Allen Gunn:
Hello friends,
I hope 2018 is off to a good start wherever this finds you.
So for those who aren't aware, my NGO, Aspiration, advises other NGOs and activists on technology as part of our core mission.
And a common piece of advice we proffer is "make sure your web site works well with Tor Browser", i.e., doesn't use Flash or overly depend on Javascript.
For *years* I've had a custom "badge" of sorts on queair.net indicating the site is "Tor friendly." It seems a worthwhile low-level campaign to wage that might not be relevant today, but can be tomorrow.
A well-signed but small log (maybe like the 'valid css' one?) could be useful.
Or even a "Tor-friendly check" www-based tool might be an interesting direction. It could check Flash easily enough, and maybe diff the site over plain old HTTP versus over torsocks.
The more I have given that advice, the more I have wondered if it was documented anywhere what it actually takes to be a "Tor-friendly" site.
Yes. Simple enough with old-school HTML and perl-based mailforms. Not so much with more complex contemporary sites.
Big thanks to GeKo, who first confirmed for me that no such documentation seems to exist. And then for helping me to bootstrap this page:
While not prolific, it's a solid start.
I'm writing to ask folks on this list to both add any thoughts you have on the matter, and to correct or comment on anything that's already there and doesn't seem quite right.
Any contributions, both to the pad or emailed to me directly, are most appreciated.
This is especially true if you know of relevant documentation anywhere else that I should be looking at.
Once folks have weighed in, I will figure out where to post this on the Tor wiki and elsewhere in order to make it more broadly and reliably available.
And if for any reason you think this is an ill-informed endeavor, I welcome that feedback as well :^)
All of the guidelines might be useful for sites not yet online, but for sites already up and functional, migrating to "Tor friendly" is going to be the challenge.
I also think it might be useful to give a brief "tagline" to the idea of a Tor friendly www site, such as "allowing anonymity by design, not by privacy policies" since I think it could be counterposed to long and legelese-written privacy policies. From one angle, it's about enabling anonymity by the user, and not necessarily doing anything in particular for them.
g