[tor-talk] darkweb-everywhere - was: Using HTTPS Everywhere to redirect to .onion

Michael Wolf mikewolf at riseup.net
Wed May 14 00:51:28 UTC 2014

On 5/13/2014 7:24 PM, Patrick Schleizer wrote:
> darkweb-everywhere
> "HTTPS Everywhere rulesets for hidden services and eepsites."
> https://github.com/chris-barry/darkweb-everywhere

I had an idea recently that might be an improvement (or might not?) on
the darkweb-everywhere concept.  What if we introduced an HTTP header
similar to HSTS -- `X-Onion-Address` perhaps -- which could be sent by
sites that wished to advertise their .onion address?  Just like HSTS,
the header would only be acted upon if received over HTTPS (we don't
want malicious parties injecting headers and redirecting people).
Future versions of TBB could perhaps automatically redirect users to the
.onion site when this header is present, or perhaps prompt users to
inform them of the hidden service.

-- Mike

More information about the tor-talk mailing list