[tor-dev] Special handling of .onion domains in Chrome/Firefox (post-IETF-standarization)

George Kadianakis desnacked at riseup.net
Mon Nov 2 19:05:26 UTC 2015


as you might know, the IETF recently decided to formally recognize .onion names
as special-use domain names [0].

This means that normal browsers like Chrome and Firefox can now handle onion
domains in a special manner since they know that they only correspond to Tor.

How would we like those browsers to treat onions?

For starters, those browsers should refuse to connect to onion domains entirely.
Onions don't work on normal browsers anyway, and also this will reduce the onion
leakage through the DNS system [1].

An extra measure would be to persuade those browser vendors to display some sort
of message to poor people who click onions using their normal browser. For
example they could display:

                  Oops, seems like you visited an onion link.
                  You need a special anonymous browser for this: www.torproject.org

What else could we do here? And is there anyone who can lobby for the right
behavior? :)

Of course, we all know that that inevitably those browsers will need to bundle
Tor, if they want to visit the actually secure onion Internet. But let's give
them a bit more time till they realize this :)


[0]: https://blog.torproject.org/blog/landmark-hidden-services-onion-names-reserved-ietf

[1]: https://www.petsymposium.org/2014/papers/Thomas.pdf

More information about the tor-dev mailing list