[HTTPS-Everywhere] "darkweb everywhere" extension
Nick Semenkovich
nick at semenkovich.com
Mon Nov 3 08:53:58 PST 2014
This is a great idea! Any thoughts on extending parts of this to Chrome?
I understand there are significant issues with Chrome & Tor, though I also
think making Tor more visible and accessible to end-users is a good goal.
Some options:
- Flashing the HTTPSe icon when a .onion site is available (or showing
another symbol, etc.)
- Allow one-click to tor2web (this has some broader implications ... I
worry users would think they were somehow anonymous using tor2web)
- Nick
[1]
https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting
On Mon, Nov 3, 2014 at 7:08 AM, Alex Xu <alex_y_xu at yahoo.ca> wrote:
> On 03/11/14 12:48 AM, yan wrote:
> > +tor-dev. tl;dr: Would be nice if there were an HTTP response header
> > that allows HTTPS servers to indicate their .onion domain names so that
> > HTTPS Everywhere can automatically redirect to the .onion version in the
> > future if the user chooses a "use THS when available" preference.
> >
> > I imagine the header semantics and processing would be similar to HSTS.
> > It would only be noted when sent over TLS and have the max-age and
> > include-subdomains fields.
> >
> > -yan
> >
> > yan wrote:
> >> Hi all,
> >>
> >> Some people have requested for the "Darkweb Everywhere" extension [1] to
> >> be integrated into HTTPS Everywhere. This is an extension for Tor
> >> Browser that redirects users to the Tor Hidden Service version of a
> >> website when possible.
> >>
> >> I'm supportive of the idea; however, I'm worried that since .onion
> >> domain names are usually unrelated to a site's regular domain name, a
> >> malicious ruleset would be hard to detect. AFAIK Darkweb Everywhere only
> >> defends against this by publishing a doc in their Github repo that cites
> >> evidence for each ruleset [2].
> >>
> >> What if, instead, we asked website owners to send an HTTP header that
> >> indicates the Tor Hidden Service version of their website? Then HTTPS
> >> Everywhere could cache the result (like HSTS) and redirect to the THS
> >> version automatically in the future if the user opts-in.
> >>
> >> If this is something that EFF/Tor would be willing to advocate for, I
> >> would be happy to draft a specification for the header syntax and
> >> intended UA behavior.
> >>
> >> Thanks,
> >> Yan
> >>
> >>
> >> [1] https://github.com/chris-barry/darkweb-everywhere/
> >> [2]
> >>
> https://github.com/chris-barry/darkweb-everywhere/blob/master/doc/EVIDENCE.md
> >> _______________________________________________
> >> HTTPS-Everywhere mailing list
> >> HTTPS-Everywhere at lists.eff.org
> >> https://lists.eff.org/mailman/listinfo/https-everywhere
> >>
> >
> > _______________________________________________
> > HTTPS-Everywhere mailing list
> > HTTPS-Everywhere at lists.eff.org
> > https://lists.eff.org/mailman/listinfo/https-everywhere
> >
>
> https://lists.torproject.org/pipermail/tor-talk/2014-May/032906.html
>
>
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
>
--
Nick Semenkovich
Laboratory of Dr. Jeffrey I. Gordon
Medical Scientist Training Program
School of Medicine
Washington University in St. Louis
https://nick.semenkovich.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20141103/96d2994b/attachment-0001.html>
More information about the HTTPS-Everywhere
mailing list