[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] GSOC- Revamp GetTor



Hi everyone,

My name is Kiran Mathew Koshy and I'm a student of IIT Patna, India. I''m interested in participating in Google Summer of Code 2014 under Tor project. GetTor is a service that I had tried a couple of months ago when tor was blocked by our sysadmin, and I believe revamping getTor will have huge impact on avoiding censorship.

TL;DR version:
  1. A system by which a user has multiple routes of obtaining the tor browser- dropbox , mega, google drive, and a couple of other file sharing sites
  2. If the user provides their pgp key, an encrypted reply can be sent
  3. If the user requests so, the file sent should be password-protected , plus some random data(in a single file) should be added along with the tor browser in order to have variable file sizes. 
  4. Some file sharing sites(most) allow you to transfer a file between accounts. This is a bit unnecessary, but can be implemented if there is time left.
  5. NLP: A very simple natural language processor to process the email and to scavenge for the requested configuration- language, os, file sharing site, etc. Example mail: "please send me a tor browser bundle ( English) that works on Windows. Could you send it through Mega ?"  .
  6. An email proxy- To counter the small chance that the mail server doesn't allow emails to gettor@gettor.torproject.org.
    Chances of this are low in my opinion, since gmail/ any other mail service is
    usually available. 

Details and explanation:

  1. In most cases, a sysadmin or an ISP can block known bridges, torproject sites, and tor nodes. In this case, the only way to ensure that a user can access the tor browser software is by allowing multiple sources to download it from.
    The practice of blocking File sharing sites is also common, so sites like dropbox, google drive, box, etc are also important. The code will be written in a modular format such that addinga  new file sharing site would be equal to adding a couple of urls of their REST API, or at most, writing a new  module consisting of 10-15 lines of code. I have worked with the APIs of file sharing sites before, and most are quite similar.

  2.  If PGP keys are sent, an encrypted reply follows. No brainer.

  3. Bundling the software with a file of random size into a password protected tar would prevent  snooping based on size of the https request. A little bit far fetched, yes, but good if you are up against your government.
    This would prove to be cpu intensive and network intensive, since the server will have to encrypt the file and upload it to a file sharing site every time someone requests it. Therefore, this will be limited to one or two instances at any given time.  It is also possible to upload multiple instances of  encrypted tor browser software, and store the keys in the server.

  4.  Self Explanatory

  5. An NLP would be very simple to implement in this case, in order to fish out the keywords and choose the correct configuration. 
    Example mail: "please send me a tor browser bundle ( English) that works on Windows. Could you send it through Mega ?"  .  The keywords in this case would be: 1. tor browser bundle. 2. English. 3.Windows 4.Mega. A list of such keywords will be stored on the server.

    I believe  an NLP would be better than the current arrangement.

  6. Self Explanatory.
Since the current getTor doesn't come close to this, I believe it is best to rewrite it, reusing select parts. I havce a good experience in C++ and Python. I completed Google Summer of Code 2013 under Wikimedia Foundation, so this is my second year for GSOC.


Since I'm a bit late to apply, I will be submitting this as a proposal right away. Please comment on any changes you would like to incorporate in this.


--
Kiran Mathew Koshy
Electrical Engineering,
IIT Patna,
Patna,
India
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev