maltfield
commented
1 year ago Update: I see that you currently have some of your websites behind Onion Services
digitalgoods.proxysto.re digitazyyxyihwwzudp5syxxyn3qhcd63wqcha2dxpfqiyydmrgdiaad.onion
druck.proxysto.re print5cxveagitd3cbl3pakcjupk5jwgtpwa35uowhtzlmcqbibmsnyd.onion
order.proxysto.re proxyoxiemywllckvpix543gqcmvvltrnb7inbwtk2knkehqt72tyfyd.onion
pay.proxysto.re ak4jf6rqm3inp3o6ide4zfjgxukpmzzlawpltt5s4iy6tys6qjp6atqd.onionSource: https://dys2p.com/en/contact.html
I'm not sure if the "contact" page is the best place to provide your Onion Service domains; I certainly didn't find it. Anyway, once this is implemented the Onion-Location header should handle upgrades to the Onion Service for Tor Browser users. And I see you're already using this on the domains supported above.
This issue is a feature request to add an Onion Service for .proxysto.re, .dys2p.com, and other relevant websites.
Why?
It's particularly important to provide an Onion Service to customers that are making financial transactions on order.proxysto.re because it provides better security than clearnet transactions
There are numerous security benefits for why millions of people use tor every day. Besides the obvious privacy benefits (which are not at all relevant in the scope of a customer authenticating with their bank ) -- Tor has a fundamentally different approach to encryption (read: it's more secure).
Instead of using the untrustworthy X.509 PKI model, all connections to a v3 .onion address is made to a single pinned certificate that is directly correlated to the domain itself (the domain is just a hash of the public key + some metadata).
Moreover, some of the most secure operating systems send all the user's Internet traffic through the Tor network -- for the ultimate data security & privacy of its users.
All of this means that users who connect to a website (eg online banking) have much greater confidentiality and integrity because the authentication of Onion Services is magnitudes stronger than https with X.509.
Solution
Making a website at a
.onionaddress is fairly simple. You need to run thetordaemon, set it to run an Onion Service intorrc, and point it to the port of your web server.If you'd like to use the same
.oniondomain and multiple subdomains, you can point it to a frontend proxy (eg nginx) that selects the correct backend based on theHostheader -- same as a clearnet website.If you have any issues setting this up, please let me know; I'd be happy to help.