[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Set up a webproxy to TOR - tor-proxy.net
On Sun, Sep 23, 2007 at 10:20:39PM -0400, phobos@xxxxxxxxxx wrote 2.1K bytes in 44 lines about:
Just a follow up to my own email now that you've obviously been working
on the site.
: I have a few concerns about your proxy setup and service. First off,
: you should disclaim that this site and service isn't an official
: project of Tor. People may confuse your url with the real Tor and
: think they are getting the same anonymity properties.
Thank you for adding the disclaimer sentence and FAQ page Q&A.
: Second is a concern over the last bullet point at the bottom
: of http://tor-proxy.net/impressum.html. It appears to say that you are
: recording IP address and browser in a log file. Additionally, the log
: file is purged when 48 hours old. Why log at all? Simply disable all
: logging in relation to the proxy service on the server. The default
: Tor log settings should be sufficient.
I notice you completely removed this section of the faq. have you also
: Third, can you publish the source code that runs the proxy site? It
: appears you are using php and CGI:Proxy code to interface with Tor.
: Feel free to choose a FSF-approved license, such as the GPL or
: 3-clause BSD, and publish the source for the site, along with any dependent
: software and licenses as required by their license terms.
Any progress or thoughts on releasing the source?
: Fourth, in order to be more transparent, you should publish the
: configuration of the proxy. A clear description, whether text or
: graphical, will help increase the trustworthiness of the service.
Any progress or thoughts on detailing the configuration on the site?
: Fifth, you probably want to publish the fingerprint of your
: self-signed ssl cert, or look into getting a cert signed by a browser
: accepted CA. This is weak, but possibly better than nothing.
I see the FAQ explains why users may be prompted, great.
Also, I like the new look.