[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] r25503: {website} Adding tails' new gsoc projects Couple projects sent by intr (website/trunk/getinvolved/en)
Author: atagar
Date: 2012-03-05 16:06:24 +0000 (Mon, 05 Mar 2012)
New Revision: 25503
Modified:
website/trunk/getinvolved/en/volunteer.wml
Log:
Adding tails' new gsoc projects
Couple projects sent by intrigeri...
* Petname system for Tor hidden services (ague)
* Tails server: Self-hosted services behind Tails-powered Tor hidden services
(intrigeri, anonym)
Modified: website/trunk/getinvolved/en/volunteer.wml
===================================================================
--- website/trunk/getinvolved/en/volunteer.wml 2012-03-05 15:41:00 UTC (rev 25502)
+++ website/trunk/getinvolved/en/volunteer.wml 2012-03-05 16:06:24 UTC (rev 25503)
@@ -347,17 +347,13 @@
and still under very active development.
</p>
- <!--
<p>
<b>Project Ideas:</b><br />
- <i><a href="#tailsStartMenu">Custom GDM3 startup menu, aka.
- tails-greeter</a></i><br />
- <i><a href="#tailsMetadataAnonymizing">Meta-data anonymizing toolkit for
- file publication</a></i><br />
- <i><a href="#tailsDebianLive">Improve Debian Live support for
- persistence</a></i>
+ <i><a href="#tailsHiddenServicePetnames">Petname system for Tor hidden
+ services</a></i><br />
+ <i><a href="#tailsServer">Tails server: Self-hosted services behind
+ Tails-powered Tor hidden services</a></i>
</p>
- -->
<a id="project-torsocks"></a>
<h3><a href="http://code.google.com/p/torsocks/">Torsocks</a> (<a
@@ -862,6 +858,49 @@
robustness.</p>
</li>
+ <a id="tailsHiddenServicePetnames"></a>
+ <li>
+ <b>Petname system for Tor hidden services</b>
+ <br>
+ Priority: <i>Medium</i>
+ <br>
+ Effort Level: <i>High</i>
+ <br>
+ Skill Level: <i>High</i>
+ <br>
+ Likely Mentors: <i>ague</i>
+ <p>Tor provides hidden services. These services are only reachable through
+ Tor itself, and provide greater anonymity both for the providers of the
+ service and for its users.</p>
+ <p>One current downside of Tor hidden services is that they are addressed
+ using 80-bit base32-encoded addresses such as "v2cbb2l4lsnpio4q.onion".
+ These addresses are hard to remember; this makes them hard to use
+ within amnesic environment like Tails.</p>
+ <p>The project is to implement a petname system for Tor hidden services:
+ a way for users or providers of Tor hidden services to add a simple
+ 'nickname' to a central database. Users could then query this central
+ database to retrieve a full hidden service address by giving
+ a nickname.</p>
+ <p>Adding petnames to the database could be done using a web interface or
+ automated fetch like those described in the <a
+ href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/ideas/xxx-onion-nyms.txt">".onion
+ nym system" proposal</a>.</p>
+ <p>Querying the database could be done using a web interface, a REST API and
+ a DNS interface.</p>
+ <p>In order not to grow indefinitely, the software should make regular tests to
+ see if hidden services are still reachable and, depending on the last time
+ a nickname was accessed, cleanup the database as necessary.</p>
+ <p>The software should allow a distributed, fault-tolerant setup.
+ All nodes should have a synchronized copy of the database, should be
+ ready to answer queries and should coordinate the tests for hidden
+ service availability.</p>
+ <p>The resulting codebase must be easy to deploy: it should not be hard to
+ setup new databases.</p>
+ <p>It is expected that the volunteer will be using Behaviour Driven
+ Development methods. Either in Ruby using Cucumber and RSpec, or in
+ Python using similar tools.</p>
+ </li>
+
<a id="stemPathsupport"></a>
<li>
<b>Stem PathSupport Capabilities</b>
@@ -919,6 +958,93 @@
be TorBEL.</p></li>
</ol>
+ <a id="tailsServer"></a>
+ <li>
+ <b>Tails server: Self-hosted services behind Tails-powered Tor hidden services</b>
+ <br>
+ Priority: <i>Medium</i>
+ <br>
+ Effort Level: <i>High</i>
+ <br>
+ Skill Level: <i>Medium, but wide-scoped</i>
+ <br>
+ Likely Mentors: <i>intrigeri, anonym</i>
+ <p>Let's talk about group collaboration, communication and data sharing
+ infrastructure, such as chat servers, wikis, or file repositories.</p>
+ <p>Hosting such data and infrastructure <b>in the cloud</b> generally
+ implies to trust the service providers not to disclose content, usage or
+ users location information to third-parties. Hence, there are many threat
+ models in which cloud hosting is not suitable.</p>
+ <p>Tor partly answers the <b>users location</b> part; this is great, but
+ <b>content</b> is left unprotected.</p>
+ <p>There are two main ways to protect such content: either to encrypt it
+ client-side (<b>security by design</b>), or to avoid putting it into
+ untrusted hands in the first place.</p>
+ <p>Cloud solutions that offer security by design are rare and generally
+ not mature yet. The <b>Tails server</b> project is about exploring the
+ other side of the alternative: avoiding to put private data into
+ untrusted hands in the first place.</p>
+ <p>This is made possible thanks to Tor hidden services, that allow users
+ to offer location-hidden services, and make self-hosting possible in
+ many threat models. Self-hosting has its own lot of problems, however,
+ particularly in contexts where the physical security of the hosting
+ place is not assured. Combining Tor hidden services with Tails'
+ amnesia property and limited support for persistent encrypted data
+ allows to protect content, to a great degree, even in such contexts.</p>
+ <p>In short, setting up a new Tails server would be done by:</p>
+
+ <ol style="list-style-type: decimal">
+ <li>Alice plugs a USB stick into a running desktop Tails system.</li>
+ <li>Alice uses a GUI to easily configure the needed services.</li>
+ <li>Alice unplugs the USB stick, that now contains encrypted services
+ configuration and data storage space.</li>
+ <li>Alice plugs that USB stick (and possibly a Tails Live CD) into the
+ old laptop that was dedicated to run Tails server.</li>
+ <li>Once booted, Alice enters the encryption passphrase either
+ directly using the keyboard or through a web interface listening on the
+ local network.</li>
+ <li>Then, Bob can use the configured services once he gets a hold on
+ the hidden service address. (The <b>petname system for Tor hidden
+ services</b> project would be very complementary to this one, by the
+ way.)</li>
+ </ol>
+
+ <p>Tails server should content itself with hardware that is a bit old
+ (such as a PIII-450 laptop with 256MB of RAM) and/or half broken (e.g.
+ non-functional hard-disk, screen or keyboard).</p>
+ <p>The challenges behind this project are:</p>
+
+ <ul>
+ <li>Design and write the services configuration GUI [keywords: edit
+ configuration files, upgrade between major Debian versions,
+ debconf].</li>
+ <li>How to create the hidden service key? [keywords: Vidalia, control
+ protocol].</li>
+ <li>Adapt the Tails boot process to allow switching to "server
+ mode" when appropriate.</li>
+ <li>Add support, to the Tails persistence setup process, for asking an
+ encryption passphrase without X, and possibly with a broken keyboard
+ and/or screen [keywords: local network, SSL/TLS?, certificate?].</li>
+ </ul>
+
+ <p>This project can easily grow quite large, so the first task would
+ probably be to clarify what it would need to get an initial (minimal
+ but working) implementation ready to be shipped to users.</p>
+ <p>This project does not require to be an expert in one specific field,
+ but it requires to be experienced and at ease with a large scope of
+ software development tools, processes, and operating system knowledge.</p>
+ <p>Undertaking this project requires in-depth knowledge of Debian-like
+ systems (self-test: do the "dpkg conffile" and "debconf preseeding"
+ words sound new to your ear?); the Debian Live persistence system
+ being written in shell, being at ease with robust shell scripting is
+ a must; to end with, at least two pieces of software need to be
+ written from scratch (a GUI and a webapp): the preferred languages for
+ these tasks would be Python and Perl. Using Behaviour Driven
+ Development methods to convey expectations and acceptance criteria
+ would be most welcome.</p>
+ <p>For more information see https://tails.boum.org/todo/server_edition/</p>
+ </li>
+
<a id="geoIPUpgrade"></a>
<li>
<b>Improve our GeoIP file format</b>
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits