Good to know.
Indeed. I disabled the auto replacement of clearnet links to onion for now. Unfortunately that went both ways, inside the html (GET) and inside the user submissions (wiki edit, POST).
Until I find a fix for that might have less perfect onion support now (more links to clearnet such as top bar HOME link to clearnet rather than onion) but major functions (editing over onion without redirect to clearnet) should still working. Please try.
Homepage images on onion are now broken but I will fix that shortly.
Does not happen for me in a fresh Tor Browser. And probably doesn’t happen for you in a fresh Tor Browser too. It would however happen in a browser where one has set.
Being purely technical here, ignoring usability issues: I did no such thing. The only thing I did is implement the HTTP header feature which support for was added in Tor Browser 9.5
Some technical details:
- server provides a pure informational offer:
Onion-Location can be found at
- server does not detect who visits from Tor network and who does not
- server does not force redirect clearnet connections to onion in any case
- What the browser does when it sees the
Onion-Location HTTP header (laymen: “an offer”)
Try Onion Services
There’s a more private and secure version of this site available over the Tor network via onion services. Onion services help website publishers and their visitors defeat surveillance and censorship.
Not Now | Always Prioritize Onions
If you want to upgrade only one time, click “Not Now”, then press again on the “Onion Available” button. However, if you choose
Always Prioritize Onions then the browser will force the user each time a clearnet server shows the
Onion-Location offer to use the onion instead. It’s a browser feature.
In browser URL bar go to
Prioritize .onion sites when known. Learn more…
[ ] Ask every time
[x] Ask every time.
Btw since this is a server side feature, https://www.whonix.org/wiki/Forcing_.onion_on_Whonix.org does still make sense since onion location is better enforced client side.
No security/performance benefits
Could you document that please?
Reason: Server is getting hammered by 100’s of crawling and vulnerability scanning bots causing an guesstimate of 30-60% of traffic. Most probably non-targeted attacks. These download every revision of every page and compare every revision with revert revision, maximum out all permutations which are virtually endless.
Non-reason: hiding history from public.
Reference to see how many bots are out there:
What I could do instead is using HTTP basic authentication. Would look similar like this screenshot:
Then the login prompt could tell everyone “username is same as password which is ‘whonix’ (without the quotes)”. Space for instructions and skinning is very limited in that prompt. A more pretty prompt might be developed later perhaps in two weeks from now.
Advantages: more anonymous since any member of public visitor could use the “login” (which is just a cheap, easy trick to get rid of 99% of bots which are non-targeted bots). Also more easy to type. No need to remember/type/copy/paste username / password.
Would that help?
Btw whonix.org is now redirected to www.whonix.org. No “plain”, non-subdomain.
Same for onion. www only. No non-subdomain onion.
(That was implemented to prevent duplicate crawling of both non-subdomain and www.)
(And all clearnet is always redirected to TLS.)