When a website can be accessed via a clearnet and a .onion url, is there a benefit to making use of the .onion url?
Context:
I am considering pointing a ".onion" url to my instance (mander.xyz).
I did some tests with and it seems like mlmym works well with JavaScript disabled. Since JavaScript is often disabled in the tor browser, I could make the .onion url point at that front-end instead.
This would be fun to do, but I wonder if there is a practical benefit to the ".onion" url as opposed to simply accessing the clearnet url via the tor browser.
EDIT: I went ahead and created an onion URL to try out, but I would still like to know if there is an actual advantage to .onion urls:
http://mandermybrewn3sll4kptj2ubeyuiujz6felbaanzj3ympcrlykfs2id.onion/
One advantage I can think of right off hand would be domain blocks can be bypassed with an onion URL.
In the context of tor, a domain block would apply - for example - if the exit node's ISP blocks the domain. But if the local network implements domain blocks, this would not affect the tor browser - is this correct? Or is it also possible to block domains locally even for tor browser users?
An onion domain does not use the clear net whatsoever. So the tor client machine contacts your machine directly (with 6 hops) from within the network and never exits out to the open internet.
You might as well. Like others have said, it bypasses the clear net and exit nodes. But you could also change your website based on the host name the browser is requesting. For example, serve your regular site to regular users, and a scripting-free version to Tor users.
Yes this has several benefits:
- some users prefer not to reveal their IP to your server
- some users prefer not to be tracked by their internet provider (or by Google via DNS on Android, or by local wifi users or by who knows who)
- your onion site is censorship resistant (some users in Russia or else might need it)
- your onion can be ddos-resistent (if you enable POW)
- your clearnet site might be unavailable for other reasons (unrenewed DNS entry or expired certificate)