[tor-talk] Using HTTPS Everywhere to redirect to .onion

Griffin Boyce griffin at cryptolab.net
Thu Feb 27 05:28:54 UTC 2014


   Well, it's an interesting idea, and one that has cropped up 
throughout the years.  This is something that makes the most sense for 
websites that are at huge risk of being taken down through domain 
seizures or DNS shenanigans, with a number of rulesets in the TBB.  But 
I *think* this problem is a little trickier than it appears on first 
blush.  If the site is down because the server is down/seized/wiped, 
then the onion's key information could be gone too.

   It would be cool if the TBB redirected to the backup onion of a site 
if the primary domain is down.  cryptic.be > 404! > cryptic000000000.onion

   Problem there is kind of obvious in that it's not easy to get a list 
of websites which offer an alternate address.  One thing that might be 
interesting is to incorporate some kind of a meta tag that lists their 
.onion.  So while you might go to https://yahoo.com, yahoo.onion is 
available and gets added to a list of hidden services.  Or site owners 
could opt-in with relevant information in an onion.txt.  Or visitors 
could recommend a website for inclusion/spidering similar to either 
pingomatic or google's old webmaster tools site.  (Note that this 
paragraph likely contradicts some of Tor's current dev goals around 
hidden service enumeration).

~Griffin

ps: <3 https-everywhere hacks ^_^


fortasse wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hello all,
>
> I am the web admin on the Whonix project (www.whonix.org /
> kkkkkkkkkk63ava6.onion), where we serve the same wiki, blog, and
> forums on both a .org and .onion, for censorship-resistance purposes.
>
> Most web applications expect to "be" at one base URL, and generate
> dynamic links based off the "known" location, which is usually entered
> by hand during installation. That works great for most use cases; but
> .onions are not a typical use case.
>
> While trying to come up with a way for the forum users to be able to
> browse without having to manually edit the .org links into .onion
> links, I threw together a HTTPS Everywhere user ruleset:
>
> <ruleset name="Whonix Onion">
>    <target host="www.whonix.org" />
>    <target host="kkkkkkkkkk63ava6.onion" />
>    <rule from="^http(s)?://(www\.)?whonix\.org/"
> to="http://kkkkkkkkkk63ava6.onion/"/>
> </ruleset>
>
> and it works beautifully. With this ruleset enabled, the user can type
> in "whonix.org/forum" and the browser will actually make the request
> for "http://kkkkkkkkkk63ava6.onion/forum". If the user wants the .org
> version, they can toggle the ruleset off.
>
> My question is does this have more potential than being a weird
> (rather effective) hack? Could we make an "onion Everywhere" as it
> were to help solve the difficult-to-remember onion names? Or is this
> just another layer of confusion that further increases the barrier of
> entry on successful Tor use?
>
> It's a pretty simple idea, and I am open to any questions, comments,
> or rude remarks.
>
> Thanks!
>
> ~~Fortasse
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJTDnhNAAoJEEPTfXfAqYu3I9kP/3MO32PAxC3OGXspvTF963yG
> jcmD26RYxDqcrZmzSV4m/Y8eiGIIfzt8RO6/rr4xlQmyRpzCw072LFAKKr3Matmj
> romheo4k+PQHzantlU90MU6RprHb+7zEO+3F779417N82RuGdyjiNYIfQW65XC+y
> Mc25gKcf3n4ywEC45FIvZ+fvuU8yVl++r+azdDUcvtCJDJteVJabp/x8sV1S+Jm9
> z4prenfsn8Q5aBtAfOKx5VObqIeMbTIZafakkkdPDSPDWf5zdK6RJQXhZ7gbwls/
> 3tiVe2/XErkJ6uqan2jUecv/wN0apblc4K1wT5v2cGeUI9NeQ1cf8/oKyA4lpv+9
> Njk8ssjqZAU5+vxp2l6Ij8g8ZjB0pb4zJzJLkSUwBHY3ac7HVW3bDgWfwjn6FDUI
> u3Y/gMXJF2w43Xv/bkSVWkCkw9SUlQnur9T3slZd7qIL1nR7d5rGfMuegFrRyQh6
> lBQ3DbFn+XwKCF7RyfXP7SoH/90kTPIzH+ipa8PFgbAUiYWZmB9hb0iYSoWIBEJZ
> x3YXs/YAbxRDOlHe1VC+HenpPcd+dsZec7Q2lp3Ev/NDAwBq14sE9ECdzukid36o
> YqTqe0scIqN/JNSM4407Pk66WNzuI7DB+W/QJWsaoGkQsAh3g6JZW/89SPX9Ad2U
> uBccDBlcWMAtcjO6J91p
> =O3HR
> -----END PGP SIGNATURE-----



More information about the tor-talk mailing list