Disable access for tor2web users?

glamrock / Stormy

Easy creation of Tor Hidden Services

GNU General Public License v2.0

38 stars 10 forks source link

Disable access for tor2web users? #4

Open glamrock opened 9 years ago

glamrock commented 9 years ago

@fpietrosanti writes

I would suggest to add a Tor2web policy that, looking at X-Tor2web: HTTP header, enable or disable access to the Blog trough he internet

glamrock commented 9 years ago

My default stance on this is to not disable access by tor2web users. I don't see it as a threat vector or an enhancement for onionsite admins, but am open to other opinions.

fpietrosanti commented 9 years ago

@glamrock You may yet detect the Tor2web access and suggest to access the site by directly on .onion, even if accessing it trough tor2web should be faster, so it really depends on the content. For any "authenticated" resources, would be better to be accessible only over .onion because a Tor2web node could intercept the login/password. For any "public" resources, would be fine to access it over tor2web.