Onion-Location like redirection #36

New Issue

idk · 2025-04-21T15:12:48-04:00

idk commented

2025-04-21 15:12:48 -04:00

See also:
Tor Project proposal - https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/100-onion-location-header.txt
Tor Project tutorial - https://community.torproject.org/onion-services/advanced/onion-location/
zzz.i2p thread - http://zzz.i2p/topics/2928?page=1#p15467
https-everywhere like implementation, not compatible, out-of-date - https://github.com/chris-barry/darkweb-everywhere

Problems I know about:

In extension-only, Brave-Like mode as expressed by this repository on it's own, the initial visit to a site would presumably be over plain HTTP/S, not anonymous. While many users might appreciate the casual offer of an anonymous option for future use, it does little to help those with threat models that preclude them making that initial, non-anonymous connection. When using I2P as the browser-wide proxy as well as the container-tab-wide proxy this is not an issue, so the solution, for those people, is probably to add this extension to the i2p.firefox browser profile. 1A. This extension co-exists with the user.js changes enforced by i2p.firefox without issue, but does not work on Tor Browser Bundle, see: https://github.com/eyedeekay/I2P-in-Private-Browsing-Mode-Firefox/wiki/Tested-Firefox-Forks and https://github.com/eyedeekay/I2P-in-Private-Browsing-Mode-Firefox/issues/79 for more information on what is required to make it work.
Automatically redirecting users without warning to an I2P Site may be ill-conceived. Users may be confused or frightened by the sudden redirection from the HTTPS service to the .i2p service. They might think it was some kind of attack or attempt at an attack. A better solution might be to create a visible option, possibly via a pageAction.

tagging @zzz about the i2ptunnel side of things.

See also: Tor Project proposal - https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/100-onion-location-header.txt Tor Project tutorial - https://community.torproject.org/onion-services/advanced/onion-location/ zzz.i2p thread - http://zzz.i2p/topics/2928?page=1#p15467 https-everywhere like implementation, not compatible, out-of-date - https://github.com/chris-barry/darkweb-everywhere Problems I know about: 1. In extension-only, Brave-Like mode as expressed by this repository on it's own, the initial visit to a site would presumably be over plain HTTP/S, not anonymous. While many users might appreciate the casual offer of an anonymous option for future use, it does little to help those with threat models that preclude them making that initial, non-anonymous connection. When using I2P as the browser-wide proxy as well as the container-tab-wide proxy this is not an issue, so the solution, for those people, is probably to add this extension to the i2p.firefox browser profile. 1A. This extension co-exists with the user.js changes enforced by i2p.firefox without issue, but *does not work on Tor Browser Bundle*, see: https://github.com/eyedeekay/I2P-in-Private-Browsing-Mode-Firefox/wiki/Tested-Firefox-Forks and https://github.com/eyedeekay/I2P-in-Private-Browsing-Mode-Firefox/issues/79 for more information on what is required to make it work. 2. Automatically redirecting users without warning to an I2P Site may be ill-conceived. Users may be confused or frightened by the sudden redirection from the HTTPS service to the .i2p service. They might think it was some kind of attack or attempt at an attack. A better solution might be to create a visible option, possibly via a pageAction. tagging @zzz about the i2ptunnel side of things.

idk self-assigned this 2025-04-21 15:12:48 -04:00

idk closed this issue

2025-04-21 15:12:48 -04:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: idk/I2P_in_Private_Browsing_Mode_for_Firefox#36