[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Set up a webproxy to TOR - tor-proxy.net
On Mon, Sep 24, 2007 at 12:42:31AM +0200, calypso@xxxxxxxxxxxx wrote 0.9K bytes in 40 lines about:
: I just wanted to let you know, that I have set up a Webproxy to the
: TOR-Network, for letting people get the advantages of TOR who are not
: able to install TOR for themselves.
Hi,
I have a few concerns about your proxy setup and service. First off,
you should disclaim that this site and service isn't an official
project of Tor. People may confuse your url with the real Tor and
think they are getting the same anonymity properties.
Second is a concern over the last bullet point at the bottom
of http://tor-proxy.net/impressum.html. It appears to say that you are
recording IP address and browser in a log file. Additionally, the log
file is purged when 48 hours old. Why log at all? Simply disable all
logging in relation to the proxy service on the server. The default
Tor log settings should be sufficient.
Third, can you publish the source code that runs the proxy site? It
appears you are using php and CGI:Proxy code to interface with Tor.
Feel free to choose a FSF-approved license, such as the GPL or
3-clause BSD, and publish the source for the site, along with any dependent
software and licenses as required by their license terms.
Fourth, in order to be more transparent, you should publish the
configuration of the proxy. A clear description, whether text or
graphical, will help increase the trustworthiness of the service.
Fifth, you probably want to publish the fingerprint of your
self-signed ssl cert, or look into getting a cert signed by a browser
accepted CA. This is weak, but possibly better than nothing.
Sixth and final, if you decide to put ads on the site or become a
commercial entity, please contact The Tor Project before doing so. We
cannot allow a commercial entity to confuse users about Tor. As an
open source project, the disclaimer in the first paragraph may be
enough to not confuse users.
Feel free to bring up any questions/concerns with my six requests.
Thanks.
--
Andrew