[tor-talk] ICANN and .onion

Anders Andersson pipatron at gmail.com
Mon May 19 09:24:06 UTC 2014


On Mon, May 19, 2014 at 7:06 AM, grarpamp <grarpamp at gmail.com> wrote:

> Users leaking dns / failing to redirect dns into tor is not a tor problem.
>

I think that's a rather arrogant point of view. If it was not a Tor
problem, .onion would not be needed in the first place. Tor developers do
seem to work hard on making it difficult for a user to accidentally leak
information, so simply saying that users "failing to redirect dns into tor
is not a tor problem" is a little counterproductive.

If someone would register .onion I see two problems:

1) A malevolent registrar could redirect all .onion lookups to their own
proxy, essentially routing all "hidden" traffic through their own machine.
At the moment, clicking a .onion link means that it either routes through
Tor, or it fails loudly: there's no risk clicking such a link. This
behaviour would change to something that either routes through Tor and
you're safe, or you think it routes through Tor but it's actually decoded
by a third part. I think that's a usability issue, and not something that
should simply be ignored. Maybe it's not something that can easily be
solved, but that is why there must be a discussion about it. Maybe the only
solution is to strongly warn users.

2) Useful websites could actually pop up under .onion, making a plugin that
takes over that domain seem intrusive and less attractive. This is less of
a problem I think.


More information about the tor-talk mailing list