Hi, I am a third year undergraduate student of Information Technology at PICT, Pune, India. I'm dying to contribute to tor community as I use it a lot. There's an opportunity for me in GSOC-2013. I read tor's idea page and came to know that would have to contribute to existing project. But, I would like to propose a new project. I came across this problem statement from a friend of mine who is journalist. He says, most of the times he don't have his laptop with him so he cant access tor from a CyberCafe as they won't let him download the bundle. So, I propose that there should be a web server to handle tor requests over http. I did my study and think its feasible but let me know everyone else's thought on it.
Mahesh
Hi,
I think that having a web server to handle Tor requests would defeat the purpose of obfuscation because the server's IP address would be public and censors could easily block any connections to it rendering it useless.
Cheers, Sreenatha
On Wed, Apr 17, 2013 at 12:04 AM, mahesh i.mah3sh@gmail.com wrote:
Hi, I am a third year undergraduate student of Information Technology at PICT, Pune, India. I'm dying to contribute to tor community as I use it a lot. There's an opportunity for me in GSOC-2013. I read tor's idea page and came to know that would have to contribute to existing project. But, I would like to propose a new project. I came across this problem statement from a friend of mine who is journalist. He says, most of the times he don't have his laptop with him so he cant access tor from a CyberCafe as they won't let him download the bundle. So, I propose that there should be a web server to handle tor requests over http. I did my study and think its feasible but let me know everyone else's thought on it.
Mahesh ______________________________**_________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**devhttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
I think that having a web server to handle Tor requests would defeat the purpose of obfuscation because the server's IP address would be public and censors could easily block any connections to it rendering it useless.
It's not so easy if users host their own torified CGIproxies on their own servers. - Ok, how many users are technically able and willing to do that?
On Tue, Apr 16, 2013 at 07:35:45PM +0000, adrelanos wrote:
I think that having a web server to handle Tor requests would defeat the purpose of obfuscation because the server's IP address would be public and censors could easily block any connections to it rendering it useless.
It's not so easy if users host their own torified CGIproxies on their own servers. - Ok, how many users are technically able and willing to do that?
We called this remote-proxy access in "Anonymous Connections and Onion Routing" https://www.onion-router.net/Publications.html#JSAC-1998 (Somebody should really put the early onion routing papers on anonbib, almost none of them are there. Copious free time and all that I guess.) It could be useful in some circumstances. I imagine if you wanted to run your own for personal use as suggested, coupling it with some kind of onetime authentication would be especially useful. But I can imagine circumstances where it would be useful for general public use, with the caveat that people will even more poorly understand the risks and protections they have here than they do with a Tor client running locally. Similar issues have been considered for tor2web, which I assume you know about. (If not you should take a look, although the goals are not identical.)
-Paul
On Tue, Apr 16, 2013 at 04:11:37PM -0400, Paul Syverson wrote:
On Tue, Apr 16, 2013 at 07:35:45PM +0000, adrelanos wrote:
I think that having a web server to handle Tor requests would defeat the purpose of obfuscation because the server's IP address would be public and censors could easily block any connections to it rendering it useless.
It's not so easy if users host their own torified CGIproxies on their own servers. - Ok, how many users are technically able and willing to do that?
We called this remote-proxy access in "Anonymous Connections and Onion Routing" https://www.onion-router.net/Publications.html#JSAC-1998
Thanks for the link!
(Somebody should really put the early onion routing papers on anonbib, almost none of them are there. Copious free time and all that I guess.)
(For some value of copious free time? :) )
On Wed, Apr 17, 2013 at 12:04:52AM +0530, mahesh wrote:
Hi, I am a third year undergraduate student of Information Technology at PICT, Pune, India. I'm dying to contribute to tor community as I use it a lot. There's an opportunity for me in GSOC-2013. I read tor's idea page and came to know that would have to contribute to existing project. But, I would like to propose a new project. I came across this problem statement from a friend of mine who is journalist. He says, most of the times he don't have his laptop with him so he cant access tor from a CyberCafe as they won't let him download the bundle. So, I propose that there should be a web server to handle tor requests over http. I did my study and think its feasible but let me know everyone else's thought on it.
Mahesh
I think this is an interesting idea (will have to read the paper Paul linked to see what conclusions were already formulated), but there are a number of ways to look at this.
(These are possibly flawed/have holes in them, so please plug them)
1) We don't know the threat model going into this discussion, so "what could go wrong?". That being said,
2) I think it may have its purpose (and there is a threat model that supports this), the example already mentioned being one of them (with some assumptions). Without special treatment, the connection basically turns into a nondeterministic four-hop proxy (well, the last three hops are nondeterministic).
3) As was mentioned, this will be just one additional avenue where end users may be confused about the protection actually provided to them. There have been numerous discussion about Tor2Web on IRC and how users have been confused by the urls (there have likely been discussions elsewhere, as well) and I would say that this idea actually takes Tor2Web one step further (about four hops further, actually) such that it allows access to hidden services and the internet (with all of the advantages and disadvantages).
4) Who do you trust? With this remote-proxy, it really depends on what you're looking to gain from using the Tor network. Are you looking for a censorship circumvention tool? Then you probably don't want to use a remote-proxy node run by the censorer or any of it's allies. If you're looking to remain anonymous...well, anonymous with respect to whom, I suppose?
Again, I don't think this idea is too far fetched (I'm not sure as to the size of this project and its appropriateness for GSoC) but this will add just one more item to the list of tools about which end users will need to be educated. Remember, in general, the easier something is to use, the less secure it it. However, on the flip side, the more users using Tor, the more traffic on the network and therefore the harder it will be to "de-anonymize" a user (for some definition of that).
Hopefully I'm not too far off-base with this assessment.
All the best,
Matt
On Wed, Apr 17, 2013 at 12:46:17AM +0000, Matthew Finkel wrote:
- Who do you trust? With this remote-proxy, it really depends on what
you're looking to gain from using the Tor network. Are you looking for a censorship circumvention tool? Then you probably don't want to use a remote-proxy node run by the censorer or any of it's allies. If you're looking to remain anonymous...well, anonymous with respect to whom, I suppose?
Actually, if you could log in remotely to an interface that isn't obviously a gateway to Tor and the proxy/bridge there was one that you ran yourself or otherwise trusted, this could be an easy way to make sure your transport didn't look like it was talking a Tor protocol (because it wouldn't be talking Tor protocol). That's just off the top of my head, but the point is that there could be scenarios where this could support circumvention as well as anonymity.
aloha, Paul
On Tue, Apr 16, 2013 at 10:49:38PM -0400, Paul Syverson wrote:
On Wed, Apr 17, 2013 at 12:46:17AM +0000, Matthew Finkel wrote:
- Who do you trust? With this remote-proxy, it really depends on what
you're looking to gain from using the Tor network. Are you looking for a censorship circumvention tool? Then you probably don't want to use a remote-proxy node run by the censorer or any of it's allies. If you're looking to remain anonymous...well, anonymous with respect to whom, I suppose?
Actually, if you could log in remotely to an interface that isn't obviously a gateway to Tor and the proxy/bridge there was one that you ran yourself or otherwise trusted, this could be an easy way to make sure your transport didn't look like it was talking a Tor protocol (because it wouldn't be talking Tor protocol). That's just off the top of my head, but the point is that there could be scenarios where this could support circumvention as well as anonymity.
I agree, but then the problem of having these nodes available to those who need them becomes an issue. One benefit about Bridges is that they are available to anyone who can send an email or visit a website or knows someone running one. For journalists and such, I suppose it's possible their local IT folk may be willing to setup a remote-proxy system for them but what about the little guy? Maybe another system similar to the one currently used to distribute Bridges could be used to partially solve the key distribution problem, but it doesn't completely solve the trust problem (but then again I'm not sure it can be solved short of the scenario you suggested). I think I have one vague idea related to the second hop in the circuit not actually relaying the webpage to the remote-proxy but to another remote-proxy and sending a redirect to the original and maybe with some JavaScript crypto to give people the warm fuzzies, but this hasn't exactly been thought through :). There's also a ticket for a PT that looks like a HTTP(S) server (IIRC), which may help with this?
Mahesh, what are your thoughts about how this would be implemented? (Just curious :) )
- Matt
-
adrelanos -
mahesh -
Matthew Finkel -
Paul Syverson -
Sreenatha Bhatlapenumarthi