Opened 6 months ago

Last modified 5 months ago

#29705 new defect

Enable Brotli compression for .onion domains

Reported by: expyuzz4wqqyqhjn Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: cypherpunks Actual Points:
Parent ID: #21728 Points:
Reviewer: Sponsor: Sponsor27

Description

Tor Browser treats .onion as secure domains. Brotli compression is only enabled in Firefox on secure domains, but not for .onion domains.

Internally, Firefox controls these from the following settings:
network.http.accept-encoding
network.http.accept-encoding.secure

.onion is treated as the first instance (insecure) and only enable gzip and deflate. It should be handled as the second category and thus also enable Brotli compression.

Brotli compression will be beneficial to .onion service performance and reducing the data usage of Tor Browser.

PS: The requirement for Brotli to only be used on secure connections was a political decision by Google who wanted to use their new efficient compression method as a carrot to encourage HTTPS adoption.

Child Tickets

Change History (5)

comment:1 Changed 6 months ago by gk

Good idea. I wonder why this is not covered by my patches for https://bugzilla.mozilla.org/show_bug.cgi?id=1382359, though... But, yes, we should expand the "treat .onion as secure context pattern here".

comment:2 Changed 5 months ago by gk

Sponsor: Sponsor27

comment:3 in reply to:  1 Changed 5 months ago by cypherpunks

Replying to gk:

Good idea. I wonder why this is not covered by my patches for https://bugzilla.mozilla.org/show_bug.cgi?id=1382359, though...

Because your patches don't make them HTTPS? ;)

comment:4 Changed 5 months ago by gk

Parent ID: #21728

comment:5 Changed 5 months ago by cypherpunks

Cc: cypherpunks added
Note: See TracTickets for help on using tickets.