Automatically redirect .onion sites triggers from all window types.

[heyJonBray]

Description

Not sure if this is by design or not, but onion routing, when enabled, is turned on even if browsing in a regular window or a private window, not just a Tor window. If this is intentional, the wording is not straightforward: "Brave will open onion service of the website when available or .onion domain in Tor window." It is also not a great workflow having a new Tor window pop up when I visit a site that has an onion, and I'm not sure if it's the best privacy (anti-fingerprinting) practice either.

Steps to Reproduce

1. Go to Settings > Extensions
2. Enable "Automatically redirect .onion sites
3. Go to any site that has an onion, example: https://www.nytimes.com/

Actual result:

Even if I'm in a normal browsing window (not private or Tor), if this option is enabled, a Tor window will pop up and bring me instead to the onion site. This is not ideal for a normal workflow and is actually quite disruptive as many resource sites also have a hidden service as well. I can either turn the feature on and deal with new pop-ups whenever I run into a site with a .onion, or only turn it on if I'm going to use Tor.

Expected result:

I would expect this feature to only route to onion sites when the URL is accessed from within a Tor window. If I'm using a regular, or even a private window, my expectation is that I will be routed to the normal TLD for that site. The only time I would expect to be automatically routed to that content through Tor is if I opened it through Tor.

I'm not an expert on Tor, but it's my understanding that anyone looking at your traffic (IP, etc.) only sees that you are using Tor when routed through Tor. By opening a .onion version of a site when you put it's TLD into a normal window, wouldn't this serve to reduce the privacy of the user? As anyone looking for fingerprints would see: Site1, Site2, NY Times ... This user is using Tor ... Site3.

This option to automatically redirect to a .onion site is a standard in pretty much every Tor client I've seen, but with Brave being the first hybrid browser that utilizes normal, private, and private + Tor browsing it seems odd that that's the default behavior. It would be my expectation that all window types and their respective options be segregated from one other.

Reproduces how often:

Every URL with a hidden service, opened from any type of window so long as the above stated option is enabled.

Brave version (brave://version info)

Brave	1.23.64 Chromium: 89.0.4389.114 (Official Build) beta (64-bit)
Revision	1ea76e193b4fadb723bfea2a19a66c93a1bc0ca6-refs/branch-heads/4389@{#1616}
OS	Windows 10 OS Version 2009 (Build 19042.906)

Version/Channel Information:

The issue is present in nightly, beta, and standard channels.

Other Additional Information:

No other information, settings, or extensions are required to reproduce this.

[rebron]

cc: @darkdh @diracdeltas @karenkliu

It's working as designed but I see @heyJonBray point. It is a bit jarring having an open new window experience while browsing in normal window. Showing an Open in Tor icon may be enough instead of doing it automatically.

The request here is to modify that option Automatically redirect .onion sites so that redirects to an .onion url happen automatically only in Tor window and not in normal window.

[diracdeltas]

The request here is to modify that option Automatically redirect .onion sites so that redirects to an .onion url happen automatically only in Tor window and not in normal window.

this option (IIRC off by default) clearly says "Brave will open onion service of the website when available or .onion domain in Tor window" and i think some users want this behavior. so maybe we should just add another option for "Only automatically redirect .onion sites when browsing in a Tor window"?

[karenkliu]

@heyJonBray Toggle OFF Automatically redirect .onion sites for now, since the toggle is not designed to do the behavior you're expecting. You're right that the text could be misleading and we should take another look at it.

@rebron To clarify, @diracdeltas is correct; the default state of this toggle is OFF. That means that the majority of users will navigate to nytimes and see an "Open in Tor" button instead of automatically opening a Tor window:

And if they are already in a Tor window, the .onion site won't open either. It will show an "Onion available" button:

Once the toggle is ON, the .onion site will open in a Tor window no matter what mode you're browsing in.

We can address the OP's issue with options that supports all 3 desired behaviors:

• Don't open .onion sites automatically in Tor while browsing any mode
• Open .onion sites automatically in Tor while browsing in any mode
• Only open .onion sites automatically in Tor while browsing in Tor

It could look like this in settings:

"Never" should still be the default setting so the majority of users won't get a Tor Window popping up unexpectedly. Also, we could tweak the text since it was misconstrued that redirecting to .onion sites would only happen when using a Tor window.

[wknapik]

Can we remove the "All window types" option? See: discussion in slack. My concern is mainly regarding Brave Search and the behavior when this option is selected.

[wknapik]

ping

[wknapik]

pong

[aguscruiz]

I think @rebron's idea was good:

Something like this:

Automatically redirect .onion sites when in Tor windows (toggle) Brave will open onion service of the website when available or .onion domain while connected in Tor windows.

Since you still need to have the Tor window connected and running beforehand, if we add "all window types", you can't actually open the link until it's connected, it's kinda confunsing.

[diracdeltas]

I'm going to close this in favor of https://github.com/brave/brave-browser/issues/34163 since that will address this issue as well.