Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[scanner integration] Show moderate warning on directory entry page for landing pages with links to .onion addresses #517

Closed
eloquence opened this issue May 31, 2018 · 2 comments
Closed

[scanner integration] Show moderate warning on directory entry page for landing pages with links to .onion addresses #517

eloquence opened this issue May 31, 2018 · 2 comments

Comments

@eloquence
Copy link
Member

eloquence commented May 31, 2018
edited
Loading

Part of epic #488. A landing page shouldn't like to an .onion address directly; attempts to click such a link in a clearnet browser open up an avenue for an adversary operating at the DNS level to gather data about potential SecureDrop users. In these cases, we should show the following warning (see #514 for overall warning logic and boilerplate text):

This landing page links directly to a Tor Hidden Service (.onion address). Any attempt to visit such a link in a regular browser will fail, but it may be detected by third parties.
@eloquence eloquence changed the title Show moderate warning on directory entry page for landing pages with links to .onion addresses [scanner integration] Show moderate warning on directory entry page for landing pages with links to .onion addresses May 31, 2018
@eloquence eloquence mentioned this issue May 31, 2018
Open
21 tasks
@eloquence
Copy link
Member Author

As of today, the landing page scanner logic is reporting no landing pages in the directory that have this problem (the only exception was https://freedom.press/people/kevin-poulsen/ , which has since been fixed).

@eloquence
Copy link
Member Author

eloquence commented Oct 5, 2018
edited
Loading

This appears to be working in current master (tested with https://eloquence.github.io/sdo-tests/onionlink.html since no live landing pages have this problem), but still uses placeholder text; please update consistent with the message above for now (we can always tweak further).

eloquence added a commit that referenced this issue Oct 9, 2018
@eloquence
Bring warning texts closer to final language.
8a206c6 
As part of this commit, the warning insertion is done as raw HTML,
(usage of  `| safe` in template) to allow for hyperlinks inside
the warning.

Resolves #516 (only remaining task)
Resolves #517 (only remaining task)
eloquence added a commit that referenced this issue Oct 9, 2018
@eloquence
Bring warning texts closer to final language.
d3a0f36 
As part of this commit, the warning insertion is done as raw HTML,
(usage of  `| safe` in template) to allow for hyperlinks inside
the warning.

Resolves #516 (only remaining task)
Resolves #517 (only remaining task)
@eloquence eloquence mentioned this issue Oct 9, 2018
Merged
eloquence added a commit that referenced this issue Oct 11, 2018
@eloquence
Bring warning texts closer to final language.
c933ebd 
As part of this commit, the warning insertion is done as raw HTML,
(usage of  `| safe` in template) to allow for hyperlinks inside
the warning.

Resolves #516 (only remaining task)
Resolves #517 (only remaining task)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eloquence