[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Interested in GSoC - Hidden Service Naming or Hidden Service Searching



Jeremy Rand <biolizard89@xxxxxxxxx> writes:

> Hi Tor developers,
>
> I'm interested in participating in GSoC.  I'm an undergrad majoring in
> computer science at University of Oklahoma, and I've been a major Tor
> enthusiast for years.
>
> There are two possible projects which I'm considering; I'm looking for
> some feedback on which you think would be better for me to apply for.
>
> One project is allowing hidden services to have human-readable names.
> I think Namecoin would be an excellent backend for this.  I coded a
> proof-of-concept of using Namecoin to point human-readable .bit
> domains to .onion domains; that code is available at
> https://github.com/JeremyRand/Convergence .  For example, using this,
> you can visit http://federalistpapers.bit/ to get to the Federalist
> Papers hidden service.  The proof of concept only works on Firefox
> right now (not TorBrowser); I would definitely be interested in
> porting it to TorBrowser, improving its privacy, and making it work
> for applications other than web browsing.  Namecoin also has the
> useful feature of allowing HTTPS fingerprints to be embedded in the
> blockchain, which eliminates the need to trust certificate authorities
> for clearnet HTTPS websites (I understand that malicious exit nodes
> messing with TLS is currently a significantly voiced concern for Tor).
> I have a strong understanding of how Namecoin's DNS works and have
> developed some projects using Namecoin (including a dynamic DNS
> client), so I think I'm a good fit for such a project if there's
> interest in the Tor community.  I talked with Jacob Appelbaum about
> using Namecoin recently; he was concerned about a 51% attack.  I think
> that could be mostly resolved via a checkpointing system; while doing
> so adds a small degree of centralization, Tor is already slightly
> centralized, and it's still less centralized than other alternative
> naming systems that have been proposed (e.g. having Tor Project
> maintain a list of names themselves).  While I'm not particularly
> familiar (yet) with how checkpointing is done within Namecoin's block
> validation system, I do know how to at least verify whether the
> currently loaded blockchain matches a given checkpoint (which would at
> least alert users that an attack had taken place).
>

I'd like to see human-readable names in HSes, but I'm not very
familiar with Namecoin. I don't want to discourage you from working on
this, but I'm not sure if I would be a good mentor for this.

BTW, I remember watching a presentation about namecoin, and it seemed
like there are still a few serious unresolved problems (domain
squatting is easy, no revocation, lightweight clients are
impossible). Also, namecoin are not anonymous, but people who get HS
domain names care about anonymity.

> The other project is making a search engine for hidden services
> (listed as Project Idea F on the Tor website).  I think YaCy could be
> used to accomplish this in a decentralized and censorship-free way.  I
> would suggest making a separate YaCy network for hidden services,
> using a regexp whitelist to only index .onion URL's (YaCy has such a
> network but I think it's currently inactive).  YaCy doesn't have
> whitelist support built in, but I think the blacklist feature should
> be usable for simulating such a feature with some effort.  YaCy's SOLR
> schema supports searching based on outgoing link URL's, so I think I
> could make a standard YaCy client search for all clearnet sites which
> link to a .onion/.onion.to/.tor2web.org URL, and feed those URL's to a
> Tor YaCy client for indexing.  I've been a YaCy enthusiast for a
> couple years, and I'm actually using YaCy in a grad-level CS project
> this semester (the course is on Artificial Neural Networks and
> Evolution), so while I haven't touched the YaCy source code, I think
> I'm a good match for this project.
>

Yes, you seem like a good match for this project.

Familiriaty with YaCy will be very useful indeed.

On the crawler side, may I suggest you to also look into archive.org's
Heritrix crawler?  Someone told me that it's what the cool kids use
these days for crawling the web but I haven't used it myself.

I think you would be a good candidate for this project. However, be
warned that it's likely that more good candidates will apply for this
project so it might be a tough competition.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev