this post was submitted on 20 Jul 2024
17 points (94.7% liked)

Tor - The Onion Router

1436 readers
1 users here now

Tips, tricks and information about the Tor network!

Tor Project

founded 4 years ago
MODERATORS
[email protected]
17
Does pointing a ".onion" url to a clearnet site benefit TOR users? (mander.xyz)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
8 comments fedilink hide all child comments
 

When a website can be accessed via a clearnet and a .onion url, is there a benefit to making use of the .onion url?

Context:

I am considering pointing a ".onion" url to my instance (mander.xyz).

I did some tests with and it seems like mlmym works well with JavaScript disabled. Since JavaScript is often disabled in the tor browser, I could make the .onion url point at that front-end instead.

This would be fun to do, but I wonder if there is a practical benefit to the ".onion" url as opposed to simply accessing the clearnet url via the tor browser.

EDIT: I went ahead and created an onion URL to try out, but I would still like to know if there is an actual advantage to .onion urls:

http://mandermybrewn3sll4kptj2ubeyuiujz6felbaanzj3ympcrlykfs2id.onion/

top 8 comments
sorted by: hot top controversial new old
[–] shortwavesurfer 6 points 1 month ago (1 children)

One advantage I can think of right off hand would be domain blocks can be bypassed with an onion URL.

[–] [email protected] 2 points 1 month ago (1 children)

In the context of tor, a domain block would apply - for example - if the exit node's ISP blocks the domain. But if the local network implements domain blocks, this would not affect the tor browser - is this correct? Or is it also possible to block domains locally even for tor browser users?

[–] shortwavesurfer 5 points 1 month ago* (last edited 1 month ago)

An onion domain does not use the clear net whatsoever. So the tor client machine contacts your machine directly (with 6 hops) from within the network and never exits out to the open internet.

[–] [email protected] 5 points 1 month ago (1 children)

I think staying inside the tor network helps reduce the load on exit nodes, which helps all tor users who need to access the clearnet. I think there is even a HTTP header that can be put on the clearnet site that will put a button on the tor browser that tells users that there is a onion available.

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (1 children)

Ah - does the exit node participate at all when accessing a .onion? Or is it skipped altogether?

And the HTTP header thing is very cool, I did not know about that!

I have added the header to the site and it works!

I just added the following line to the location / {} block in the https server section:

add_header Onion-Location http://mandermybrewn3sll4kptj2ubeyuiujz6felbaanzj3ympcrlykfs2id.onion/$request_uri;

[–] [email protected] 2 points 1 month ago

I think its just the non-exit nodes that are needed as long as the traffic stays inside the tor network, I dont think an exit node gets involved at all, but I'm not 100% sure

[–] [email protected] 3 points 1 month ago

You might as well. Like others have said, it bypasses the clear net and exit nodes. But you could also change your website based on the host name the browser is requesting. For example, serve your regular site to regular users, and a scripting-free version to Tor users.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago)

Yes this has several benefits:

  • some users prefer not to reveal their IP to your server
  • some users prefer not to be tracked by their internet provider (or by Google via DNS on Android, or by local wifi users or by who knows who)
  • your onion site is censorship resistant (some users in Russia or else might need it)
  • your onion can be ddos-resistent (if you enable POW)
  • your clearnet site might be unavailable for other reasons (unrenewed DNS entry or expired certificate)