-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Tom Ritter: > It's possible that next time around, Tor could apply for .onion, > and use it as a tor2web portal - but even if a lot of engineering > effort was put in[0] - a user visiting aabbccddee.onion in a normal > web browser would leak its DNS request, and an observer would know > exactly who they were trying to browse to. That's not an issue > with tor2web mode, because it's only the HS, not the user, trying > to be anonymous. But trying to keep the user anonymous when > visiting a .onion would be extremely difficult, if not impossible. > > But then again, on the flip side, if a user visits > aabbccddee.onion without using either a Tor DNs Proxy or TBB, that > .onion DNS request is still leaked. So maybe the threat model > becomes "We know we can't protect users trying to visit a .onion > without/with-misconfigured Tor, so perhaps we want to at least > enable the functionality, and hide what the user is doing on the > HS'.
You could prevent leaking the DNS request by hardcoding the IPs into mainstream browsers or even more desirable, a bit more low level, into the operating system's (windows, linux, any) DNS resolver or kernel. Would need discussion if such as patch could be officially accepted by DNS resolver / kernel. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJQFdKHAAoJEJwTGtNxOq7v/QEP/Rsm+jJdOiNXx4HzQE7Xf99f F5gH3wTo5FDBmSYHYfRRx/yxL3asEDFOFnUafvB/3W+8rPdWBS2a+8WYuri7iHy+ nug8ME3n7pCvt2pkhPnZMYMoHD8hQgC3a3eDfgLOxB5sVdi4sn/gi3LJ8lrIc5hv gFICXZ85dCogGX7p/5bBLKwy4KoJjdkjBouGpb51Mp9NUc03KNCwtC2kwG+DF7tp MfFgYP5copnS9M/zifNoRZ9wVGPhHIaDFTEAnQ0+hWt2Hdbj5SyVLcgEsNbQR/Gp P++Zh5ubEwRlLr/iRjirMxzxNiyFenzGGIzgenAg+Xsdh4GbBkMEsWlwhXQh01Pd Zm8TGZ0iYYeKfBzhFaCFzC1wzq+DyCdPz1JElc9fOo1ydXCmPWd7r/bhT+r5Ll9Q 8C/9Jew6fE/42+0f7U75pCUXz3iDlH2CR2P8jCDpG3feoC+RkqZfHh0SghnAE4w4 FMohQIm6qUonTYO5+Ypg0qGtnNBZBTKYPlIogGK1FwL0Hy+q3KPUsMhbb/LyJUFJ T3TMvD+xpH2/QPrxV8k9syairGeMMF+iHpKyBt1PPujztklGGBrO1TQfPdx17KZn 7HAS+7C/Ik22lDQqCjfDRfW+TmHMk/dMOJHLexyY1j7ZnYIo1EgAl75uEmCFCvSF RSBFLD92EZrunMcppYjD =sIeS -----END PGP SIGNATURE----- _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
