[tor-dev] Proposition: Applying an AONT to Prop224 addresses?

Roger Dingledine arma at mit.edu
Mon Apr 3 17:50:31 UTC 2017

On Mon, Apr 03, 2017 at 10:48:26AM -0400, Ian Goldberg wrote:
> The other thing to remember is that didn't we already say that
> facebookgbiyeqv3ebtjnlntwyvjoa2n7rvpnnaryd4a.onion
> and
> face-book-gbiy-eqv3-ebtj-nlnt-wyvj-oa2n-7rvp-nnar-yd4a.onion
> will mean the same thing?

Did we? I admit that I haven't been paying enough attention to anything
lately, but last I checked, we thought that was a terrible idea because
people can make a bunch of different versions of the address, and use
them as tracking mechanisms for users. (For example, I put two versions
of the same address on my two different pages, and now when somebody goes
to that onion address, I can distinguish which page they came from. In
the extreme versions of this idea, I give a unique version of my address
to the target, and then I can spot him when he uses it.)

Ultimately the problem is that the browser is too good at giving away
the hostname that it thinks it's going to -- in various headers, in
cross-site isolation, etc etc.

So, if we have indeed decided to allow many versions of format for
onion addresses, I hope we thought through this attack and decided it
was worth it. :)


More information about the tor-dev mailing list