search

SimonBrazell / privacy-redirect

A simple web extension that redirects Twitter, YouTube, Instagram & Google Maps requests to privacy friendly alternatives.
GNU General Public License v3.0
1.98k stars 114 forks source link

Option to auto redirect to .onion #145

Open ghost opened 3 years ago

ghost commented 3 years ago

Presently in browsers like Tor for "Prioritize .onion sites when known" which will redirect the user to a site should the site have an onion domain in the header.

The problem of course is that this requires a request to the "normal" domain first, every time.

This might be feature creep but I think it would be useful for privacy redirect to autoredirect the site without sending a request. I can think of two ways. The first is to save a list of sites the user goes to, so the user must only request the normal domain the first time, privacy redirect will read the header, and add the onion to a database for the user, fixing it every time after that. The other way is for privacy redirect to have it's own database so the user never even needs to access the normal domain first, but this may require quite a bit of submissions and maintenance. There could also be a mix, providing a small default database and add as the user browses.

It might also be useful to have an option to prioritize onion domains for the other options (nitter/invidious/etc) although I recognize this is sort of already available by allowing the user to edit the random pool.

SimonBrazell commented 3 years ago

Hi @seth1 I'm not sure I follow here, so if you set your instances to .onion ones you are still getting requests to the original service?

ghost commented 3 years ago

Hi, sorry I wasn't clear. This is a completely new feature, which might qualify as feature creep. I just think it would be useful.

In Tor Browser if you go to Options > Privacy and Security > Onion Services, Prioritize .onion sites when known, it will automatically redirect you to the onion version of a site if the site sends an "Onion Location" in the response headers.

You can see such a response header at https://www.nytimes.com/, even when not using Tor Browser.

I believe Brave Browser also has this feature. The problem with such an implementation is that the Browser does not store these in a database. Thus if you have forgotten what the onion location is (or clicked on a link without first copying it and modifying it) you must still go to the clearlink first before the Browser then reads the response header again, and redirects you.

I propose Privacy Redirect act as that sort of database so that the following happens:

  1. User goes to nytimes.com
  2. Privacy Redirect reads the onion location response header and stores https://www.nytimes3xbfgragh.onion/ in a database.
  3. User goes to nytimes.com
  4. Privacy Redirect stops that request and instead points to https://www.nytimes3xbfgragh.onion/, just as it would a user going to twitter.com would go to nitter.net.

Alternatively

  1. User manually adds https://3g2upl4pq6kufc4m.onion/ to point to duckduckgo.com (since duckduckgo doesn't send an onion location response header) into the database.
  2. User tries to go to duckduckgo.com, privacy redirect stops that request and points them to 3g2upl4pq6kufc4m.onion.

Such a database could also be useful if someone just wanted to say point site1.com to site2.com because it's currently unimplemented, but that would probably be more useful as a different database if the user isn't actually using a browser capable of going to an onion.

Thanks for your work and hopefully I better explained it this time.