commit 85e16b459be0f85e4d22e2774714b84d8ada349e Author: Damian Johnson atagar@torproject.org Date: Sat Feb 21 11:44:02 2015 -0800

Exitmap Improvements project idea --- getinvolved/en/volunteer.wml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)

diff --git a/getinvolved/en/volunteer.wml b/getinvolved/en/volunteer.wml index 2b8362f..7755501 100644 --- a/getinvolved/en/volunteer.wml +++ b/getinvolved/en/volunteer.wml @@ -1484,6 +1484,42 @@ There are several possible directions for this project, including... </ol> </p> </li> + + <a id="exitmap_improvements"></a> + <li> + <b>Exitmap Improvements</b> + <br> + Effort Level: <i>Medium</i> + <br> + Skill Level: <i>Medium</i> + <br> + Likely Mentors: <i>Philipp (phw)</i> + <p> +The Tor Project makes use of the Python tool <a +href="https://gitweb.torproject.org/user/phw/exitmap.git/%22%3EExitmap</a> to +systematically scan for malicious and misbehaving exit relays. Once such a +relay is found, it is assigned the BadExit flag which prevents clients from +selecting the relay as last hop in their circuit. + </p> + + <p> +Exitmap supports scanning modules which implement a specific scan over +exit relays. Examples are the DNS module which checks for DNS poisoning +or the patching check module which looks out for tampered file +downloads. + </p> + + <p> +This project is meant to extend exitmap in several ways. First, it +should be made fully autonomous. That means that exitmap should be able +to run in the background, periodically fetch new relay descriptors, and +have a smart algorithm which keeps scanning all exit relays +periodically. Second, exitmap should be able to emulate some user +interaction and dynamically "explore" the web in order to detect +tampering. Third, unit tests should be added for existing and new code +in order to make the code base more robust. + </p> + </li> <!-- <a id="improveStegotorus"></a> <li>