[tor-bugs] #19367 [Applications/Tor Browser]: Duckduckgo hidden service HTTPS

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 10 08:34:00 UTC 2016


#19367: Duckduckgo hidden service HTTPS
-------------------------------------+-------------------------------------
     Reporter:  mahomi12             |      Owner:  tbb-team
         Type:  enhancement          |     Status:  new
     Priority:  Low                  |  Milestone:  Tor: unspecified
    Component:  Applications/Tor     |    Version:  Tor: unspecified
  Browser                            |   Keywords:  HTTPS, Hidden Service,
     Severity:  Minor                |  DuckDuckGo
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 I'd like to propose that the Tor browsers uses the HTTPS version of the
 DuckDuckGo hidden service if DDG is the selected search engine. Whether
 the use of HTTPS adds anything to the security of a Tor hidden service is
 up for debate. [https://blog.torproject.org/blog/facebook-hidden-services-
 and-https-certs This post] may give some perspective on it's advantages.
 In the case of DuckDuckGo, the hidden service is most certainly located on
 a different machine than the webservice so the use of HTTPS may be
 especially useful here.

 The problem here is that the certificate is only valid for
 *.duckduckgo.com so we need to add an exception for that. But ''"That
 approach would raise the political question though of which sites we
 should endorse in this way."'' Personally I think that's OK, since it's
 not just a random website but a search engine that was already built into
 the browser anyway.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19367>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list