> TBB plugin: T2W-OE - tor2web onion everywhere. > Fork HTTPS-E. > Maintain list of known t2w's. > Plugin update from tpo. > Matching engine rewrites t2w URL's to onions in TBB before the fetch.
You are correct my good sir! This is indeed the better way. Thank you! I made a pull request to HTTPS-E for the requisite tor2web rules. https://github.com/EFForg/https-everywhere/pull/3033 It's unclear to me how to make these rules only apply to the TBB version, but judging by the version history of HTTPS-E they have a way of doing that. Unless there's another specific issue, I consider the matter of Tor users accidentally clicking links to Tor2web nodes solved. -V On Sat, Oct 3, 2015 at 8:29 PM grarpamp <[email protected]> wrote: > > various wrote: > > Yesterday Lief compellingly argued that if a TBB user accidentally > clicks on > > a link to my tor2web proxy (onion.link), that they should be redirected > to > > the .onion address. It hadn't occurred before that a Tor user might > > accidentally click a onion.link URL > > TBB plugin: T2W-OE - tor2web onion everywhere. > Fork HTTPS-E. > Maintain list of known t2w's. > Plugin update from tpo. > Matching engine rewrites t2w URL's to onions in TBB before the fetch. > > > { "countrycode": "A1", "location": "Tor", "domain": "torproject.org" } > > or some such. This seems a reasonable request. Do we know someone at > > They may not wish to if they want to return a single result per IP, and an > IP could be running more than one proxy (tor, i2p/cjdns exit, vpngate, > plain old vpn service, whatever), it's not generally possible to tell which > proxy emitted traffic from said IP, nor is it reasonable to require tor > exits > operators to not participate in other networks. > > > Tor-Browser-Bundle: true > > Great for advertising statistical demand for anonymous access to > clearnet web operators, bad for blocking. > > > Are we still trying to hide TBB users in the Mozilla browser crowd? > > TBB should conform to Mozilla. Though it's a unique header, currently > unused by web operators, that's only for a while. If any such thing, it > should > be a toggle, default off. You don't want to be unique unless you have to, > and it's unlikely even 1/3 of clearnet operators are programmatically > exit-aware, with fewer programmed to block. > > > the "x-tor2web" request header. We eventually decided to add it. > > Which is fine because it doesn't disclose any bits about the user to > clearnet, the disclosure to the onion is still anon and moot, and the > user can go direct to the onion if the onion blocks t2w. > > > The CDN should forward the client IP address as X-Forwarded-For or > > something? > > Other proxies, vpn's, chains, whatever between t2w and the exit may not do > this. > > > If any sites do start blocking users based on the header (and not also > based on IP) > > it will push people into using a non-TBB browser to access Tor. > > Yep. > _______________________________________________ > tor-dev mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev >
_______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
