Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Automatically redirect .onion sites triggers from all window types.
See original GitHub issueDescription
Not sure if this is by design or not, but onion routing, when enabled, is turned on even if browsing in a regular window or a private window, not just a Tor window. If this is intentional, the wording is not straightforward: “Brave will open onion service of the website when available or .onion domain in Tor window.” It is also not a great workflow having a new Tor window pop up when I visit a site that has an onion, and I’m not sure if it’s the best privacy (anti-fingerprinting) practice either.
Steps to Reproduce
- Go to
Settings>Extensions - Enable "Automatically redirect .onion sites
- Go to any site that has an onion, example: https://www.nytimes.com/
Actual result:
Even if I’m in a normal browsing window (not private or Tor), if this option is enabled, a Tor window will pop up and bring me instead to the onion site. This is not ideal for a normal workflow and is actually quite disruptive as many resource sites also have a hidden service as well. I can either turn the feature on and deal with new pop-ups whenever I run into a site with a .onion, or only turn it on if I’m going to use Tor.
Expected result:
I would expect this feature to only route to onion sites when the URL is accessed from within a Tor window. If I’m using a regular, or even a private window, my expectation is that I will be routed to the normal TLD for that site. The only time I would expect to be automatically routed to that content through Tor is if I opened it through Tor.
I’m not an expert on Tor, but it’s my understanding that anyone looking at your traffic (IP, etc.) only sees that you are using Tor when routed through Tor. By opening a .onion version of a site when you put it’s TLD into a normal window, wouldn’t this serve to reduce the privacy of the user? As anyone looking for fingerprints would see: Site1, Site2, NY Times … This user is using Tor … Site3.
This option to automatically redirect to a .onion site is a standard in pretty much every Tor client I’ve seen, but with Brave being the first hybrid browser that utilizes normal, private, and private + Tor browsing it seems odd that that’s the default behavior. It would be my expectation that all window types and their respective options be segregated from one other.
Reproduces how often:
Every URL with a hidden service, opened from any type of window so long as the above stated option is enabled.
Brave version (brave://version info)
| Brave | 1.23.64 Chromium: 89.0.4389.114 (Official Build) beta (64-bit) |
|---|---|
| Revision | 1ea76e193b4fadb723bfea2a19a66c93a1bc0ca6-refs/branch-heads/4389@{#1616} |
| OS | Windows 10 OS Version 2009 (Build 19042.906) |
Version/Channel Information:
The issue is present in nightly, beta, and standard channels.
Other Additional Information:
No other information, settings, or extensions are required to reproduce this.
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@heyJonBray Toggle OFF
Automatically redirect .onion sitesfor now, since the toggle is not designed to do the behavior you’re expecting. You’re right that the text could be misleading and we should take another look at it.@rebron To clarify, @diracdeltas is correct; the default state of this toggle is OFF. That means that the majority of users will navigate to nytimes and see an “Open in Tor” button instead of automatically opening a Tor window:
And if they are already in a Tor window, the .onion site won’t open either. It will show an “Onion available” button:
Once the toggle is ON, the .onion site will open in a Tor window no matter what mode you’re browsing in.
We can address the OP’s issue with options that supports all 3 desired behaviors:
It could look like this in settings:
“Never” should still be the default setting so the majority of users won’t get a Tor Window popping up unexpectedly. Also, we could tweak the text since it was misconstrued that redirecting to .onion sites would only happen when using a Tor window.
I think @rebron’s idea was good:
Something like this:
Since you still need to have the Tor window connected and running beforehand, if we add “all window types”, you can’t actually open the link until it’s connected, it’s kinda confunsing.