<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Hi All,</div><div><br></div><div>A "privacy everywhere" solution could have two components:</div><div>1. the  HSTS-like "always open this site in .onion" policy already discussed; and</div><div>2. an AppLinks or AppLinks-like[1] header that specifies a preferred app and/or URL for Tor, I2P, namecoin, …</div><div><br></div><div>The first handles the situation where you're already in the Tor browser, I2P, namecoin, and simply wish to pin the .onion etc. URL for that site.</div><div><br></div><div>The second handles the situation where you're browsing the web in your standard browser, but want to switch to a .onion site in the Tor browser if one is available (or the equivalent namecoin or I2P action). AppLinks is mainly designed for mobile platforms, but has Windows schemes as well.</div><div><br></div><div>I could imagine schemes like:</div><div>al:onion:url                <a href="https://facebookcorewwwi.onion">https://facebookcorewwwi.onion</a></div><div>al:onion:attribute      value</div><div><br></div><div><div>al:namecoin:url               https://...</div><div>al:namecoin:attribute      value</div></div><div><br></div><div><div>al:i2p:url                https://...</div><div>al:i2p:attribute      value</div></div><div><br></div><div>What do you think?</div><div>I wonder if this is helpful, or could just end up being out of scope, duplicating effort, or abusing the AppLinks protocol design (which is focused on an app per platform, not multiple options for alternate URLs).</div><div><br></div><div>T</div><div><br></div><div><br></div><div>[1]: <a href="http://applinks.org/documentation/#applinknavigationprotocol">http://applinks.org/documentation/#applinknavigationprotocol</a></div><div><br></div><div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span style="background-color: rgba(255, 255, 255, 0);">teor<br>pgp 0xABFED1AC<br><a href="hkp://pgp.mit.edu/">hkp://pgp.mit.edu/</a></span></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><font color="#000000"><span style="background-color: rgba(255, 255, 255, 0);"><a href="https://gist.github.com/teor2345/d033b8ce0a99adbc89c5">https://gist.github.com/teor2345/d033b8ce0a99adbc89c5</a><br><a href="http://0bin.net/paste/Mu92kPyphK0bqmbA#Zvt3gzMrSCAwDN6GKsUk7Q8G-eG+Y+BLpe7wtmU66Mx" x-apple-data-detectors="true" x-apple-data-detectors-type="link" x-apple-data-detectors-result="2">http://0bin.net/paste/Mu92kPyphK0bqmbA#Zvt3gzMrSCAwDN6GKsUk7Q8G-eG+Y+BLpe7wtmU66Mx</a></span></font></div></div><div><br>On 3 Nov 2014, at 23:00, <a href="mailto:tor-dev-request@lists.torproject.org">tor-dev-request@lists.torproject.org</a> wrote:<br></div><blockquote type="cite"><span>Date: Mon, 03 Nov 2014 00:12:53 -0600</span><br><span>From: Jeremy Rand <<a href="mailto:biolizard89@gmail.com">biolizard89@gmail.com</a>></span><br><span>To: <a href="mailto:tor-dev@lists.torproject.org">tor-dev@lists.torproject.org</a>,  https-everywhere</span><br><span>    <<a href="mailto:https-everywhere@lists.eff.org">https-everywhere@lists.eff.org</a>>, <a href="mailto:namecoin@googlegroups.com">namecoin@googlegroups.com</a></span><br><span>Subject: Re: [tor-dev] [HTTPS-Everywhere] "darkweb everywhere"</span><br><br><span>-----BEGIN PGP SIGNED MESSAGE-----</span><br><span>Hash: SHA1</span><br><span></span><br><span>Hi Yan,</span><br><span></span><br><span>Namecoin would definitely be interested in something similar (we were</span><br><span>actually discussing the possibility of exactly this yesterday).  Maybe</span><br><span>we could produce a list of relevant projects that would benefit from</span><br><span>this?  (The three that come to mind immediately are Tor, I2P, and</span><br><span>Namecoin, but there may be others.)  If there are more than a few</span><br><span>projects that would benefit, then it might be interesting to find a</span><br><span>neutral format for the HTTP header, so that we wouldn't have to list</span><br><span>all the supported TLD's explicitly in the spec.</span><br><span></span><br><span>(CCing to Namecoin dev list.)</span><br><span></span><br><span>- -Jeremy Rand</span><br><span>Lead Application Engineer, Namecoin Project</span><br><span></span><br><blockquote type="cite"><span>On 11/02/2014 11:48 PM, yan wrote:</span><br></blockquote><blockquote type="cite"><span>+tor-dev. tl;dr: Would be nice if there were an HTTP response</span><br></blockquote><blockquote type="cite"><span>header that allows HTTPS servers to indicate their .onion domain</span><br></blockquote><blockquote type="cite"><span>names so that HTTPS Everywhere can automatically redirect to the</span><br></blockquote><blockquote type="cite"><span>.onion version in the future if the user chooses a "use THS when</span><br></blockquote><blockquote type="cite"><span>available" preference.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>I imagine the header semantics and processing would be similar to</span><br></blockquote><blockquote type="cite"><span>HSTS. It would only be noted when sent over TLS and have the</span><br></blockquote><blockquote type="cite"><span>max-age and include-subdomains fields.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>-yan</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>yan wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>Hi all,</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Some people have requested for the "Darkweb Everywhere" extension</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>[1] to be integrated into HTTPS Everywhere. This is an extension</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>for Tor Browser that redirects users to the Tor Hidden Service</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>version of a website when possible.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>I'm supportive of the idea; however, I'm worried that since</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>.onion domain names are usually unrelated to a site's regular</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>domain name, a malicious ruleset would be hard to detect. AFAIK</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Darkweb Everywhere only defends against this by publishing a doc</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>in their Github repo that cites evidence for each ruleset [2].</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>What if, instead, we asked website owners to send an HTTP header</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>that indicates the Tor Hidden Service version of their website?</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Then HTTPS Everywhere could cache the result (like HSTS) and</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>redirect to the THS version automatically in the future if the</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>user opts-in.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>If this is something that EFF/Tor would be willing to advocate</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>for, I would be happy to draft a specification for the header</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>syntax and intended UA behavior.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Thanks, Yan</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>[1] <a href="https://github.com/chris-barry/darkweb-everywhere/">https://github.com/chris-barry/darkweb-everywhere/</a> [2] </span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span><a href="https://github.com/chris-barry/darkweb-everywhere/blob/master/doc/EVIDENCE.md">https://github.com/chris-barry/darkweb-everywhere/blob/master/doc/EVIDENCE.md</a></span><div style="display: none;"><br></div></blockquote><div style="display: none;"></div></blockquote><div style="display: none;"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></div><blockquote type="cite"><div style="display: none;"></div><blockquote type="cite"><div style="display: none;"><span></span><br></div></blockquote></blockquote><span>_______________________________________________</span><br><blockquote type="cite"><blockquote type="cite"><span>HTTPS-Everywhere mailing list <a href="mailto:HTTPS-Everywhere@lists.eff.org">HTTPS-Everywhere@lists.eff.org</a> </span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span><a href="https://lists.eff.org/mailman/listinfo/https-everywhere">https://lists.eff.org/mailman/listinfo/https-everywhere</a></span><div style="display: none;"><br></div></blockquote><div style="display: none;"></div></blockquote><div style="display: none;"></div><blockquote type="cite"><div style="display: none;"></div><blockquote type="cite"><div style="display: none;"><span></span><br></div></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>_______________________________________________ tor-dev mailing</span><br></blockquote><blockquote type="cite"><span>list <a href="mailto:tor-dev@lists.torproject.org">tor-dev@lists.torproject.org</a> </span><br></blockquote><blockquote type="cite"><span><a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a></span><div style="display: none;"><br></div></blockquote><div style="display: none;"></div><blockquote type="cite"><div style="display: none;"><span></span><br></div></blockquote><span></span><br><span>-----BEGIN PGP SIGNATURE-----</span><br><span>Version: GnuPG v1</span><br><span></span><br><span>iQEcBAEBAgAGBQJUVxzXAAoJEFgMI9bDV/9qY3UIAJrl5LI/1OHJngu1W9DsLAjr</span><br><span>nh+Csnm66z5tQTwiwva1Tb4b6trHv4KkHItaTm0cI44mQNsd+YEkh0oRBTSNNcRm</span><br><span>HY0BDn2pqTlQPN9bWvclGEtCacevCbaQiZgPpxPa+1crtavto4VAnv0/EI85QVAe</span><br><span>XHUNBeAHmB3qNATXsVJ61oksWlU/x8ao62fB13cUd2fVyaasWz4PPsAJ9n3TkdYG</span><br><span>/el7mAuM6XdA1fFaGFd1ta0jRuER2VgKQvJQctu/6a/9jiNlib3YmMOOxvF0WR+/</span><br><span>foUdhFkNCmRWwxqnxFDiKM0ilRLjTQ47CYRkgkqD4azPlkNvUULbO3KhaWPB9/4=</span><br><span>=rUsH</span><br><span>-----END PGP SIGNATURE-----</span><br><span></span><br></blockquote></body></html>