[tor-talk] Tor advice for web developers
Runa A. Sandvik
runa.sandvik at gmail.com
Fri Jun 22 20:53:18 UTC 2012
On Fri, Jun 22, 2012 at 8:03 PM, Micah Lee <micah at eff.org> wrote:
> I will be giving a talk at HOPE called Privacy Tricks for Activist Web
> Developers. I was planning on including a section about exit enclaves,
> how they work and how to set them up on your server. But then I
> discovered that they will be deprecated soon:
Great! I will be at HOPE as well.
> https://trac.torproject.org/projects/tor/wiki/doc/ExitEnclave
>
> "Overall the use of enclaves is not advised for these two main reasons:
> - - They will not be supported in future versions of Tor (> 0.2.3.x)
> - - They do not fit any particular threat model"
>
> So it seems like I should leave this out of my talk.
>
> Is there other advice I can give to web developers and sysadmins who
> run websites for activists to make them easier for Tor users to use
> securely?
I can think of a few things; provide information about where to get
Tor and how to use it correctly (even if the site just points users at
the short user manual), make the site available as a Tor hidden
service, make sure the site is functional for Tor users (e.g. no
Flash), make sure the site is accessible for Tor users (e.g. don't ban
a set of exit relays, serve Tor users different content, tell Tor
users to not use Tor). An added bonus would be to tell non-Tor
visitors that they really should be using Tor.
--
Runa A. Sandvik
More information about the tor-talk
mailing list