[tor-project] Crowdsourcing some guidelines for what it means to make a web site "Tor-friendly"

Allen Gunn gunner at aspirationtech.org
Wed Jan 3 02:51:04 UTC 2018


Hi Rick,

Thanks very much for these comments, my responses inline below.

On 01/02/2018 03:23 PM, Rick wrote:
> Allen Gunn wrote:
>> Hello friends,
>> 
>> I hope 2018 is off to a good start wherever this finds you.
>> 
>> So for those who aren't aware, my NGO, Aspiration, advises other
>> NGOs and activists on technology as part of our core mission.
>> 
>> And a common piece of advice we proffer is "make sure your web
>> site works well with Tor Browser", i.e., doesn't use Flash or
>> overly depend on Javascript.
>> 
>> The more I have given that advice, the more I have wondered if it
>> was documented anywhere what it actually takes to be a
>> "Tor-friendly" site.
>> 
>> Big thanks to GeKo, who first confirmed for me that no such 
>> documentation seems to exist. And then for helping me to bootstrap
>> this page:
>> 
>> https://pad.riseup.net/p/torfriendlysite
>> 
>> I'm writing to ask folks on this list to both add any thoughts you
>> have on the matter, and to correct or comment on anything that's
>> already there and doesn't seem quite right.
>> 
>> Any contributions, both to the pad or emailed to me directly, are
>> most appreciated.
>> 
>> This is especially true if you know of relevant documentation
>> anywhere else that I should be looking at.
>> 
>> Once folks have weighed in, I will figure out where to post this on
>> the Tor wiki and elsewhere in order to make it more broadly and
>> reliably available.
>> 
>> And if for any reason you think this is an ill-informed endeavor,
>> I welcome that feedback as well :^)
>> 
>> thanks & peace, gunner
> 
> [snip]
> 
> Gunner, I'm going to stick my neck out here and say that this
> proposal sounds to me wrong headed. Tor Browser differs from
> mainstream browsers in that it does not support features and
> functionality that pose potential risks to user privacy, security and
> anonymity. It is designed to protect it's user from websites and web
> agents that are not Internet user friendly.

Yes, I totally agree on those points.

> Flagging website as "Tor Browser Friendly" might make Tor people feel
> good, but it distinguishes Tor Browser as one with special needs, one
> requiring specially designed web sites. The impression then is of Tor
> Browser being somehow broken rather than the web itself being
> broken.

I take your point, but the goal is not to "flag" web sites per se, it is
primarily to inform those designing and deploying web sites in how to
make design decisions that align with the Tor Browser's goals.

Put differently, in spite of all the protections that Tor Browser
strives to provide, it is still possible to undermine those protections,
e.g. by using an inappropriate plugin that deanonymizes or by utilizing
bandwidth-intensive code or content that magnify the speed deficits of
the Tor network.

I don't believe this implies Tor Browser is broken, but rather that site
designers can work in concert with Tor to maximize user protections and
Tor user experience in ways that Tor Browser can't do alone.

> It seems to me that we must be very careful about the message a "Tor
> Browser Friendly" campaign might convey. The message we here  are
> familiar with is that Tor and Tor Browser are as they are because
> they must be so to protect their users from a web that is "broken"
> with regard to security, privacy and anonymity.

I'm not planning any campaign :^) I think that is an idea that got
surfaced earlier on this thread.

I'm mainly hoping to generate a concrete checklist that supports
activist organizations and associated web developers in making
anonymity-friendly, Tor-friendly web sites.

As I mentioned in my first post, this is something we advise on all the
time, so I know it's a missing resource.

> Perhaps your campaign ought to promote "Internet User Friendly"
> websites - websites that Tor Browser is perfectly capable of
> rendering.

Sorry for any misunderstanding, I appreciate your concerns.

Please let me know if my points make sense and if I have addressed those
concerns.

peace,
gunner

> 
> Rick _______________________________________________ tor-project
> mailing list tor-project at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
> 


-- 

Allen Gunn
Executive Director, Aspiration
+1.415.216.7252
www.aspirationtech.org

Aspiration: "Better Tools for a Better World"

Read our Manifesto: http://aspirationtech.org/publications/manifesto

Twitter:  www.twitter.com/aspirationtech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20180102/71a9b425/attachment.sig>


More information about the tor-project mailing list