[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Implement JSONP interface for check.torproject.org

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Implement JSONP interface for check.torproject.org
From: "warms0x" <warms0x@xxxxxxxxxx>
Date: Tue, 8 Nov 2011 08:29:03 -0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 Nov 2011 03:37:06 -0500
Importance: Normal
In-reply-to: <4EB6DBAE.8090607@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <4EB5E251.1020909@xxxxxxxxxx> <4EB6DBAE.8090607@xxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: SquirrelMail/1.4.21

> On 11/05/2011 06:26 PM, Arturo FilastÃ wrote:
>> I have made a patch to check.torproject.org to expose a JSONP interface
>> that would allow people to have the user check client side if (s)he is
>> using Tor.
>>
>> This would allow people to embed a badge on their website
>> (privacybadge.html) that congratulates the user of using Tor or warns
>> him of non Tor usage with a link to torproject.org.
>>
>> I can imagine privacy advocates having this deployed on their websites
>> or systems that engourage users to connect to them anonymously.
>>
>> Compared to what check.torproject.org does at the moment the risk does
>> not change, it is erogating exactly the same service, just making it
>> more useful and flexible.
>>
>> Basically what it does is check if the ip doing the connection is
>> connected through Tor. The web service will reply with a JSON encoded
>> array that can be loaded from the user and display in the browser a nice
>> looking badge.
>>
>
> I think this is a fine idea - it reminds me of the only IPv6 demo turtle.
>
> I think it's quite ironic to use these technologies to encourage people
> to deploy real privacy solutions.


I also like the idea, but I immediately thought of nefarious uses for such
an API. No more nefarious than what one can do with a proper list of exit
nodes I suppose.

Is there any general difference between having a queryable API to
determine if a client is using Tor and the periodic fetching of the list
of exit nodes?

Apologies if this isn't a particularly -dev-like question, I'm still fresh
on a lot of the Tor internals and I'm still not sure what data is public
versus protected.


Cheers.


_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Implement JSONP interface for check.torproject.org
  - From: Jacob Appelbaum

References:
- [tor-dev] Implement JSONP interface for check.torproject.org
  - From: Arturo Filastò
- Re: [tor-dev] Implement JSONP interface for check.torproject.org
  - From: Jacob Appelbaum

Prev by Author: Re: [tor-dev] SHA-3 isn't looking so hot to me (was: Draft sketch document with ideas for future crypto ops)
Next by Author: Re: [tor-dev] Implement JSONP interface for check.torproject.org
Previous by thread: Re: [tor-dev] Implement JSONP interface for check.torproject.org
Next by thread: Re: [tor-dev] Implement JSONP interface for check.torproject.org
Index(es):
- Author
- Thread