Tor2web X-Tor2web: HTTP header

By default Tor2Web adds a X-Tor2web: HTTP header to requests. Can we make this optional so hidden services can not differentiate between internal Tor traffic and tor2web traffic ?

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Nov 19 '14 15:11 usura

@usura I feel that this would be "unfair" because it would not enable the TorHS to discriminate when a connecting user is Anonymous (with TBB) or not (with Tor2web).

Nov 19 '14 16:11 fpietrosanti

Don't you think that tainting tor2web traffic is problematic from an anonymity point of view? Shouldn't tor2web try to match TBB "standard" headers as closely as possible to protect users from being identified by the hidden service?

Nov 19 '14 16:11 marcuswanner

@marcuswanner can you expand you idea? what is your suggestion?

Nov 19 '14 16:11 evilaliv3

for whom is tor2web designed ?

Hidden Services ?
Persons wanting to visit Tor-space ?

if 1) yes, as a HS I would like to know if a visitor is a t2w visitor or a real tor visitor. (so do not change) if 2) it should not be possible for the HS to know if I 'm a t2w or tor user, and make content selectively available and thus limiting the value of t2w.

If you feel, you as a t2w operator need to 'take care of securing the user' you can add an extra page to your disclaimer.

Nov 19 '14 21:11 usura

@usura @marcuswanner The Tor community considers onion-site operators as more "in-group" than tor2web clients, who are unwashed masses. Ergo if there's a choice to make one side happy xor the other, the community will side with the onion-site operators. And that's just how it is.

Fortunately, tor2web is open source, and to solve @usura's original problem, you can manually comment out the appropriate line in t2w.py and problem solved.

Move to close ticket.

Jul 09 '16 21:07 virgil