[tor-project] Crowdsourcing some guidelines for what it means to make a web site "Tor-friendly"

Tue Jan 2 21:49:09 UTC 2018

Howdy,

On 01/02/2018 06:01 AM, George wrote:
> Allen Gunn:
>> Hello friends,
>>
>> I hope 2018 is off to a good start wherever this finds you.
>>
>> So for those who aren't aware, my NGO, Aspiration, advises other NGOs
>> and activists on technology as part of our core mission.
>>
>> And a common piece of advice we proffer is "make sure your web site
>> works well with Tor Browser", i.e., doesn't use Flash or overly depend
>> on Javascript.
> 
> For *years* I've had a custom "badge" of sorts on queair.net indicating
> the site is "Tor friendly." It seems a worthwhile low-level campaign to
> wage that might not be relevant today, but can be tomorrow.
> 
> A well-signed but small log (maybe like the 'valid css' one?) could be
> useful.
> 
> Or even a "Tor-friendly check" www-based tool might be an interesting
> direction. It could check Flash easily enough, and maybe diff the site
> over plain old HTTP versus over torsocks.

These are all great thoughts, thanks.

>> The more I have given that advice, the more I have wondered if it was
>> documented anywhere what it actually takes to be a "Tor-friendly" site.
> 
> Yes.  Simple enough with old-school HTML and perl-based mailforms. Not
> so much with more complex contemporary sites.
> 
>>
>> Big thanks to GeKo, who first confirmed for me that no such
>> documentation seems to exist. And then for helping me to bootstrap this
>> page:
>>
>> https://pad.riseup.net/p/torfriendlysite
> 
> While not prolific, it's a solid start.

Thanks :^)

>> I'm writing to ask folks on this list to both add any thoughts you have
>> on the matter, and to correct or comment on anything that's already
>> there and doesn't seem quite right.
>>
>> Any contributions, both to the pad or emailed to me directly, are most
>> appreciated.
>>
>> This is especially true if you know of relevant documentation anywhere
>> else that I should be looking at.
>>
>> Once folks have weighed in, I will figure out where to post this on the
>> Tor wiki and elsewhere in order to make it more broadly and reliably
>> available.
>>
>> And if for any reason you think this is an ill-informed endeavor, I
>> welcome that feedback as well :^)
> 
> All of the guidelines might be useful for sites not yet online, but for
> sites already up and functional, migrating to "Tor friendly" is going to
> be the challenge.

Agreed. But even getting more sites coming online to test against TB
will hopefully improve things over time.

> I also think it might be useful to give a brief "tagline" to the idea of
> a Tor friendly www site, such as "allowing anonymity by design, not by
> privacy policies" since I think it could be counterposed to long and
> legelese-written privacy policies. From one angle, it's about enabling
> anonymity by the user, and not necessarily doing anything in particular
> for them.

Yep, that makes total sense. Thanks!
gunner

> 
> g
> 
> 
> 
> 
> _______________________________________________
> tor-project mailing list
> tor-project at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
> 

-- 

Allen Gunn
Executive Director, Aspiration
+1.415.216.7252
www.aspirationtech.org

Aspiration: "Better Tools for a Better World"

Read our Manifesto: http://aspirationtech.org/publications/manifesto

Twitter:  www.twitter.com/aspirationtech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180102/03521c14/attachment.sig>