Hopefully the exclamation marks work. Thanks Sebastian for kicking us off! We have just twelve project ideas at present and many of those will go poof due to being outdated. We need moar!!!
Please, please give thought to if there's something you'd care to mentor this summer. This is a great opportunity to kickstart development and get a new community member at the same time! We're a bit behind the eight ball right now since Google is evaluating our proposal as we speak, and if selected students will be checking us out on Monday (2/29).
Got something? Then just shoot us text like the following and Sebastian or I would be happy to add it...
https://www.torproject.org/getinvolved/volunteer.html.en#Coding
Cheers! -Damian
Damian Johnson atagar@torproject.org writes:
https://www.torproject.org/getinvolved/volunteer.html.en#Coding
Does my reply to the other tor-project thread count, or do you want the same format as web site? (Effort level would be "medium"/"high" for both of the ideas I proposed, and skill level probably "high"? Maybe "medium".
Does my reply to the other tor-project thread count, or do you want the same format as web site? (Effort level would be "medium"/"high" for both of the ideas I proposed, and skill level probably "high"? Maybe "medium".
Hi meejah, it would be much appreciated if you could provide text we can paste into the site (including effort/skill/etc). The ideas on the other thread sound great but didn't include enough detail for us to add.
Cheers! -Damian
See https://www.marc.info/?l=tor-dev&m=145440925917524&w=4 (Don't count this as a commitment to mentor, but we can talk about it.
Custom Alerting Effort Level: Low-Medium Skill Level: Low Likely Mentors: Karsten, Damian
Tor has a lot of services that run in complicated ways. Bandwidth Authorities and Metrics archives are two large examples. While DocTor and DepicTor (consensus-health.torproject.org) provide alerting for certain DirAuth related concerns - these other parts of the Tor Project lack them. Improving the alerting around these systems would give greater confidence in their operation and help resolve problems faster.
-tom
On 23 February 2016 at 11:49, Damian Johnson atagar@torproject.org wrote:
Hopefully the exclamation marks work. Thanks Sebastian for kicking us off! We have just twelve project ideas at present and many of those will go poof due to being outdated. We need moar!!!
Please, please give thought to if there's something you'd care to mentor this summer. This is a great opportunity to kickstart development and get a new community member at the same time! We're a bit behind the eight ball right now since Google is evaluating our proposal as we speak, and if selected students will be checking us out on Monday (2/29).
Got something? Then just shoot us text like the following and Sebastian or I would be happy to add it...
https://www.torproject.org/getinvolved/volunteer.html.en#Coding
Cheers! -Damian _______________________________________________ tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
On 23 Feb (14:13:15), Tom Ritter wrote:
See https://www.marc.info/?l=tor-dev&m=145440925917524&w=4 (Don't count this as a commitment to mentor, but we can talk about it.
Custom Alerting Effort Level: Low-Medium Skill Level: Low Likely Mentors: Karsten, Damian
Tor has a lot of services that run in complicated ways. Bandwidth Authorities and Metrics archives are two large examples. While DocTor and DepicTor (consensus-health.torproject.org) provide alerting for certain DirAuth related concerns - these other parts of the Tor Project lack them. Improving the alerting around these systems would give greater confidence in their operation and help resolve problems faster.
Network monitoring GSOC! Very very very good idea! :)
David
-tom
On 23 February 2016 at 11:49, Damian Johnson atagar@torproject.org wrote:
Hopefully the exclamation marks work. Thanks Sebastian for kicking us off! We have just twelve project ideas at present and many of those will go poof due to being outdated. We need moar!!!
Please, please give thought to if there's something you'd care to mentor this summer. This is a great opportunity to kickstart development and get a new community member at the same time! We're a bit behind the eight ball right now since Google is evaluating our proposal as we speak, and if selected students will be checking us out on Monday (2/29).
Got something? Then just shoot us text like the following and Sebastian or I would be happy to add it...
https://www.torproject.org/getinvolved/volunteer.html.en#Coding
Cheers! -Damian _______________________________________________ tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
David Goulet:
On 23 Feb (14:13:15), Tom Ritter wrote:
See https://www.marc.info/?l=tor-dev&m=145440925917524&w=4 (Don't count this as a commitment to mentor, but we can talk about it.
Custom Alerting Effort Level: Low-Medium Skill Level: Low Likely Mentors: Karsten, Damian
Tor has a lot of services that run in complicated ways. Bandwidth Authorities and Metrics archives are two large examples. While DocTor and DepicTor (consensus-health.torproject.org) provide alerting for certain DirAuth related concerns - these other parts of the Tor Project lack them. Improving the alerting around these systems would give greater confidence in their operation and help resolve problems faster.
Network monitoring GSOC! Very very very good idea! :)
In some ways, that's the case. But if an intern works on monitoring software, then we need to think from the beginning about who's going to run it and who's going to pay attention to its results.
Otherwise, even if it's the best code ever, it's likely to be a waste at the end of the Summer. (Please remember TorBEL.)
On 23 February 2016 at 18:15, Lunar lunar@torproject.org wrote:
David Goulet:
On 23 Feb (14:13:15), Tom Ritter wrote:
See https://www.marc.info/?l=tor-dev&m=145440925917524&w=4 (Don't count this as a commitment to mentor, but we can talk about it.
Custom Alerting Effort Level: Low-Medium Skill Level: Low Likely Mentors: Karsten, Damian
Tor has a lot of services that run in complicated ways. Bandwidth Authorities and Metrics archives are two large examples. While DocTor and DepicTor (consensus-health.torproject.org) provide alerting for certain DirAuth related concerns - these other parts of the Tor Project lack them. Improving the alerting around these systems would give greater confidence in their operation and help resolve problems faster.
Network monitoring GSOC! Very very very good idea! :)
In some ways, that's the case. But if an intern works on monitoring software, then we need to think from the beginning about who's going to run it and who's going to pay attention to its results.
Otherwise, even if it's the best code ever, it's likely to be a waste at the end of the Summer. (Please remember TorBEL.)
Truth. Since I run a bwauth and a collector instance, I'm incentived to learn, run, and maintain it (and pay attention to the results.) Especially if I can add my own tests into it easily enough (for making sure my bridge node/mixminion nodes are still running, etc)
I have crappy tests running now, and while I get more emails than I like, I know how to tell when things are really breaking. In my ideal world they'd improve the skeleton framework I have. If they wind up picking a language I'm not familiar with, or something that requires dependencies I'm unhappy with - I'm not gonna lie it's unlikely I'll maintain it. Just too little time to go around.
-tom
See https://www.marc.info/?l=tor-dev&m=145440925917524&w=4 (Don't count this as a commitment to mentor, but we can talk about it.
Custom Alerting Effort Level: Low-Medium Skill Level: Low Likely Mentors: Karsten, Damian
Tor has a lot of services that run in complicated ways. Bandwidth Authorities and Metrics archives are two large examples. While DocTor and DepicTor (consensus-health.torproject.org) provide alerting for certain DirAuth related concerns - these other parts of the Tor Project lack them. Improving the alerting around these systems would give greater confidence in their operation and help resolve problems faster.
Hi Tom, I like the idea of a monitoring project and was already scratching my head wondering if there's something DocTor related a student could do. That said though project ideas need to be more specific and meaty than this. If something comes to mind then let me know!
Hi all! Sebastian and I aren't hearing from many prospective mentors. In fact, we have just five!
* Make TorBirdy Better (Sukhbir) * Exitmap Improvements (Philipp) * Expand Nyx (Damian) * Help improve Tor hidden services (asn) * Implement and Integrate CONIKS for Tor Messenger (Marcela and Arlo)
In just a few short days we'll be removing prospective mentors we haven't heard from, and if there's no names remaining the project itself. Presently this includes the following...
* Tor Codebase Cleanup (dgoulet) * Build Better Pluggable Transports (infinity0) * Add Support for Reporting Pcaps to OoniBackend and OoniProbe (Arturo) * Improve test coverage in Tor (dgoulet) * Have the Tor daemon use more cores (dgoulet) * Improved DNS support for Tor (dgoulet)
David obviously can't mentor all the things alone so unless others step up this is gonna be a really small program this year. If you want to mentor this summer and help grow our community let us know!
On a side note I replaced a couple project idea fields with the language. This was just a rough guess on my part - if I mislabeled your project then please let me know.
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=fed3b29
Cheers! -Damian
First one:
Convert txtorcon to use txaio language: Python, asyncio, Twisted Likely Mentors: meejah
txtorcon is currently supports only Twisted users. Re-working txtorcon to use the txaio library would allow users to choose between Twisted and asyncio for the client code.
This would involve fairly extensive refactoring to txtorcon, as it currently makes heavy use of @inlineCallbacks which doesn't work with txaio. A prospective student should be very familiar with event-based programming in general, and be familiar with one of Twisted or asyncio. See also: https://github.com/meejah/txtorcon/issues/135
Second one:
Convert txtorcon to py.test language: Python, Twisted Likely Mentors: meejah
Currently txtorcon uses the built-in "unittest" module, as well as Twisted's Deferred-respecting extensions on top. However, meejah has found py.test's "fixture" approach to be much more powerful in other situations.
This project would be to port at least part of txtorcon's test-suite to use py.test style tests and fixtures and evaluate: are the tests easier to read? are there fewer lines of code? If so, the rest of the suite should be ported and txtorcon switched over to use py.test exclusively.
As some of txtorcon's tests aren't very well-written, this would take a prospective student who is very strong in unit-testing knowledge. As txtorcon is event-based, familiarity with that style of programming (preferrably with Twisted) is ideal. See also: https://github.com/meejah/txtorcon/issues/136
Thanks meejah! Project ideas pushed...
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=c3598457a3c1...
Hi,
It seems I finally found the right thread. I am fine with getting the Panopticlick project back on the topics page. There is even a ticket for this on trac:
https://trac.torproject.org/projects/tor/ticket/18328
Georg
It seems I finally found the right thread. I am fine with getting the Panopticlick project back on the topics page. There is even a ticket for this on trac:
Thanks, pushed.
If the following sort of "meta-project" is appropriate, feel free to add this too:
Use Python, Twisted and txtorcon for Tor tools language: Python, Twisted Likely Mentors: meejah, as co-mentor
If you are interested in implementing some Tor tool, utility or network research and are considering using Python I would co-mentor your project and provide help and advice to use txtorcon to do so. If there are missing features required to complete your tool, I can either help you write a patch or do so myself.
It probably makes the most sense if your tool involves networking somehow because Twisted is great for that and will then inter-operate well with Tor, too. For non-networking utilities (e.g. parsing various Tor cache files) Stem can be used.
If the following sort of "meta-project" is appropriate, feel free to add this too:
Hi meejah, we already invite students to propose their own project ideas. When those come in I match them up with the best likely mentor (you if it concerns txtorcon, George if it involves pluggable transports, etc).
Cheers! -Damian
In just a few short days we'll be removing prospective mentors we haven't heard from, and if there's no names remaining the project itself. Presently this includes the following...
- Tor Codebase Cleanup (dgoulet)
- Build Better Pluggable Transports (infinity0)
- Add Support for Reporting Pcaps to OoniBackend and OoniProbe (Arturo)
- Improve test coverage in Tor (dgoulet)
- Have the Tor daemon use more cores (dgoulet)
- Improved DNS support for Tor (dgoulet)
Hi all, pulled the trigger on this...
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa529...
Folks are coming out of the woodwork to mentor so we still have ten projects (yay!), but not much concerning core tor. if you'd care to mentor one of these then more than happy to add it back to our page.
Cheers! -Damian
Damian Johnson:
Hi all, pulled the trigger on this...
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa529...
Folks are coming out of the woodwork to mentor so we still have ten projects (yay!), but not much concerning core tor. if you'd care to mentor one of these then more than happy to add it back to our page.
Great work on getting the GSoC program together, and getting selected!
I'd be happy to be the second mentor for any Python-based project, particular if it's related to hidden services or network monitoring.
Regards, Donncha
Hi,
I just want to say that this trajectory of events shows our inventiveness, commitment, and resilience--and our ability to solve problems as a group:
1. We were sad that we were rejected last year for Google Summer of Code (they wanted to give the opportunity to some new groups; fair enough).
2. We came up with the idea of Tor Summer of Privacy!
But it is unfunded.
3. Awesome and amazing (though elusive) Tor board member Rob and his wife Lauren kindly and wonderfully funded it--a morale boost for the whole Tor Project. Thank you again.
4. We developed a relationship with the terrific Donncha, who becomes one of our Tor Summer of Privacy students.
5. Atagar kindly runs the program. Thanks!!
5. Donncha does great work, and even invents a cool workaround for some of our CloudFlare problems.
6. Donncha becomes even more integrated into the Tor community.
7. We apply again to Google and this year are accepted.
7. Donncha volunteers to help the next generation of Summer of Code students.
Yay,
Katie :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Kate,
- We came up with the idea of Tor Summer of Privacy!
But it is unfunded.
- Awesome and amazing (though elusive) Tor board member Rob and his
wife Lauren kindly and wonderfully funded it--a morale boost for the whole Tor Project. Thank you again.
That's very kind of you, and I'm kvelling at being called elusive. That will make my wife laugh. :)
So... Should we do the Tor Summer of Privacy again?
Be well, Rob. - -- Rabbi Rob Thomas Team Cymru "It is easy to believe in freedom of speech for those with whom we agree." - Leo McKern
On 2016-02-29 21:18, Donncha O'Cearbhaill wrote:
Damian Johnson:
Hi all, pulled the trigger on this...
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa529...
Folks are coming out of the woodwork to mentor so we still have ten projects (yay!), but not much concerning core tor. if you'd care to mentor one of these then more than happy to add it back to our page.
Great work on getting the GSoC program together, and getting selected!
I'd be happy to be the second mentor for any Python-based project, particular if it's related to hidden services or network monitoring.
Regards, Donncha
A project I discussed last night with Donncha and Yawnbox is
Title:
IP hijacking detection for the Tor Network.
Description:
IP hijacking (https://en.wikipedia.org/wiki/IP_hijacking) occurs when a bad actor creates false routing information to redirect Internet traffic to or through themselves. This activity is straightforward to detect, because the Internet routing tables are public information, but currently there are no public services that monitor the Tor network. The Tor Network is a dynamic set of relays, so monitoring must be Tor-aware in order to keep the set of monitored relays accurate. Additionally, consensus archives and historical Internet routing table snapshots are publicly available, and this analysis can be performed retroactively.
The implications of IP hijacking are that Tor traffic can be redirected through a network that an attacker controls, even if the attacker does not normally have this capability - i.e. they are not in the network path. For example, an adversary could hijack the prefix of a Tor Guard relay, in order to learn who its clients are, or hijack a Tor Exit relay to tamper with requests or name resolution.
This project comprises building a service that compares network prefixes of relays in the consensus with present and historic routing table snapshots from looking glass services such as Routeviews (http://routeviews.org), or aggregators such as Caida BGPStream (https://bgpstream.caida.org) and then issues email alerts to the contact-info in the relay descriptor and a mailing list. Network operators are responsive to route injections, and these alerts can be used to notify network operators to take immediate action, as well as collect information about the occurrence of these type of attacks.
Estimated time to build this service: 3 months
--Aaron
Thanks Aaron. I assume you, Donncha, and Yawnbox would all be mentors?
Personally I'm not fully groking the idea though on first read I'm unsure why this would take three months (or be enough for a full GSoC project). This sounds similar to DocTor checks with some sort of Routeviews and BGPStream integration.
Cheers! -Damian
On Thu, Mar 3, 2016 at 5:47 AM, Aaron Gibson aagbsn@extc.org wrote:
On 2016-02-29 21:18, Donncha O'Cearbhaill wrote:
Damian Johnson:
Hi all, pulled the trigger on this...
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa529...
Folks are coming out of the woodwork to mentor so we still have ten projects (yay!), but not much concerning core tor. if you'd care to mentor one of these then more than happy to add it back to our page.
Great work on getting the GSoC program together, and getting selected!
I'd be happy to be the second mentor for any Python-based project, particular if it's related to hidden services or network monitoring.
Regards, Donncha
A project I discussed last night with Donncha and Yawnbox is
Title:
IP hijacking detection for the Tor Network.
Description:
IP hijacking (https://en.wikipedia.org/wiki/IP_hijacking) occurs when a bad actor creates false routing information to redirect Internet traffic to or through themselves. This activity is straightforward to detect, because the Internet routing tables are public information, but currently there are no public services that monitor the Tor network. The Tor Network is a dynamic set of relays, so monitoring must be Tor-aware in order to keep the set of monitored relays accurate. Additionally, consensus archives and historical Internet routing table snapshots are publicly available, and this analysis can be performed retroactively.
The implications of IP hijacking are that Tor traffic can be redirected through a network that an attacker controls, even if the attacker does not normally have this capability - i.e. they are not in the network path. For example, an adversary could hijack the prefix of a Tor Guard relay, in order to learn who its clients are, or hijack a Tor Exit relay to tamper with requests or name resolution.
This project comprises building a service that compares network prefixes of relays in the consensus with present and historic routing table snapshots from looking glass services such as Routeviews (http://routeviews.org), or aggregators such as Caida BGPStream (https://bgpstream.caida.org) and then issues email alerts to the contact-info in the relay descriptor and a mailing list. Network operators are responsive to route injections, and these alerts can be used to notify network operators to take immediate action, as well as collect information about the occurrence of these type of attacks.
Estimated time to build this service: 3 months
--Aaron
tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
On 2016-03-03 15:58, Damian Johnson wrote:
Thanks Aaron. I assume you, Donncha, and Yawnbox would all be mentors?
I would be happy to mentor this project.
Personally I'm not fully groking the idea though on first read I'm unsure why this would take three months (or be enough for a full GSoC project). This sounds similar to DocTor checks with some sort of Routeviews and BGPStream integration.
I think that a new GSoC student might take a bit more time to get up to speed on Tor - and there should be sufficient time to research the problem space more completely to understand the criteria for alerts, and to allow for time to package and deploy the software properly. I think this space is sufficiently interesting and useful that it ought to be a full project, but perhaps some other people have suggestions for expanding the scope? Ideally, the appropriate student will have some additional ideas of their own.
--Aaron
Cheers! -Damian
On Thu, Mar 3, 2016 at 5:47 AM, Aaron Gibson aagbsn@extc.org wrote:
On 2016-02-29 21:18, Donncha O'Cearbhaill wrote:
Damian Johnson:
Hi all, pulled the trigger on this...
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa529...
Folks are coming out of the woodwork to mentor so we still have ten projects (yay!), but not much concerning core tor. if you'd care to mentor one of these then more than happy to add it back to our page.
Great work on getting the GSoC program together, and getting selected!
I'd be happy to be the second mentor for any Python-based project, particular if it's related to hidden services or network monitoring.
Regards, Donncha
A project I discussed last night with Donncha and Yawnbox is
Title:
IP hijacking detection for the Tor Network.
Description:
IP hijacking (https://en.wikipedia.org/wiki/IP_hijacking) occurs when a bad actor creates false routing information to redirect Internet traffic to or through themselves. This activity is straightforward to detect, because the Internet routing tables are public information, but currently there are no public services that monitor the Tor network. The Tor Network is a dynamic set of relays, so monitoring must be Tor-aware in order to keep the set of monitored relays accurate. Additionally, consensus archives and historical Internet routing table snapshots are publicly available, and this analysis can be performed retroactively.
The implications of IP hijacking are that Tor traffic can be redirected through a network that an attacker controls, even if the attacker does not normally have this capability - i.e. they are not in the network path. For example, an adversary could hijack the prefix of a Tor Guard relay, in order to learn who its clients are, or hijack a Tor Exit relay to tamper with requests or name resolution.
This project comprises building a service that compares network prefixes of relays in the consensus with present and historic routing table snapshots from looking glass services such as Routeviews (http://routeviews.org), or aggregators such as Caida BGPStream (https://bgpstream.caida.org) and then issues email alerts to the contact-info in the relay descriptor and a mailing list. Network operators are responsive to route injections, and these alerts can be used to notify network operators to take immediate action, as well as collect information about the occurrence of these type of attacks.
Estimated time to build this service: 3 months
--Aaron
tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
I volunteer for mentoring for anything related to: Tor2web, Roster, relay operators, ahmia.fi, or OnionLink.
I did some analytics looking at the risk of BGP prefix hijacking. If we want to look into this I suggest making more of a research project (probably with Princeton), but if GSOC is willing to fund it we can certainly look into defenses that mitigate the attack.
-V
On Thu, Mar 3, 2016 at 10:58 AM, Damian Johnson atagar@torproject.org wrote:
Thanks Aaron. I assume you, Donncha, and Yawnbox would all be mentors?
Personally I'm not fully groking the idea though on first read I'm unsure why this would take three months (or be enough for a full GSoC project). This sounds similar to DocTor checks with some sort of Routeviews and BGPStream integration.
Cheers! -Damian
On Thu, Mar 3, 2016 at 5:47 AM, Aaron Gibson aagbsn@extc.org wrote:
On 2016-02-29 21:18, Donncha O'Cearbhaill wrote:
Damian Johnson:
Hi all, pulled the trigger on this...
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa529...
Folks are coming out of the woodwork to mentor so we still have ten projects (yay!), but not much concerning core tor. if you'd care to mentor one of these then more than happy to add it back to our page.
Great work on getting the GSoC program together, and getting selected!
I'd be happy to be the second mentor for any Python-based project, particular if it's related to hidden services or network monitoring.
Regards, Donncha
A project I discussed last night with Donncha and Yawnbox is
Title:
IP hijacking detection for the Tor Network.
Description:
IP hijacking (https://en.wikipedia.org/wiki/IP_hijacking) occurs when a bad actor creates false routing information to redirect Internet traffic to or through themselves. This activity is straightforward to detect, because the Internet routing tables are public information, but currently there are no public services that monitor the Tor network. The Tor Network is a dynamic set of relays, so monitoring must be Tor-aware in order to keep the set of monitored relays accurate. Additionally, consensus archives and historical Internet routing table snapshots are publicly available, and this analysis can be performed retroactively.
The implications of IP hijacking are that Tor traffic can be redirected through a network that an attacker controls, even if the attacker does not normally have this capability - i.e. they are not in the network path. For example, an adversary could hijack the prefix of a Tor Guard relay, in order to learn who its clients are, or hijack a Tor Exit relay to tamper with requests or name resolution.
This project comprises building a service that compares network prefixes of relays in the consensus with present and historic routing table snapshots from looking glass services such as Routeviews (http://routeviews.org), or aggregators such as Caida BGPStream (https://bgpstream.caida.org) and then issues email alerts to the contact-info in the relay descriptor and a mailing list. Network operators are responsive to route injections, and these alerts can be used to notify network operators to take immediate action, as well as collect information about the occurrence of these type of attacks.
Estimated time to build this service: 3 months
--Aaron
tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
This sounds like an interesting project. I'd lend a helping code writing hand if needed.
Yeah in general any sort of network tooling/forensics projects, stats gathering and hidden service related projects I'd be interested in helping out.
cheers! David
On Thu, Mar 03, 2016 at 01:47:28PM +0000, Aaron Gibson wrote:
On 2016-02-29 21:18, Donncha O'Cearbhaill wrote:
Damian Johnson:
Hi all, pulled the trigger on this...
https://gitweb.torproject.org/project/web/webwml.git/commit/?id=3ddd63efa529...
Folks are coming out of the woodwork to mentor so we still have ten projects (yay!), but not much concerning core tor. if you'd care to mentor one of these then more than happy to add it back to our page.
Great work on getting the GSoC program together, and getting selected!
I'd be happy to be the second mentor for any Python-based project, particular if it's related to hidden services or network monitoring.
Regards, Donncha
A project I discussed last night with Donncha and Yawnbox is
Title:
IP hijacking detection for the Tor Network.
Description:
IP hijacking (https://en.wikipedia.org/wiki/IP_hijacking) occurs when a bad actor creates false routing information to redirect Internet traffic to or through themselves. This activity is straightforward to detect, because the Internet routing tables are public information, but currently there are no public services that monitor the Tor network. The Tor Network is a dynamic set of relays, so monitoring must be Tor-aware in order to keep the set of monitored relays accurate. Additionally, consensus archives and historical Internet routing table snapshots are publicly available, and this analysis can be performed retroactively.
The implications of IP hijacking are that Tor traffic can be redirected through a network that an attacker controls, even if the attacker does not normally have this capability - i.e. they are not in the network path. For example, an adversary could hijack the prefix of a Tor Guard relay, in order to learn who its clients are, or hijack a Tor Exit relay to tamper with requests or name resolution.
This project comprises building a service that compares network prefixes of relays in the consensus with present and historic routing table snapshots from looking glass services such as Routeviews (http://routeviews.org), or aggregators such as Caida BGPStream (https://bgpstream.caida.org) and then issues email alerts to the contact-info in the relay descriptor and a mailing list. Network operators are responsive to route injections, and these alerts can be used to notify network operators to take immediate action, as well as collect information about the occurrence of these type of attacks.
Estimated time to build this service: 3 months
--Aaron _______________________________________________ tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
tor-project@lists.torproject.org
-
Aaron Gibson -
Damian Johnson -
David Goulet -
dawuud -
Donncha O'Cearbhaill -
Georg Koppen -
Kate -
Lunar -
meejah -
Rabbi Rob Thomas -
Tom Ritter -
Virgil Griffith