Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-16 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  closed
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere | Resolution:
 Severity:  Normal   |  duplicate
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by traumschule):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Reviewing #26581 i think this is a duplicate. Also the "having an add-on"
 part is solved. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-06 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by legind):

 (The above `.tor` pseudo-TLD is an example from gk's
 https://blog.torproject.org/cooking-onions-names-your-onions.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-06 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by legind):

 You also didn't give consent to access `eff.org` for HTTPS Everywhere
 extension updates, or `addons.mozilla.org` for NoScript extension updates,
 but that's what Tor Browser has been doing for the better part of a
 decade.  It's one of the ways that we are able to ship quick fixes if
 vulnerabilities are found, or updates to the coverage for HTTPS sites.  In
 fact, rolling HTTPS Everywhere ruleset updates improves the anonymity
 guarantees of the Tor Browser by ensuring that you can't be fingerprinted
 by clever techniques that differentiate your version of the HTTPS
 Everywhere rulesets from everyone elses.

 "Self-hosted add-on" in your case means that it updates instead from the
 server of some random person with no established credibility, which is
 laughable.  I don't think that's any better than `addons.mozilla.org`.  At
 best, it's a misleading statement.

 HTTPS Everywhere is developed by the EFF in collaboration with the Tor
 Project.  You're already trusting the Tor Project for updates to the Tor
 Browser.  Fetching these rulesets from https://www.https-rulesets.org/
 allows users to ensure comprehensive HTTPS coverage, and isn't comparable
 to an extension that forces onion service connections despite user
 preference.

 Custom ruleset channels in HTTPS Everywhere also allow users to limit a
 ruleset update channel by scope.  So if a user subscribes to an auto-
 redirection channel, they can enter the regex `http://[^/]+\.tor/` to
 ensure that it only acts on the `.tor` pseudo-TLD.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-06 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks3):

 I'm sure I didn't give a consent to access https://www.https-rulesets.org/
 in background.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-06 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks3):

 By the way your `HTTPS Everywhere` add-on shipped with "`Auto-update
 ruleses`" enabled
 by default and you clearly didn't notify the user about automatic
 connection.

 What do you think about this?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-06 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks3):

 Replying to [comment:4 legind]:
 > Uh, I'm pretty sure it does though.  It's called `addons.mozilla.org`.

 "Self-hosted add-on" does not connect to `addons.mozilla.org`.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-06 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by legind):

 Uh, I'm pretty sure it does though.  It's called addons.mozilla.com.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-06 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks3):

 https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor
 Having healthy.onion since last year, it's good.
 Unlike HTTPSEverywhere this add-on does not connect to remote server to
 update the list.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-06 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by traumschule):

 came across https://searxes.danwin1210.me lately, it links healthy.onion.
 needs some testing though.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27513 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Add-on for redirecting users to onion site

2018-09-06 Thread Tor Bug Tracker & Wiki 
#27513: Add-on for redirecting users to onion site
-+-
 Reporter:  cyberpunks   |  Owner:  legind
 Type:  enhancement  | Status:  new
 Priority:  Low  |  Milestone:
Component:  HTTPS Everywhere/EFF-HTTPS   |Version:
  Everywhere |
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by legind):

 It is not always clear that a user would rather access the onion service
 for a given site rather than the clearnet site.  Onion services have in
 the past suffered from problems that the clearnet sites lacked.  In
 Facebook's case, certain videos would fail to load due to improper onion
 CDN configurations and the like.  Also, accessing onion sites on TB can be
 slower than the clearnet alternatives.

 I think giving users the option to redirect to onion sites is the right
 path: perhaps an option within HTTPS Everywhere or TB that, when
 explicitly allowed, forwards a site to the onion URL.  This can be
 advertised by the HTTPS version of a site via the HTTP Alternative Service
 header, for instance. (https://tools.ietf.org/html/draft-ietf-httpbis-alt-
 svc-14)

 There is the additional problem of discovery and maintenance of such
 rulesets within HTTPS Everywhere.  What if an onion service needs to do a
 key rotation?  How is that communicated to the ruleset maintainers?  This
 can be tricky business.

 Note that with the addition of update channels in HTTPS Everywhere
 (https://github.com/EFForg/https-everywhere/blob/master/docs/en_US
 /ruleset-update-channels.md) it is now possible for some entity (say, the
 Tor Project) to publish rulesets for HTTPS Everywhere that allows users to
 opt in to being automatically forwarded to the onion-service equivalent of
 a site.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs