[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3750 [Website]: web tor proxy



#3750: web tor proxy
---------------------+------------------------------------------------------
 Reporter:  freevps  |          Owner:  freevps          
     Type:  project  |         Status:  needs_information
 Priority:  normal   |      Milestone:                   
Component:  Website  |        Version:                   
 Keywords:           |         Parent:                   
   Points:           |   Actualpoints:                   
---------------------+------------------------------------------------------

Comment(by hellais):

 You should definitely be looking at the tor2web project as it is currently
 the one that most people are working on and that I think will have most
 future.

 The source for tor2web by Aaron Swartz can be found at:
 https://github.com/aaronsw/tor2web.

 Currently I have been working on something that shares the same concept
 but adopts a completely different technical approach and the source for
 that may be found at: https://github.com/globaleaks/tor2web-2.0. It is
 based on glype-proxy and is written in PHP.

 The reason why we started developing this is that keeping a tor2web up and
 running is not an easy task. By running a tor2web node it appears that you
 are serving the content directly, and nothing leads the client to believe
 that this is not the case. For this reason we decided that it is necessary
 to:

 1) Have a clear disclaimer briefly explaining hidden services and that the
 site is basically just a web proxy.
 2) Allow node maintainers to create a blocklist easily.

 Currently there is only one tor2web node still alive, and we hope that
 with this new version of tor2web more people will start setting one up.
 Also we are discussing the possibility of expanding the idea and make
 tor2web meet these two requirements:

 * Distribute responsibility across multiple actors
 * Minimize the probability of takedown of a tor2web node

 And withstand these two kinds of "attacks":

 1) A spammer sends a message containing a tor2web link. When the link is
 clicked, the user is presented with the malicious page. This web page is
 hosted as a hidden service, so the cost of setting up a new website is
 very low (blocklisting is not feasable).
 The ISP receives a notification that the link is associated with illegal
 content, he visits the page and verifies immediately that the content is
 there and that it is under his address space. The node gets shut down.

 2) Somebody is hosting illegal content on a hidden service. He is able
 to spread this link and the content is served immediately. This means
 that authorities are able to verify immediately that the content is in
 fact there and may not be able to immediately understand that it is
 served from the Tor network.

 For more information on the "new" tor2web visit:
 http://wiki.tor2web.org/index.php/Main_Page.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3750#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs