[tor-bugs] #21952 [User Experience]: Increasing the use of onion services through automatic redirects and aliasing

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 14 21:43:35 UTC 2017


#21952: Increasing the use of onion services through automatic redirects and
aliasing
---------------------------------+-------------------
     Reporter:  linda            |      Owner:  linda
         Type:  enhancement      |     Status:  new
     Priority:  Medium           |  Milestone:
    Component:  User Experience  |    Version:
     Severity:  Normal           |   Keywords:
Actual Points:                   |  Parent ID:
       Points:                   |   Reviewer:
      Sponsor:                   |
---------------------------------+-------------------
 ilf is experimenting with automatically redirecting Tor users to .onion
 versions of websites that they visit (because they want more people to
 visit onion sites and they will do so if it is painless to them). But when
 users were redirected automatically to an onion site, they freaked out
 about it because they didn't know what happened, didn't know what onion
 sites were, and the "https" was dropped.

 asn and dgoulet also were trying to find a solution to make onion sites
 more accessible to use. Specifically, onion addresses are quite long and
 random-ish, making them hard to remember and hard to type. There were many
 solutions discussed casually to try and resolve this, but none stood out
 as a clear winner.

 I like the idea of redirecting users to .onion sites automatically when
 they type in the websites non-onion address. This way, users don't need to
 remember anything else, need to type in anything long, or really even know
 what onion sites are.

 My suggestion is to follow the https design pattern, and create a similar
 indicator for .onion sites.



 The proposed solution would be this: when a user types in a website
 (pad.riseup.net), they would automatically be redirected to the onion
 site. When this happens, there would be an onion icon next to the address
 bar (replacing the https lock icon if there is one, or just being there an
 https lock icon would be if redirection from an http website), similar to
 that of the https lock icon. The address in the address bar can turned a
 different color or indicated in some way that this is an alias for the
 onion site.

 From my observation, people don't mind automatically being redirected to
 https sites from http sites, but freak out when redirected from an
 http/https site to an onion site. I don't think that this is because
 people know what https is and find the idea comforting (although this can
 help). I speculate that they don't mind because they don't notice, and the
 reason why users freaked out at the redirect to onion sites is that they
 saw the website address visibly change in the address bar.

 If we want to show users the address of the onion site, we can
 additionally have a feature to reveal the onion site when the user clicks
 in the address bar. But I don't know how I feel about this, since it may
 just be confusing, and just shock the user later. Users don't know that
 pad.riseup.net resolves to some numerical IP address, and that isn't
 displayed to users. So there could be an argument made for just indicating
 that the address is an alisas and not ever showing the .onion address,
 either. This will confuse way less of the general population.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21952>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list