(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Why offer an Onion Address rather than just encourage browsing-over-Tor?

2022-03-08 22:56:19+00:00

There are a bunch of reasons to launch an onion site, and a bunch of benefits, all of which have provided value to platforms such as Facebook, the BBC or NYT Onions.

The first benefits are authenticity and availability: if you are running Tor Browser and if you click/type in exactly the proper Onion address, you are guaranteed to be connected to what you expect — or not at all.

This is very simple for people to grasp, understand, and describe to their friends.

Using onion services mitigates attacks that can be executed by possibly-malicious “Tor Exit Nodes” — which, though rare, are not nonexistent — and also the fact that you are using a “.onion” address demands that the person is using a TorBrowser, thereby are also mitigating:

national web blocks

TLS-man-in-the-middle

SNI filters

DNS censorship and tracking (both upon the client side, and that potentially impacting exit nodes)

a lot of fundamental cookie-tracking and digital-fingerprinting issues

…and a bunch of other risks to which non-Tor-browsers are prone

To rephrase that latter: advertising an onion address is an implicit upsell for Tor usage.

Update: one thing I forgot in the original version of this post is to note that for high-traffic sites the use of onion networking reduces pressure upon Tor’s exit-node infrastructure as traffic instead flows only through the larger and richer set of middle-relays, without use of exit nodes and/or the cleartext internet.

This brings us to the second (third?) set of benefits:

Running an onion site is a commitment by [the platform] to dealing with people who use Tor in an equitable fashion; in the normal way of using Tor the users are intermingled with everyone else coming in from the unwashed Internet, and (let’s be honest) some bad people sometimes use Tor for scraping sites and other unpleasant behaviour.

This scenario leads to a “separating the wheat from the chaff” challenge.

But setting up an Onion address is a practical step which demonstrates that the platform is providing explicitly for the needs of people who use Tor, and now the problem is inverted: some amount of bad behaviour through the onion address can be watched-for and mitigated as “bad behaviour” permitting the maximum freedom to people who use Tor, and leaving internet-risk-management open for reputation-based filters.

This is a matter which I saw up-close-and-personal at Facebook, go read this for details: https://lists.torproject.org/pipermail/tor-talk/2018-September/044494.html

If I was to encapsulate the benefits in a sentence, it would be this: an onion address is a promise and a mechanism to assure that you are taking seriously the needs of the people who use Tor.

Rather than, for instance, dropping an endless series of IP-reputation-based CAPTCHAs onto them.

Further reading

See this Medium essay
[END]

[1] URL: https://alecmuffett.com/article/16007
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.