Re: [tor-talk] Flashproxy questions. (Badge config, user interaction)

[David Fifield <david@xxxxxxxxxxxxxxx>]

On Fri, Oct 05, 2012 at 07:28:35PM +0200, Sebastian G. <bastik.tor> wrote:
> Some questions about Flashproxy regarding the configuration by the one
> that places the badge and what happens to the Proxy in various use cases.
> 
> According to the paper:
> "... the badge is highly configurable for different scenarios:
> * Opt-in vs. opt-out: [...] The Flash object will only be served to
> users who check the box. [...] Moreover, the badge itself can be
> configured to only begin proxying after the visitor clicks on the badge.
> * Geographic limitations: The badge can be configured to only serve
> clients in certain geographies."

I think this section should have been written differently; it is
misleading because it wasn't kept up to date with development. (You can
tell by how it refers to a "Flash object," when by the time it was
published we had moved completely to JavaScript.) The proxy badge
doesn't have code to do these things, apart from the mobile device
detection. About geographic limitations, I think it was an idea that
didn't get implemented. Opt-in vs. opt-out should be a default supported
option, though.

> (I consider opt-out a bad idea, because it happens without being
> expected, plus it is not recommended for TBB users so you never know if
> one visit a website containing such a badge.)

I think we should add a default opt-in option, even if it is just a
parameter to the embed.html that participating sites can activate on an
individual basis. The fact of default opt-out is the thing that bothers
me personally the most about the system, and other thoughtful people
have told me the same thing. If there are enough participants, then
perhaps we can just make it opt-in across the board.

> How can it be achieved that the badge is only active after it has been
> clicked?

What this means is that the JavaScript would run, but not actually do
anything until clicked.

> How can it be restricted to some geographies? (I'm just curious, don't
> think it's something one would want)

Either the proxy or the facilitator could use a geoip database, I think
is what we were thinking. I agree that this feature is not necessary and
I don't think it's a good fit for the deployment that exists now.

> Now I'm curios what happens if...? Most can be attributed to the lack of
> knowledge of WebSockets.
> 
> What happens if I visit two websites that have the badge on them? (I'm
> trying to be a proxy twice?, It breaks something?)

It's going to create two independent proxies. It doesn't break anything,
but each one will have its own bandwidth and connection limits. The
facilitator, though, could refuse to give too many clients to one proxy
IP address. (The deployed facilitator doesn't do this but a branch under
development will; see ticket
https://trac.torproject.org/projects/tor/ticket/5426.)

> Does it affect the proxy state when I open a website with the badge on
> it, open a link to the same website (but different page while every page
> has the badge on it) in a new tab (or window) and close the original tab
> (or window)?
> (Does it break connections? Fetches [polling] requests again?)

It breaks existing connections. However, it hardly matters, because the
system is designed to deal with proxies going offline all the time.

> What if I open multiple windows with multiple tabs? (or huge amount of
> tabs in one window)
> (Are too many connections to crypto.stanford.edu/flashproxy/embed bad?)

Each tab is only going to load the embed code once, which is a few
kilobytes of HTML and JavaScript, and even then your browser is going to
cache all of them but the first, so connections to crypto.stanford.edu
are not a problem. The bigger concern is load on the facilitator,
because it answers polling requests while each proxy is running. There
are some easy solutions if the facilitator load becomes too great, the
first of which is to increase the polling interval and the second is to
deploy more facilitators, so I'm not too worried about this.

> What happens if one opens multiple browsers (FF, TBB, FF Portable,
> Opera, Chrome, Safari, IE, or any other) and visits a website containing
> such a badge (or multiple websites with such a badge)?

Each one is an independent proxy, possibly subject to
facilitator-imposed restrictions. The proxy should disable itself when
running in TBB but does not, because I don't know how to detect that;
see ticket https://trac.torproject.org/projects/tor/ticket/6293.

Nice questions, please keep them coming.

David Fifield
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk