[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Access for the uncomputed

Some quick searches on sf.net and freshmeat.net turn up:

Links to servers running CECID:

On 6/21/05, Roger Dingledine <arma@xxxxxxx> wrote:
> [I'm forwarding this thread to the or-talk list, since this is probably
> the better place for it. -RD]
> On Sun, Jun 19, 2005 at 09:23:40AM -0400, Paul Syverson wrote:
> > We should have public entry points for people coming in
> > without tor clients:
> >
> > This will allow people using, e.g., Internet cafes to use Tor.  We can
> > encourage internet cafes to have Tor clients, but we can't expect this
> > to be ubiquitously or even widely adopted, and it won't cover all the
> > cases where it would be useful. I can argue the various ways that this
> > is a good thing (because I recognize it also introduces risk) but
> > leave that mostly for another time.
> >
> > These should be relatively easy to set up, no? Just allow external
> > connections to a local Tor client. Hell we did it with the very first
> > alpha prototype OR system ten years ago so it shouldn't be too much
> > trouble.
> Right, Tor servers (and heck, Tor clients) can do this by opening their
> socks port to the world. Then people can use their node as a socks
> proxy without needing any special software. But note that they'll be
> communicating unencrypted, and they'll also be at the mercy of the proxy
> they choose. But such is life when you don't run our software yourself.
> > Possibly this should be a decision that node operators should make.
> > There may be incentive/abuse issues to allowing an entry connection
> > from a non-Tor client. Although I cannot imagine what they would be
> > so maybe not necessary over the basic decision about being an entry
> > node.
> Well, if you open a socks proxy, then some proxy scanners will conclude
> that you are an open socks proxy ("since they can handshake with you,
> clearly your IP address allows arbitrary outgoing connections"), and
> put your IP address on blacklists. This will make it harder for you to
> connect to some IRC servers, and who knows what else those blacklists
> might be used for now or down the road.
> > These need to be publicized in such a way that users can find them.
> Right. There are lots of ways we could do this. We should keep in mind
> that all the reasonable ways will involve letting the blacklisters easily
> enumerate them too.
> > Here's where the clearer connection to GUI issues comes in: Entry
> > should at least have a standard web page to which one can connect via
> > TLS.
> Ah, so this would mean not just letting people connect via socks, but
> also running a web proxy that points to a Tor. This is easy enough --
> just run Privoxy and open up *its* port to the outside world. But that
> won't get you encryption either.
> >  Ultimately it would be nice to have something such that someone
> > walking up to a kiosk carrying nothing or little (is a card with a PGP
> > fingerprint too much?, visual crypto things to match on the screen
> > ,etc.) can confirm that they are getting a good list of entry points,
> > but maybe that comes later. At least they should start with the usual
> > lock-in-the-corner and something to show them they are (apparently) on
> > the Tor network. Of course this system could also be used by people
> > who are carrying good mechanisms to authenticate (some) entry nodes,
> > but are not carrying a tor-client enabled/internet connected device.
> So you want some sort of interface like anonymizer's, where there's a
> web site you can SSL to and it will let you type in a URL that it will
> load for you?
> Anybody want to work on one of these? :)
> Or better, tell us how to make a smoother and more transparent interface
> for this? Perhaps http://relay.com/tor.eff.org/ ?
> Bonus if it supports .onion and .exit addresses.
> --Roger