[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Implement JSONP interface for check.torproject.org



On 11/08/2011 12:29 AM, warms0x wrote:
>> On 11/05/2011 06:26 PM, Arturo Filastà wrote:
>>> I have made a patch to check.torproject.org to expose a JSONP interface
>>> that would allow people to have the user check client side if (s)he is
>>> using Tor.
>>>
>>> This would allow people to embed a badge on their website
>>> (privacybadge.html) that congratulates the user of using Tor or warns
>>> him of non Tor usage with a link to torproject.org.
>>>
>>> I can imagine privacy advocates having this deployed on their websites
>>> or systems that engourage users to connect to them anonymously.
>>>
>>> Compared to what check.torproject.org does at the moment the risk does
>>> not change, it is erogating exactly the same service, just making it
>>> more useful and flexible.
>>>
>>> Basically what it does is check if the ip doing the connection is
>>> connected through Tor. The web service will reply with a JSON encoded
>>> array that can be loaded from the user and display in the browser a nice
>>> looking badge.
>>>
>>
>> I think this is a fine idea - it reminds me of the only IPv6 demo turtle.
>>
>> I think it's quite ironic to use these technologies to encourage people
>> to deploy real privacy solutions.
> 
> 
> I also like the idea, but I immediately thought of nefarious uses for such
> an API. No more nefarious than what one can do with a proper list of exit
> nodes I suppose.

It is a real time version of this - powered by... a Tor client. :)

> 
> Is there any general difference between having a queryable API to
> determine if a client is using Tor and the periodic fetching of the list
> of exit nodes?
> 

No, not for a user who is using Tor - the exiting from the network is
generally considered "Tor" and we've supported this to help quash crappy
attempts:
https://check.torproject.org/cgi-bin/TorBulkExitList.py

(note the svn link, it's actually code anyone may run)

In other words, we'd like everyone to enter the Tor network - we won't
help block _entry_ into Tor. But generally, it's OK if some people block
Tor exits as the anonymous user can just go somewhere else...

> Apologies if this isn't a particularly -dev-like question, I'm still fresh
> on a lot of the Tor internals and I'm still not sure what data is public
> versus protected

It's not private information.

The biggest problem with this proposal is simply that many people may
use it and it will generate a lot of load.

All the best,
Jacob
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev