[tor-project] Crowdsourcing some guidelines for what it means to make a web site "Tor-friendly"

George george at queair.net
Tue Jan 2 14:01:00 UTC 2018

Allen Gunn:
> Hello friends,
> I hope 2018 is off to a good start wherever this finds you.
> So for those who aren't aware, my NGO, Aspiration, advises other NGOs
> and activists on technology as part of our core mission.
> And a common piece of advice we proffer is "make sure your web site
> works well with Tor Browser", i.e., doesn't use Flash or overly depend
> on Javascript.

For *years* I've had a custom "badge" of sorts on queair.net indicating
the site is "Tor friendly." It seems a worthwhile low-level campaign to
wage that might not be relevant today, but can be tomorrow.

A well-signed but small log (maybe like the 'valid css' one?) could be

Or even a "Tor-friendly check" www-based tool might be an interesting
direction. It could check Flash easily enough, and maybe diff the site
over plain old HTTP versus over torsocks.

> The more I have given that advice, the more I have wondered if it was
> documented anywhere what it actually takes to be a "Tor-friendly" site.

Yes.  Simple enough with old-school HTML and perl-based mailforms. Not
so much with more complex contemporary sites.

> Big thanks to GeKo, who first confirmed for me that no such
> documentation seems to exist. And then for helping me to bootstrap this
> page:
> https://pad.riseup.net/p/torfriendlysite

While not prolific, it's a solid start.

> I'm writing to ask folks on this list to both add any thoughts you have
> on the matter, and to correct or comment on anything that's already
> there and doesn't seem quite right.
> Any contributions, both to the pad or emailed to me directly, are most
> appreciated.
> This is especially true if you know of relevant documentation anywhere
> else that I should be looking at.
> Once folks have weighed in, I will figure out where to post this on the
> Tor wiki and elsewhere in order to make it more broadly and reliably
> available.
> And if for any reason you think this is an ill-informed endeavor, I
> welcome that feedback as well :^)

All of the guidelines might be useful for sites not yet online, but for
sites already up and functional, migrating to "Tor friendly" is going to
be the challenge.

I also think it might be useful to give a brief "tagline" to the idea of
a Tor friendly www site, such as "allowing anonymity by design, not by
privacy policies" since I think it could be counterposed to long and
legelese-written privacy policies. From one angle, it's about enabling
anonymity by the user, and not necessarily doing anything in particular
for them.



34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180102/ceff26ab/attachment.sig>

More information about the tor-project mailing list