[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor implementation in JavaScript / FirefoxOS

Thanks, indeed if it's about fetching and REST requests, node-Tor fits perfectly, cryptocat, globalleaks, hidden services/tor2web (no browsing??),

The fact is that I am convinced that the right approach is a serverless one and the app inside the browser so you don't have to install anything and it's working on any platform.

This does not prevent to have some "facilitators" doing the same as background processes on node, ff os, etc

If you have some time take a look at https://github.com/Ayms/node-Tor#anonymous-serverless-p2p-inside-browsers---peersm-specs , complete serverless anonymous P2P using the Tor protocol (so a distributed Tor network inside peers), unstoppable, technically we are not far from it.

It's now easy to build whatever you like on top of node-Tor, there is only one difficulty: browsing, how to direct the requests to the Tor circuits that the app has established?

It's a bit of a paradox, the most complicate works but this "simple" thing does not exist (OK, it's not so simple but this would just be like proxying to the Tor circuits in a sandboxed container, like iframe but we don't like iframes, that's why I am sketching something based on createObjectURL) , maybe members of browsers vendors on the list here have some ideas...



Le 20/03/2014 13:54, Nathan Freitas a écrit :
On 03/20/2014 08:33 AM, Aymeric Vitte wrote:
As Andreas wrote, there is the node-Tor [1] project, it's implementing
the OP and OR inside browsers, as well as on any js platform like node.
It's fully working, it does implement some other protocols on top of the
Tor protocol used for example for Peersm project [2], it is used too for
the Peersm clients and Websocket bridges [3], it can of course connect
to the Tor Websocket bridges (flash proxy), it implements whatever
necessary Tor, SSL/TLS, ws, socks, etc in js, ORDB1 to 3 are live in the
Tor network.
Impressive work!

The target of Peersm is to have the peers (ie browsers) implement the
Tor nodes using WebRTC.

So the Onion proxy is inside the browser, then the question is: how can
I browse things with the OR inside the browser? You can easily fetch
things connecting to a Tor or Peersm bridge via Websosckets but how to
If today, I wanted to build an HTML5/JS/REST app, say something like
Globaleaks or Crypto.cat, that had note-Tor built into it, that should
work fairly easily then? Both of these apps make single JSON-type HTTP
connections to a single server, so the need for general purpose
web-browsing is not necessary.

The idea is of course to get rid of the traditional SOCKS proxy, whose
configuration can be a bit painfull for some and depends on the
platform, this was the concept of [4], but definitely too much
complicate and not very user friendly for something that is implemented
inside browsers, then supposedly easy to use.
Yes, agreed, and on mobile devices the option for proxying seems to be
never there by default, at least as part of the browser app.

So the question remains, you should have a means to say "I am loading
http://www.example.com, direct all the requests that this page is
loading as you would do it using SOCKS to one of the x circuits I have
established with the Tor network"

This might look quite strange, but maybe something like
createObjectURL('example.com html code', reference to the transport
supporting my Tor circuits (ws, webrtc))
The issue will be (and I am sure there are many more) that when your
Gecko/WebView container loads up the page you request, all subsequent
requests for content for embedded images, js, etc will also need to be
routed over this new API, and all standard HTTP connections blocked.

It is pretty exciting to see that Tor now has viable implementations in
C, Java and Javascript.


Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to