[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Set up a webproxy to TOR - tor-proxy.net

On Sun, Sep 23, 2007 at 10:20:39PM -0400, phobos@xxxxxxxxxx wrote 2.1K bytes in 44 lines about:

Just a follow up to my own email now that you've obviously been working
on the site.

:   I have a few concerns about your proxy setup and service.  First off,
:   you should disclaim that this site and service isn't an official
:   project of Tor.  People may confuse your url with the real Tor and
:   think they are getting the same anonymity properties.

Thank you for adding the disclaimer sentence and FAQ page Q&A.

:   Second is a concern over the last bullet point at the bottom 
:   of http://tor-proxy.net/impressum.html.  It appears to say that you are 
:   recording IP address and browser in a log file.  Additionally, the log
:   file is purged when 48 hours old.  Why log at all?  Simply disable all 
:   logging in relation to the proxy service on the server.  The default
:   Tor log settings should be sufficient.

I notice you completely removed this section of the faq.  have you also
stopped logging?

:   Third, can you publish the source code that runs the proxy site?  It
:   appears you are using php and CGI:Proxy code to interface with Tor.
:   Feel free to choose a FSF-approved license, such as the GPL or
:   3-clause BSD, and publish the source for the site, along with any dependent
:   software and licenses as required by their license terms.

Any progress or thoughts on releasing the source?

:   Fourth, in order to be more transparent, you should publish the
:   configuration of the proxy.  A clear description, whether text or
:   graphical, will help increase the trustworthiness of the service.

Any progress or thoughts on detailing the configuration on the site?

:   Fifth, you probably want to publish the fingerprint of your
:   self-signed ssl cert, or look into getting a cert signed by a browser
:   accepted CA.  This is weak, but possibly better than nothing.

I see the FAQ explains why users may be prompted, great.

Also, I like the new look.