Mike Cardwell: > * on the Tue, May 13, 2014 at 08:51:28PM -0400, Michael Wolf wrote: > >>> darkweb-everywhere >>> >>> "HTTPS Everywhere rulesets for hidden services and eepsites." >>> >>> https://github.com/chris-barry/darkweb-everywhere >>> >> >> I had an idea recently that might be an improvement (or might not?) on >> the darkweb-everywhere concept. What if we introduced an HTTP header >> similar to HSTS -- `X-Onion-Address` perhaps -- which could be sent by >> sites that wished to advertise their .onion address? Just like HSTS, >> the header would only be acted upon if received over HTTPS (we don't >> want malicious parties injecting headers and redirecting people). >> Future versions of TBB could perhaps automatically redirect users to the >> .onion site when this header is present, or perhaps prompt users to >> inform them of the hidden service. > > I would prefer it if the people who run websites with hidden service > alternatives would simply check if the client IP is a Tor exit node, > and then advertise the availability of the hidden service to such > users inside the actual website. > > This wouldn't be that difficult either. We have the Tor DNSEL, and > there are also a few Apache modules which allow you to perform DNSBL > style lookups on the client IP and perform different actions based on > the result, such as setting environment variables/headers etc.
I also like that idea. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
