[tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header

teor teor2345 at gmail.com
Tue Nov 14 17:25:09 UTC 2017

> On 14 Nov 2017, at 23:51, George Kadianakis <desnacked at riseup.net> wrote:
> 3.2. Auto-redirects too intrusive? Make them optional.
>   If we think that auto redirects are too intrusive, we should consider making
>   them optional, or letting the website specify the desired behavior.
>   If a website wants to specify an onion address but doesn't like
>   auto-redirects, it could specify that as part of Alt-Svc and we could still
>   inform the user that an onion is available using a notification bar again.

Inform the user that the onion address is available.

Make the default behaviour *not* to redirect (it's not faster, it's not more 
secure, and it's surprising). But I'd be willing to compromise here, by
letting the site specify an initial default, and having the Tor Browser default
be whatever.

 Let *the user* control the behaviour via the notification bar, and maybe
allow them to set a session default.
(This won't be persistent, for disk leak reasons.)

> 4. Drawbacks

You missed the biggest one:

If the onion site is down, the user will be redirected to the downed site.
(I've used onion site redirects with this issue, it's really annoying.)
Similarly, if a feature is broken on the onion site, the user will be
redirected to a site they can't use.

Or if the user simply wants to use the non-onion site for some reason
(maybe they want a link they can share with their non-onion friends,
or maybe they don't want to reveal they're using Tor Browser).

Users *must* have a way to disable the redirect on every redirect.


More information about the tor-dev mailing list