On Mon, May 19, 2014 at 7:06 AM, grarpamp <grarp...@gmail.com> wrote:
> Users leaking dns / failing to redirect dns into tor is not a tor problem. > I think that's a rather arrogant point of view. If it was not a Tor problem, .onion would not be needed in the first place. Tor developers do seem to work hard on making it difficult for a user to accidentally leak information, so simply saying that users "failing to redirect dns into tor is not a tor problem" is a little counterproductive. If someone would register .onion I see two problems: 1) A malevolent registrar could redirect all .onion lookups to their own proxy, essentially routing all "hidden" traffic through their own machine. At the moment, clicking a .onion link means that it either routes through Tor, or it fails loudly: there's no risk clicking such a link. This behaviour would change to something that either routes through Tor and you're safe, or you think it routes through Tor but it's actually decoded by a third part. I think that's a usability issue, and not something that should simply be ignored. Maybe it's not something that can easily be solved, but that is why there must be a discussion about it. Maybe the only solution is to strongly warn users. 2) Useful websites could actually pop up under .onion, making a plugin that takes over that domain seem intrusive and less attractive. This is less of a problem I think. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk