[tor-project] Crowdsourcing some guidelines for what it means to make a web site "Tor-friendly"
gunner at aspirationtech.org
Tue Jan 2 21:49:09 UTC 2018
On 01/02/2018 06:01 AM, George wrote:
> Allen Gunn:
>> Hello friends,
>> I hope 2018 is off to a good start wherever this finds you.
>> So for those who aren't aware, my NGO, Aspiration, advises other NGOs
>> and activists on technology as part of our core mission.
>> And a common piece of advice we proffer is "make sure your web site
>> works well with Tor Browser", i.e., doesn't use Flash or overly depend
> For *years* I've had a custom "badge" of sorts on queair.net indicating
> the site is "Tor friendly." It seems a worthwhile low-level campaign to
> wage that might not be relevant today, but can be tomorrow.
> A well-signed but small log (maybe like the 'valid css' one?) could be
> Or even a "Tor-friendly check" www-based tool might be an interesting
> direction. It could check Flash easily enough, and maybe diff the site
> over plain old HTTP versus over torsocks.
These are all great thoughts, thanks.
>> The more I have given that advice, the more I have wondered if it was
>> documented anywhere what it actually takes to be a "Tor-friendly" site.
> Yes. Simple enough with old-school HTML and perl-based mailforms. Not
> so much with more complex contemporary sites.
>> Big thanks to GeKo, who first confirmed for me that no such
>> documentation seems to exist. And then for helping me to bootstrap this
> While not prolific, it's a solid start.
>> I'm writing to ask folks on this list to both add any thoughts you have
>> on the matter, and to correct or comment on anything that's already
>> there and doesn't seem quite right.
>> Any contributions, both to the pad or emailed to me directly, are most
>> This is especially true if you know of relevant documentation anywhere
>> else that I should be looking at.
>> Once folks have weighed in, I will figure out where to post this on the
>> Tor wiki and elsewhere in order to make it more broadly and reliably
>> And if for any reason you think this is an ill-informed endeavor, I
>> welcome that feedback as well :^)
> All of the guidelines might be useful for sites not yet online, but for
> sites already up and functional, migrating to "Tor friendly" is going to
> be the challenge.
Agreed. But even getting more sites coming online to test against TB
will hopefully improve things over time.
> I also think it might be useful to give a brief "tagline" to the idea of
> a Tor friendly www site, such as "allowing anonymity by design, not by
> privacy policies" since I think it could be counterposed to long and
> legelese-written privacy policies. From one angle, it's about enabling
> anonymity by the user, and not necessarily doing anything in particular
> for them.
Yep, that makes total sense. Thanks!
> tor-project mailing list
> tor-project at lists.torproject.org
Executive Director, Aspiration
Aspiration: "Better Tools for a Better World"
Read our Manifesto: http://aspirationtech.org/publications/manifesto
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the tor-project