[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Set up a webproxy to TOR - tor-proxy.net

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Set up a webproxy to TOR - tor-proxy.net
From: phobos@xxxxxxxxxx
Date: Tue, 9 Oct 2007 22:13:32 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 09 Oct 2007 22:13:40 -0400
In-reply-to: <20070924022039.GA3304@xxxxxxxxxxxxxxxxxxxxxxxx>
Mail-followup-to: or-talk@xxxxxxxxxxxxx
References: <1190587351.5827.13.camel@satyr> <20070924022039.GA3304@xxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.1i

On Sun, Sep 23, 2007 at 10:20:39PM -0400, phobos@xxxxxxxxxx wrote 2.1K bytes in 44 lines about:

Just a follow up to my own email now that you've obviously been working
on the site.

: I have a few concerns about your proxy setup and service. First off,
: you should disclaim that this site and service isn't an official
: project of Tor. People may confuse your url with the real Tor and
: think they are getting the same anonymity properties.

Thank you for adding the disclaimer sentence and FAQ page Q&A.

: Second is a concern over the last bullet point at the bottom
: of http://tor-proxy.net/impressum.html. It appears to say that you are
: recording IP address and browser in a log file. Additionally, the log
: file is purged when 48 hours old. Why log at all? Simply disable all
: logging in relation to the proxy service on the server. The default
: Tor log settings should be sufficient.

I notice you completely removed this section of the faq. have you also
stopped logging?

: Third, can you publish the source code that runs the proxy site? It
: appears you are using php and CGI:Proxy code to interface with Tor.
: Feel free to choose a FSF-approved license, such as the GPL or
: 3-clause BSD, and publish the source for the site, along with any dependent
: software and licenses as required by their license terms.

Any progress or thoughts on releasing the source?

: Fourth, in order to be more transparent, you should publish the
: configuration of the proxy. A clear description, whether text or
: graphical, will help increase the trustworthiness of the service.

Any progress or thoughts on detailing the configuration on the site?

: Fifth, you probably want to publish the fingerprint of your
: self-signed ssl cert, or look into getting a cert signed by a browser
: accepted CA. This is weak, but possibly better than nothing.

I see the FAQ explains why users may be prompted, great.

Also, I like the new look.

--
Andrew

Follow-Ups:
- Re: Set up a webproxy to TOR - tor-proxy.net
  - From: Kyle Williams

Prev by Author: Re: TOR binary packages
Next by Author: Re: Incognito Live CD using Polipo
Previous by thread: Re: TOR binary packages
Next by thread: Re: Set up a webproxy to TOR - tor-proxy.net
Index(es):
- Author
- Thread