René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Recommend making sites available over Tor Onion (Hidden) Services","articleBody":"As [you yourself state](https://https.cio.gov/#what-https-doesn't-do):\n\n\u003e IP addresses and destination domain names are not encrypted during communication. Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information.\n\n[Tor](https://www.torproject.org/) enables users to browse sites anonymously, to keep secret the fact that they're browsing (as examples) [health care](https://www.healthcare.gov/), [the GAO](http://www.gao.gov/), [OSHA Whistleblowers](http://www.whistleblowers.gov/), or [the SEC](https://www.sec.gov/whistleblower).  Clearly browsing any one of these sites may be a telling act to (e.g.) an employer that should be treated as sensitive.\n\nMaking these sites available over Onion Services provides even stronger protection for users than merely using Tor, as their traffic is end-to-end authenticated and never leaves the Tor Network.  (Onion services are also, more commonly, called 'Hidden Services' but in this case, the identity of the server is not intended to be hidden.) [Facebook](https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237) recently made a Onion Service available for example.\n\nIt would be a wonderful gesture, on top of this already excellent proposal, to recommend that agencies consider if the mere act of browsing their site may be sensitive information and make themselves accessible via a Tor Onion Service.\n","author":{"url":"https://github.com/tomrittervg","@type":"Person","name":"tomrittervg"},"datePublished":"2015-03-28T00:19:42.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":3},"url":"https://github.com/93/https/issues/93"}