Opened 12 months ago

Last modified 4 weeks ago

#28005 new defect

Officially support onions in HTTPS-Everywhere

Reported by: asn Owned by: legind
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords: tor-hs https-everywhere tor-ux network-team-roadmap-november
Cc: ilf, bee, fdsfgs@…, gaba Actual Points:
Parent ID: #30029 Points: 20
Reviewer: Sponsor: Sponsor27-must

Description (last modified by asn)

The plan:

A major UX issue for onion services is their huge addresses. We want to fix this issue because an address with 56 random characters confuses people, it makes it harder to pass the address around, and it also makes it much harder to verify it.

There is a field of literature called "secure name systems" but none of the candidates are good enough for us right now. Hence, we present a hotfix that might offer a situational relief for users for the medium-term future, until we come up with something better, or while we experiment with more solutions. I suggest we keep this ticket focused to this idea, instead of debating why this and not that since we've already been doing this for far too long.

The plan is to use the HTTPS-Everywhere extension that we already have in Tor Browser, and encourage people to write their own rulesets for onions. We are talking about community-maintained rulesets and nothing that is officially maintained by The Tor Project or by HTTPS-Everywhere. This ticket is about making it easier for people to create, import and use this rulesets. We are talking about UI/UX improvements, writing blog posts and doing Q&A.

Here are some example of community rulesets we can imagine:

  • The SecureDrop ruleset: where securedrop makes a ruleset with their whole directory. People can download that to quickly visit securedrop destinations, by going to securedrop-nyt.tor.onion .
  • The Torproject ruleset: where torproject makes a ruleset with all their onions. We developers can use that to quickly visit Tor sites over onion, by going to tor-trac.tor.onion instead of remembering the onion.
  • The Bitcoin ruleset: where a "trusted" bitcoin entity publishes a ruleset with various cryptocurrency-related rules that allow people to quickly visit them.

This approach has both positives and negatives (I assure you this is the case with every "secure naming" project out there):

  • Positives: Good security if the ruleset is taken from a trusted source. No state keeping. Reachable engineering effort. No global names, hence no fear of name squatting. Easy to understand tradeoffs.
  • Negatives: Terrible security if the ruleset is evil. No global names: If you want people to use your shorten onion name, you need to persuade them to use your ruleset.

Here are some HTTPS-Everywhere issues we need to solve based on my Mexico notes:

  • Be able to stop update channels per-channel.
  • Need good UI to easily look and understand rules.
  • Need to implement file extension to install ruleset with one-click from web button.

Here are some issues we need to think about:

  • We need good user text to make sure that people don't shoot themselves in the foot too often by installing bad rulesets and whatnot (they already do it daily when they open onions from "search enginers" or reddit).
  • Which tld to use? If we use .tor we open ourselves to DNS leaks in normal browsers. If we use .tor.onion that might be confusing to people.
  • Are there any issues with SSL?

More resources:

Child Tickets

Attachments (1)

httpse-v3onions.png (66.6 KB) - added by antonela 12 months ago.

Download all attachments as: .zip

Change History (10)

Changed 12 months ago by antonela

Attachment: httpse-v3onions.png added

comment:1 Changed 7 months ago by asn

Sponsor: Sponsor27-must

comment:2 Changed 6 months ago by gk

Cc: ilf bee added

Closing #1670 and #19812 as duplicate of this ticket. I think the onion rulesets idea fits nicely with their requests.

comment:3 Changed 6 months ago by gk

Cc: fdsfgs@… added

comment:4 Changed 6 months ago by asn

Points: 20

comment:5 Changed 6 months ago by pili

Parent ID: #30029

comment:6 Changed 6 months ago by asn

Description: modified (diff)

comment:7 Changed 6 months ago by gaba

Cc: gaba added

comment:8 Changed 3 months ago by gaba

Keywords: network-team-roadmap-november added

comment:9 Changed 4 weeks ago by asn

Here are some notes from the plans we made in Stockholm in the meeting between
me, antonela, sysrqb, redshiftzero, geko and dgoulet:

Scope of work:

  • First iteration will include onion rules for securedrop websites (e.g. nytimes.securedrop.tor.onion -> nyttips4bmquxfzw.onion)
  • Need to add a toolbar button in the ffox UI to show that a redirect happened
  • Rewrite URL in URL bar (only show the human-readable url)
  • Add support for viewing rulesets (?)
  • See how update channels work and whether we should disable them or not.

Out of scope:

  • First iteration will not allow people to easily add their own rules

TLD scheme:

  • Three options for tld scheme:

a) nytimes.securedrop.onion (ambiguous and probably unsafe)
b) nytimes.securedrop.tor.onion (safe but bad UX)
c) nytimes.securedrop.tor (good UX but DNS leaks in other browsers)

We decided to ditch (a) from our options and do either (b) or (c). (b) is the
safest and we should probably roll with that (?).

FPF plan:

  • FPF will change their securedrop directory to include ".tor.onion" links for their various instances.


  • 3 months of work are enough
Note: See TracTickets for help on using tickets.