[HTTPS-Everywhere] "darkweb everywhere" extension
Maxim Nazarenko
nz.phone at mail.ru
Mon Nov 3 04:14:07 PST 2014
Sounds like a great idea. Even Facebook runs its hidden service nowadays...
My two cents:
1) The specification should be extensible, so other networks (such as
I2P) would be covered.
2) Well-known locations might also be used (not sure if this is a good idea).
3) From an extension user viewpoint, preload list would be very nice.
Best regards,
Maxim Nazarenko
On 3 November 2014 08:09, yan <yan at mit.edu> wrote:
> Hi all,
>
> Some people have requested for the "Darkweb Everywhere" extension [1] to
> be integrated into HTTPS Everywhere. This is an extension for Tor
> Browser that redirects users to the Tor Hidden Service version of a
> website when possible.
>
> I'm supportive of the idea; however, I'm worried that since .onion
> domain names are usually unrelated to a site's regular domain name, a
> malicious ruleset would be hard to detect. AFAIK Darkweb Everywhere only
> defends against this by publishing a doc in their Github repo that cites
> evidence for each ruleset [2].
>
> What if, instead, we asked website owners to send an HTTP header that
> indicates the Tor Hidden Service version of their website? Then HTTPS
> Everywhere could cache the result (like HSTS) and redirect to the THS
> version automatically in the future if the user opts-in.
>
> If this is something that EFF/Tor would be willing to advocate for, I
> would be happy to draft a specification for the header syntax and
> intended UA behavior.
>
> Thanks,
> Yan
>
>
> [1] https://github.com/chris-barry/darkweb-everywhere/
> [2]
> https://github.com/chris-barry/darkweb-everywhere/blob/master/doc/EVIDENCE.md
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
More information about the HTTPS-Everywhere
mailing list