[tor-bugs] #19367 [Applications/Tor Browser]: Duckduckgo hidden service HTTPS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 10 08:34:00 UTC 2016
#19367: Duckduckgo hidden service HTTPS
-------------------------------------+-------------------------------------
Reporter: mahomi12 | Owner: tbb-team
Type: enhancement | Status: new
Priority: Low | Milestone: Tor: unspecified
Component: Applications/Tor | Version: Tor: unspecified
Browser | Keywords: HTTPS, Hidden Service,
Severity: Minor | DuckDuckGo
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
I'd like to propose that the Tor browsers uses the HTTPS version of the
DuckDuckGo hidden service if DDG is the selected search engine. Whether
the use of HTTPS adds anything to the security of a Tor hidden service is
up for debate. [https://blog.torproject.org/blog/facebook-hidden-services-
and-https-certs This post] may give some perspective on it's advantages.
In the case of DuckDuckGo, the hidden service is most certainly located on
a different machine than the webservice so the use of HTTPS may be
especially useful here.
The problem here is that the certificate is only valid for
*.duckduckgo.com so we need to add an exception for that. But ''"That
approach would raise the political question though of which sites we
should endorse in this way."'' Personally I think that's OK, since it's
not just a random website but a search engine that was already built into
the browser anyway.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19367>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list