[HTTPS-Everywhere] "darkweb everywhere" extension

yan yan at mit.edu
Sun Nov 2 21:09:15 PST 2014


Hi all,

Some people have requested for the "Darkweb Everywhere" extension [1] to
be integrated into HTTPS Everywhere. This is an extension for Tor
Browser that redirects users to the Tor Hidden Service version of a
website when possible.

I'm supportive of the idea; however, I'm worried that since .onion
domain names are usually unrelated to a site's regular domain name, a
malicious ruleset would be hard to detect. AFAIK Darkweb Everywhere only
defends against this by publishing a doc in their Github repo that cites
evidence for each ruleset [2].

What if, instead, we asked website owners to send an HTTP header that
indicates the Tor Hidden Service version of their website? Then HTTPS
Everywhere could cache the result (like HSTS) and redirect to the THS
version automatically in the future if the user opts-in.

If this is something that EFF/Tor would be willing to advocate for, I
would be happy to draft a specification for the header syntax and
intended UA behavior.

Thanks,
Yan


[1] https://github.com/chris-barry/darkweb-everywhere/
[2]
https://github.com/chris-barry/darkweb-everywhere/blob/master/doc/EVIDENCE.md


More information about the HTTPS-Everywhere mailing list