[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto

To: undisclosed-recipients:;
Subject: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 02 Apr 2012 22:12:42 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 02 Apr 2012 18:12:54 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5553: prevent protocol leaks; Tor client connection API or protocol review howto
------------------------+---------------------------------------------------
 Reporter:  proper      |          Owner:     
     Type:  task        |         Status:  new
 Priority:  normal      |      Milestone:     
Component:  Tor Client  |        Version:     
 Keywords:              |         Parent:     
   Points:              |   Actualpoints:     
------------------------+---------------------------------------------------
 I am unhappy with the current
 [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO Torify
 instructions].

 The [https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea
 big bittorrent leak] may happen to any application, which has not been
 explicitly designed for Tor or reviewed by someone. That's why safe use of
 Tor is at the moment somewhat limited to the few applications designed
 over Tor (Tor Browser) or reviewed for use over Tor.

 Two ideas will follow how to solve this problem. One or another may work
 as solution. Feel free to propose other/better/easier/faster solutions.

 Proposal 1:
 Write a howto, how to review an application and protocol for leak free use
 over Tor. "The protocol/application has to be reviewed." - That is much to
 vague, even for the application's developer.

 For example, would the xchat developers answer "xchat over Tor: do not use
 dcc/ctcp... it leaks your IP/timezone..."?

 What we easily could do for many applications, would be asking the
 application's developers. But even them could be confused by the question.
 The paper should define, what a protocol leak is, how to look out for
 them, how to prevent them.

 This would hopefully enable the application developers to answer to the
 question regarding the protocol leak status. And if they don't want to
 review their own application, third party contributors could review the
 protocol.

 Proposal 2:
 Provide an alternate interface for applications. An alternative to socks.
 Either an API or libery for developers. i2p does also provide one and
 loads of applications are build on top of i2p. Why there are not so many
 applications designed for Tor? Because there is neither an API nor an
 libery.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5553>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5511 [Tor Bridge]: Make clearer in the doc NOT to include bridges in MyFamily
Next by Author: Re: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
Previous by thread: Re: [tor-bugs] #5498 [Tor bundles/installation]: Tor IM Bundle - use decentralized system (ex: cabels or TorChat)
Next by thread: Re: [tor-bugs] #5553 [Tor Client]: prevent protocol leaks; Tor client connection API or protocol review howto
Index(es):
- Author
- Thread