" was dropped.
>
> asn and dgoulet also were trying to find a solution to make onion sites
> more accessible to use. Specifically, onion addresses are quite long and
> random-ish, making them hard to remember and hard to type. There were
> many solutions discussed casually to try and resolve this, but none stood
> out as a clear winner.
>
> = Discussion =
>
> I like the idea of redirecting users to .onion sites automatically when
> they type in the websites non-onion address. This way, users don't need
> to remember anything else, need to type in anything long, or really even
> know what onion sites are.
>
> My suggestion is to follow the https design pattern, and create a similar
> indicator for .onion sites.
>
> [[Image(onion-address-idea.png,600px)]]
>
> The proposed solution would be this: when a user types in a website
> (pad.riseup.net), they would automatically be redirected to the onion
> site. When this happens, there would be an onion icon next to the address
> bar (replacing the https lock icon if there is one, or just being there
> an https lock icon would be if redirection from an http website), similar
> to that of the https lock icon. The address in the address bar can turned
> a different color or indicated in some way that this is an alias for the
> onion site.
>
> From my observation, people don't mind automatically being redirected to
> https sites from http sites, but freak out when redirected from an
> http/https site to an onion site. I don't think that this is because
> people know what https is and find the idea comforting (although this can
> help). I speculate that they don't mind because they don't notice, and
> the reason why users freaked out at the redirect to onion sites is that
> they saw the website address visibly change in the address bar.
>
> Also--
>
> If we want to show users the address of the onion site, we can
> additionally have a feature to reveal the onion site when the user clicks
> in the address bar.
>
> [[Image(onion-address-secondary-idea.png,600px)]]
>
>  I don't know how I feel about this, since it may just be confusing, and
> just shock the user later. Users don't know that pad.riseup.net resolves
> to some numerical IP address, and that isn't displayed to users. So there
> could be an argument made for just indicating that the address is an
> alisas and not ever showing the .onion address, either. This will confuse
> way less of the general population.

New description:

 = Background =

 People can't remember, or type in onion sites very easily. We should try
 to fix this somehow.

  ilf is experimenting with automatically redirecting Tor users to .onion
 versions of websites that they visit (because they want more people to
 visit onion sites and they will do so if it is painless to them). But when
 users were redirected automatically to an onion site, they freaked out
 about it because they didn't know what happened, didn't know what onion
 sites were, and the "https" was dropped.

 asn and dgoulet also were trying to find a solution to make onion sites
 more accessible to use. Specifically, onion addresses are quite long and
 random-ish, making them hard to remember and hard to type. There were many
 solutions discussed casually to try and resolve this, but none stood out
 as a clear winner.

 = Discussion =

 I like the idea of redirecting users to .onion sites automatically when
 they type in the websites non-onion address. This way, users don't need to
 remember anything else, need to type in anything long, or really even know
 what onion sites are.

 My suggestion is to follow the https design pattern, and create a similar
 indicator for .onion sites.

 [[Image(onion-address-idea.png,600px)]]

 The proposed solution would be this: when a user types in a website
 (pad.riseup.net), they would automatically be redirected to the onion
 site. When this