You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SecureDrop currently attempts to detect tor2web proxies using the X-tor2web header, displaying a warning and linking to a static page recommending the use of Tor Browser instead. Since this was implemented that header is no longer being set, meaning that tor2web users are not being warned. Some tor2web gateways also link to proxied versions of SecureDrop instances, which could result in search engine bots crawling said instances.
Given SecureDrop's basic requirement to preserve source anonymity, tor2web detection should be improved, and the warning replaced with a redirect to a dead-end static page that provides appropriate security guidance for potential sources.
SecureDrop currently attempts to detect tor2web proxies using the
X-tor2webheader, displaying a warning and linking to a static page recommending the use of Tor Browser instead. Since this was implemented that header is no longer being set, meaning that tor2web users are not being warned. Some tor2web gateways also link to proxied versions of SecureDrop instances, which could result in search engine bots crawling said instances.Given SecureDrop's basic requirement to preserve source anonymity, tor2web detection should be improved, and the warning replaced with a redirect to a dead-end static page that provides appropriate security guidance for potential sources.
Potential steps include:
robots.txtand anofollowrobots meta tag to dissuade legitimate crawlers from crawling tor2webb-ed instances #6292The text was updated successfully, but these errors were encountered: