chris-barry / darkweb-everywhere

HTTPS Everywhere rulesets for hidden services and eepsites.
http://onion.im
Other
167 stars 32 forks source link

Ruleset fixes #3

Closed jutozex closed 10 years ago

jutozex commented 10 years ago

1- yayponies.xml is invalid. you can only specify domains, not urls:

<target host="derpy.fr/yp.html" />

2- Please replace all

<target host="http://****************.onion/" />

with

<target host="****************.onion" />

It's the usual way.

3- Some rulesets must be fixed, due to missing "/" character at the end. For example, autistici and whonix rulesets are broken.

Try browsing: https://www.whonix.org/forum/ http://www.autistici.org/en/about.html

to="http://wi7qkxyrdpu5cmvr.onion"/>
to="http://wi7qkxyrdpu5cmvr.onion/"/>

4- Please add thepiratebay.org domain redirection, even though it is redirected to .onion through the .se domain first. Also there is another official hidden service of thepiratebay: http://jntlesnev5o7zysa.onion/ Don't know if one of them is better or not, just to remind.

jutozex commented 10 years ago

ddg.gg and dgg.gg could be added to duckduckgo redirection

colinmahns commented 10 years ago

Hey @jutozex! Thanks for your input, @chris-barry and I appreciate any help we can get.

For 1, 2, and 3 those errors are definitely my fault, since I seem to have a habit of doing stupid, careless mistakes. I was also the one who threw most of those rules you pointed out into the project... Anyway, thank you for bringing this to our attention.

For 4, Chris mentioned to me that he wanted to look into having all of their domains redirect to their hidden service, but neither of us have had a lot of time to get around to doing that just yet. This process would go faster if you would submit a pull request for us ;-)

I will edit the rule to change to that service, since they seemed to changed over to that link on The Proxy Bay's site.

For 5, ddg.gg and dgg.gg do work to redirect (just tested both on my machine, stock tor browser bundle), however I believe that might be the HTTPS Everywhere rule redirecting it to https://duckduckgo.com/ and then our rules take over. It works, but it could be better.

Thanks again for all the suggestions. Please feel free to contribute any more rulesets that we haven't covered already!

colinmahns commented 10 years ago

Just ran a test rule set using the point you brought up in your second point. I wasn't able to make the rules redirect to the hidden service, nor was I able to connect to the clearnet site, essentially doing a denial of service for that particular domain for someone using our rules. It's looking like these rules are reliant on http:// in order to redirect the browser to that location.

I've patched the specific issues you brought up in your first and third points, and will be pushing them shortly. I didn't look further than those examples though, since I need to get some rest.