[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Set up a webproxy to TOR - tor-proxy.net

On Mon, Sep 24, 2007 at 12:42:31AM +0200, calypso@xxxxxxxxxxxx wrote 0.9K bytes in 40 lines about:
: I just wanted to let you know, that I have set up a Webproxy to the
: TOR-Network, for letting people get the advantages of TOR who are not
: able to install TOR for themselves.


  I have a few concerns about your proxy setup and service.  First off,
  you should disclaim that this site and service isn't an official
  project of Tor.  People may confuse your url with the real Tor and
  think they are getting the same anonymity properties.

  Second is a concern over the last bullet point at the bottom 
  of http://tor-proxy.net/impressum.html.  It appears to say that you are 
  recording IP address and browser in a log file.  Additionally, the log
  file is purged when 48 hours old.  Why log at all?  Simply disable all 
  logging in relation to the proxy service on the server.  The default
  Tor log settings should be sufficient.

  Third, can you publish the source code that runs the proxy site?  It
  appears you are using php and CGI:Proxy code to interface with Tor.
  Feel free to choose a FSF-approved license, such as the GPL or
  3-clause BSD, and publish the source for the site, along with any dependent
  software and licenses as required by their license terms.

  Fourth, in order to be more transparent, you should publish the
  configuration of the proxy.  A clear description, whether text or
  graphical, will help increase the trustworthiness of the service.

  Fifth, you probably want to publish the fingerprint of your
  self-signed ssl cert, or look into getting a cert signed by a browser
  accepted CA.  This is weak, but possibly better than nothing.

  Sixth and final, if you decide to put ads on the site or become a
  commercial entity, please contact The Tor Project before doing so.  We
  cannot allow a commercial entity to confuse users about Tor.  As an
  open source project, the disclaimer in the first paragraph may be
  enough to not confuse users.  

  Feel free to bring up any questions/concerns with my six requests.