[tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing (was: Increasing the use of onion services through automatic redirects and aliasing)

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Aug 18 18:55:20 UTC 2017


#21952: .Onion everywhere?: increasing the use of onion services through automatic
redirects and aliasing
----------------------+--------------------------
 Reporter:  linda     |          Owner:  linda
     Type:  project   |         Status:  reopened
 Priority:  Medium    |      Milestone:
Component:  Webpages  |        Version:
 Severity:  Normal    |     Resolution:
 Keywords:  ux-team   |  Actual Points:
Parent ID:            |         Points:
 Reviewer:            |        Sponsor:
----------------------+--------------------------
Description changed by linda:

Old description:

> = Background =
>
> People can't remember, or type in onion sites very easily. We should try
> to fix this somehow.
>
>  ilf is experimenting with automatically redirecting Tor users to .onion
> versions of websites that they visit (because they want more people to
> visit onion sites and they will do so if it is painless to them). But
> when users were redirected automatically to an onion site, they freaked
> out about it because they didn't know what happened, didn't know what
> onion sites were, and the "https" was dropped.
>
> asn and dgoulet also were trying to find a solution to make onion sites
> more accessible to use. Specifically, onion addresses are quite long and
> random-ish, making them hard to remember and hard to type. There were
> many solutions discussed casually to try and resolve this, but none stood
> out as a clear winner.
>
> = Discussion =
>
> I like the idea of redirecting users to .onion sites automatically when
> they type in the websites non-onion address. This way, users don't need
> to remember anything else, need to type in anything long, or really even
> know what onion sites are.
>
> My suggestion is to follow the https design pattern, and create a similar
> indicator for .onion sites.
>
> [[Image(onion-address-idea.png,600px)]]
>
> The proposed solution would be this: when a user types in a website
> (pad.riseup.net), they would automatically be redirected to the onion
> site. When this happens, there would be an onion icon next to the address
> bar (replacing the https lock icon if there is one, or just being there
> an https lock icon would be if redirection from an http website), similar
> to that of the https lock icon. The address in the address bar can turned
> a different color or indicated in some way that this is an alias for the
> onion site.
>
> From my observation, people don't mind automatically being redirected to
> https sites from http sites, but freak out when redirected from an
> http/https site to an onion site. I don't think that this is because
> people know what https is and find the idea comforting (although this can
> help). I speculate that they don't mind because they don't notice, and
> the reason why users freaked out at the redirect to onion sites is that
> they saw the website address visibly change in the address bar.
>
> Also--
>
> If we want to show users the address of the onion site, we can
> additionally have a feature to reveal the onion site when the user clicks
> in the address bar.
>
> [[Image(onion-address-secondary-idea.png,600px)]]
>
>  I don't know how I feel about this, since it may just be confusing, and
> just shock the user later. Users don't know that pad.riseup.net resolves
> to some numerical IP address, and that isn't displayed to users. So there
> could be an argument made for just indicating that the address is an
> alisas and not ever showing the .onion address, either. This will confuse
> way less of the general population.

New description:

 = Background =

 People can't remember, or type in onion sites very easily. We should try
 to fix this somehow.

  ilf is experimenting with automatically redirecting Tor users to .onion
 versions of websites that they visit (because they want more people to
 visit onion sites and they will do so if it is painless to them). But when
 users were redirected automatically to an onion site, they freaked out
 about it because they didn't know what happened, didn't know what onion
 sites were, and the "https" was dropped.

 asn and dgoulet also were trying to find a solution to make onion sites
 more accessible to use. Specifically, onion addresses are quite long and
 random-ish, making them hard to remember and hard to type. There were many
 solutions discussed casually to try and resolve this, but none stood out
 as a clear winner.

 = Discussion =

 I like the idea of redirecting users to .onion sites automatically when
 they type in the websites non-onion address. This way, users don't need to
 remember anything else, need to type in anything long, or really even know
 what onion sites are.

 My suggestion is to follow the https design pattern, and create a similar
 indicator for .onion sites.

 [[Image(onion-address-idea.png,600px)]]

 The proposed solution would be this: when a user types in a website
 (pad.riseup.net), they would automatically be redirected to the onion
 site. When this happens, there would be an onion icon next to the address
 bar (replacing the https lock icon if there is one, or just being there an
 https lock icon would be if redirection from an http website), similar to
 that of the https lock icon. The address in the address bar can turned a
 different color or indicated in some way that this is an alias for the
 onion site.

 From my observation, people don't mind automatically being redirected to
 https sites from http sites, but freak out when redirected from an
 http/https site to an onion site. I don't think that this is because
 people know what https is and find the idea comforting (although this can
 help). I speculate that they don't mind because they don't notice, and the
 reason why users freaked out at the redirect to onion sites is that they
 saw the website address visibly change in the address bar.

 Also--

 If we want to show users the address of the onion site, we can
 additionally have a feature to reveal the onion site when the user clicks
 in the address bar.

 [[Image(onion-address-secondary-idea.png,600px)]]

  I don't know how I feel about this, since it may just be confusing, and
 just shock the user later. Users don't know that pad.riseup.net resolves
 to some numerical IP address, and that isn't displayed to users. So there
 could be an argument made for just indicating that the address is an
 alisas and not ever showing the .onion address, either. This will confuse
 way less of the general population.

 = Considerations =
 * how should the redirect behavior work?
 * how can we implement this without tracking?
 * should we allow users to turn off this redirecting behavior?
 * should we hide the .onion address from the users more so than the
 proposal above?

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21952#comment:34>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list