Dropsafe

by Alec Muffett

Why offer an Onion Address rather than just encourage browsing-over-Tor?

There are a bunch of reasons to launch an onion site, and a bunch of benefits, all of which have provided value to platforms such as Facebook, the BBC or NYT Onions.

The first benefits are authenticity and availability: if you are running Tor Browser and if you click/type in exactly the proper Onion address, you are guaranteed to be connected to what you expect — or not at all.

This is very simple for people to grasp, understand, and describe to their friends.

Using onion services mitigates attacks that can be executed by possibly-malicious “Tor Exit Nodes” — which, though rare, are not nonexistent — and also the fact that you are using a “.onion” address demands that the person is using a TorBrowser, thereby are also mitigating:

  • national web blocks
  • TLS-man-in-the-middle
  • SNI filters
  • DNS censorship and tracking (both upon the client side, and that potentially impacting exit nodes)
  • a lot of fundamental cookie-tracking and digital-fingerprinting issues
  • …and a bunch of other risks to which non-Tor-browsers are prone

To rephrase that latter: advertising an onion address is an implicit upsell for Tor usage.

Update: one thing I forgot in the original version of this post is to note that for high-traffic sites the use of onion networking reduces pressure upon Tor’s exit-node infrastructure as traffic instead flows only through the larger and richer set of middle-relays, without use of exit nodes and/or the cleartext internet.

This brings us to the second (third?) set of benefits:

Running an onion site is a commitment by [the platform] to dealing with people who use Tor in an equitable fashion; in the normal way of using Tor the users are intermingled with everyone else coming in from the unwashed Internet, and (let’s be honest) some bad people sometimes use Tor for scraping sites and other unpleasant behaviour.

This scenario leads to a “separating the wheat from the chaff” challenge.

But setting up an Onion address is a practical step which demonstrates that the platform is providing explicitly for the needs of people who use Tor, and now the problem is inverted: some amount of bad behaviour through the onion address can be watched-for and mitigated as “bad behaviour” permitting the maximum freedom to people who use Tor, and leaving internet-risk-management open for reputation-based filters.

This is a matter which I saw up-close-and-personal at Facebook, go read this for details: https://lists.torproject.org/pipermail/tor-talk/2018-September/044494.html

If I was to encapsulate the benefits in a sentence, it would be this: an onion address is a promise and a mechanism to assure that you are taking seriously the needs of the people who use Tor.

Rather than, for instance, dropping an endless series of IP-reputation-based CAPTCHAs onto them.

Further reading

See this Medium essay

View at Medium.com

Comments

9 responses to “Why offer an Onion Address rather than just encourage browsing-over-Tor?”

  1. Twitter launches its Tor Project onion address – gHacks Tech News

    […] website takes it to the next level. Alex Muffett, who helped Twitter create the onion website, published details on the benefits of providing an onion site over allowing connections to a site via Tor on […]

    Reply
  2. Twitter already works on the Dark Web – Gearrice

    […] According to Muffett“onion” websites enhance authenticity and site availability. Clicking or typing the .onion address ensures that the correct site is accessed via Twitter.” “This feature mitigates attacks that can be executed by possibly malicious “Tor Exit Nodes”, which, although rare, are not non-existent, and also the fact that you are using an .onion address requires that you are using Tor and a TorBrowser, and therefore they are mitigating certain dangers in the network such as: […]

    Reply
  3. Twitter plays the underground card to escape censorship in Russia – California18

    […] There are no output relays that can block, log or alter traffic », she writes. It’s safer to circumvent various problemsincluding DNS blocking […]

    Reply
  4. TwitterUser

    It’s nice to have the option to use the Tor address, but…

    “JavaScript is not available.”

    … it’s annoying that twitter doesn’t offer a basic version of their website that doesn’t require javascript.

    Reply
  5. Warum eine Onion-Adresse betreiben anstatt Menschen animieren, Tor zu nutzen | Qbi’s Weblog

    […] Text ist eine Übersetzung des Blogpostings Why offer an Onion Address rather than just encourage browsing-over-Tor? von Alec Muffett. Alex pflegt auch eine Liste nützlicher […]

    Reply
  6. Twitter Unveils A Tor Version, Suppresses Censorship Amid Crisis

    […] Twitter is joining a group of many authoritative sites that already use Tor onion services. Among them is BBC, The New York Times, SecureDrop, etc. Authenticity and availability are some of the reasons brands should have an onion service. “The first benefits are authenticity and availability: if you are running Tor Browser and if you click/type in exactly the proper onion address, you are guaranteed to be connected to what you expect — or not at all,” Muffet says.  […]

    Reply
  7. Hyperion

    I didn’t want to bother you about this. But I do think you should be informed of the empirical results of applying this theory to Twitter:

    Running an onion site is a commitment by [the platform] to dealing with people who use Tor in an equitable fashion; […]

    If I was to encapsulate the benefits in a sentence, it would be this: an onion address is a promise and a mechanism to assure that you are taking seriously the needs of the people who use Tor.

    The result has been a nightmare for me. I myself thought of it as the promise said above; and I am left bitterly cursing myself for trusting it. I know how to hide my Tor usage; I have hidden it from many sites before. Why didn’t I here? Simple: I wanted to embrace that onion, to show support for it.

    https://forum.torproject.net/t/tor-twitter-and-the-twitter-onion-beware/3367

    More details are microblogged in this thread, which you can’t see as long as I remain shadowbanned for what, at this point, can be no other possible reason than that I signed up through the onion:

    https://twitter.com/doom_and_moon/status/1527316859795648512

    Proper onion link to the same thread:
    https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion/doom_and_moon/status/1527316859795648512

    If you could read my tweets, then you could look and see that I am not doing anything wrong—that to the contrary, I am a model onion-user. Too bad that Twitter won’t let you see my tweets. A few are public, in a unthreaded and disorganized jumble—if you have a link to the tweet; some seemed to be totally suppressed. I can see all of them, neatly threaded in proper order, when I am logged into my account. It is a definitional shadowban.

    After I filed my nth support ticket with a link to my post in the Tor forum, Twitter support did email me. I sent them a long reply. Nothing since.

    Reply
  8. Hyperion

    Dear blog moderator: My comment was neatly formatted with HTML. (Most WP blogs allow it, even if they don’t say so.) It seems to have gotten mangled. I wish that hadn’t come out looking like a lunatic jumble. If you don’t want to bother with fixing it, please delete it and email me; I will then post a text-only version, in hopes that it will not be mangled.

    Reply
  9. Twitter just let its privacy- and security-protecting Tor service expire – The Verge

    […] Twitter no longer has a communications department to ask about the change, but the Tor Project confirmed the service’s lapse to The Verge. “The onion site is no longer available seemingly with no plans to renew. The Tor Project has reached out to Twitter to look into bringing the onion version of the social media platform back online,” said communications director Pavel Zoneff in a statement. “People who rely on onion services for an extra layer of protection and guarantee that they are accessing the content they are looking for now have one fewer way of doing so safely.” You can still visit Twitter.com via a browser running Tor, but you won’t get the added benefits a Tor-specific onion site confers. […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts