commit 8d5a58b307ff906711a6bb2f00a494546e552c53 Author: emma peel emma.peel@riseup.net Date: Wed Mar 17 13:44:44 2021 +0100
update content --- assets/static/images/onion-white.png | Bin 0 -> 41138 bytes assets/static/images/onion.jpg | Bin 0 -> 3911 bytes assets/static/images/onion.png | Bin 0 -> 41071 bytes .../outreach/print/onion-guide-fanzine-EN.pdf | Bin 0 -> 343902 bytes .../outreach/print/onion-guide-fanzine-ES.pdf | Bin 0 -> 342504 bytes .../outreach/print/onion-guide-fanzine-PT_BR.pdf | Bin 0 -> 345662 bytes assets/static/revealjs/dist/theme/tor.css | 37 ++++++- content/gsoc/alexa-captcha-monitoring/contents.lr | 83 ++++++++++++++ .../cloudflare-captcha-monitoring/contents.lr | 82 ++++++++++++++ .../gsoc/archive/gettor-distribution/contents.lr | 50 +++++++++ content/gsoc/archive/onion-toolbox/contents.lr | 67 ++++++++++++ .../archive/ooni-explorer-findings/contents.lr | 82 ++++++++++++++ .../gsoc/archive/ooni-explorer-testing/contents.lr | 53 +++++++++ .../ooni-probe-desktop-custom-urls/contents.lr | 72 +++++++++++++ .../archive/privacy-aware-geo-lookup/contents.lr | 56 ++++++++++ .../gsoc/archive/privacy-friendly-web/contents.lr | 59 ++++++++++ .../archive/salmon-bridge-distribution/contents.lr | 72 +++++++++++++ .../archive/snowflake-android-proxy/contents.lr | 72 +++++++++++++ content/gsoc/archive/tor-keygen/contents.lr | 49 +++++++++ .../archive/tor-relay-ipv6-support/contents.lr | 120 +++++++++++++++++++++ content/gsoc/onion-balance-v3/contents.lr | 57 ++++++++++ .../gsoc/ooni-explorer-code-quality/contents.lr | 61 +++++++++++ content/gsoc/ooni-geoip-accuracy/contents.lr | 61 +++++++++++ content/gsoc/ooni-probe-testing/contents.lr | 67 ++++++++++++ content/gsoc/ooni-roaming-test/contents.lr | 64 +++++++++++ .../becoming-tor-translator/contents.lr | 2 +- content/localization/current-status/contents.lr | 11 +- content/localization/pick-a-project/contents.lr | 11 ++ content/onion-services/advanced/https/contents.lr | 2 +- .../tor-dmca-response/contents.lr | 23 +++- .../community-resources/good-bad-isps/contents.lr | 35 +++--- .../tor-abuse-templates/contents.lr | 9 +- .../bridge/debian-ubuntu/contents.lr | 2 +- .../technical-setup/bridge/docker/contents.lr | 16 +-- .../technical-setup/bridge/freebsd/contents.lr | 6 +- .../technical-setup/bridge/windows/contents.lr | 22 ++-- .../technical-setup/exit/contents.lr | 2 + 37 files changed, 1342 insertions(+), 63 deletions(-)
diff --git a/assets/static/images/onion-white.png b/assets/static/images/onion-white.png new file mode 100644 index 0000000..f8daf6a Binary files /dev/null and b/assets/static/images/onion-white.png differ diff --git a/assets/static/images/onion.jpg b/assets/static/images/onion.jpg new file mode 100644 index 0000000..d728622 Binary files /dev/null and b/assets/static/images/onion.jpg differ diff --git a/assets/static/images/onion.png b/assets/static/images/onion.png new file mode 100644 index 0000000..ce6dcdf Binary files /dev/null and b/assets/static/images/onion.png differ diff --git a/assets/static/images/outreach/print/onion-guide-fanzine-EN.pdf b/assets/static/images/outreach/print/onion-guide-fanzine-EN.pdf new file mode 100644 index 0000000..956cdf1 Binary files /dev/null and b/assets/static/images/outreach/print/onion-guide-fanzine-EN.pdf differ diff --git a/assets/static/images/outreach/print/onion-guide-fanzine-ES.pdf b/assets/static/images/outreach/print/onion-guide-fanzine-ES.pdf new file mode 100644 index 0000000..e23752b Binary files /dev/null and b/assets/static/images/outreach/print/onion-guide-fanzine-ES.pdf differ diff --git a/assets/static/images/outreach/print/onion-guide-fanzine-PT_BR.pdf b/assets/static/images/outreach/print/onion-guide-fanzine-PT_BR.pdf new file mode 100644 index 0000000..a255de5 Binary files /dev/null and b/assets/static/images/outreach/print/onion-guide-fanzine-PT_BR.pdf differ diff --git a/assets/static/revealjs/dist/theme/tor.css b/assets/static/revealjs/dist/theme/tor.css index 31b0054..2c55510 100644 --- a/assets/static/revealjs/dist/theme/tor.css +++ b/assets/static/revealjs/dist/theme/tor.css @@ -20,7 +20,7 @@ section.has-dark-background, section.has-dark-background h1, section.has-dark-ba --block-margin: 20px; --heading-margin: 0 0 20px 0; --heading-font: Source Sans Pro, Helvetica, sans-serif; - --heading-color: #59316B; + --heading-color: #683086; --heading-line-height: 1.2; --heading-letter-spacing: normal; --heading-text-transform: uppercase; @@ -32,7 +32,7 @@ section.has-dark-background, section.has-dark-background h1, section.has-dark-ba --heading3-size: 1.3em; --heading4-size: 1em; --code-font: monospace; - --link-color: #59316B; + --link-color: #683086; --link-color-hover: #9400ff; --selection-background-color: #98bdef; --selection-color: #fff; } @@ -72,7 +72,7 @@ section.has-dark-background, section.has-dark-background h1, section.has-dark-ba .reveal h5, .reveal h6 { margin: 0 0 20px 0; - color: #59316B; + color: #683086; font-family: "Source Sans Pro", Helvetica, sans-serif; font-weight: 600; line-height: 1.2; @@ -244,6 +244,10 @@ section.has-dark-background, section.has-dark-background h1, section.has-dark-ba .reveal img { margin: 20px 0; }
+.reveal hr { + border: 5px solid #fff; +} + /********************************************* * LINKS *********************************************/ @@ -275,6 +279,10 @@ section.has-dark-background, section.has-dark-background h1, section.has-dark-ba border-color: #2a76dd; box-shadow: 0 0 20px rgba(0, 0, 0, 0.55); }
+ +.title div { + background-position: 85% 85% !important; +} /********************************************* * NAVIGATION CONTROLS *********************************************/ @@ -294,3 +302,26 @@ section.has-dark-background, section.has-dark-background h1, section.has-dark-ba @media print { .backgrounds { background-color: #fff; } } + +/********************************************* + * FOOTER + *********************************************/ + +.footer { + background-color: #683086; +} + +/********************************************* + * OVERRIDES + *********************************************/ + +.slides { + text-align: left !important; +} +.title { + text-align: center; +} + +hr.dark { + border: 5px solid #683086; +} diff --git a/content/gsoc/alexa-captcha-monitoring/contents.lr b/content/gsoc/alexa-captcha-monitoring/contents.lr new file mode 100644 index 0000000..c8d03bb --- /dev/null +++ b/content/gsoc/alexa-captcha-monitoring/contents.lr @@ -0,0 +1,83 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: True +--- +completed: False +--- +url: /alexa-captcha-monitoring +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 1 +--- +languages: +python +javascript +--- +mentors: +GeKo +arma +--- +difficulty: medium +--- +title: Alexa Top Sites Captcha and Tor Block Monitoring +--- +subtitle: + +This project should implement a mechanism to track the rate that Alexa Top 500 webpages return Captchas to or directly block Tor users over time. + +--- +body: + +# Problem + +A large number of Tor users report getting hit by infinite Captcha loops when visiting some of the most popular websites, such as Reddit, Twitter or YouTube. This makes them feel punished for using Tor to protect their privacy and prevents them from legitimately accessing websites. + +# Proposal + +For this project we would like to track in practice how often [Alexa Top 500 websites](https://www.alexa.com/topsites) return Captchas to Tor clients. + +During GSoC 2020, we had a project to track captchas from Cloudflare fronted websites. This project would build upon this work to further test other popular websites. + +The project should consist of an automated way to systematically test a selection of [these websites](https://www.alexa.com/topsites) and record whether there is a difference in behaviour when a connection comes from various Tor exit IPs versus non-Tor exit IPs. For example, in the case where it seems like connections from Tor users are being discriminated against, we should record whether the user is presented with a captcha or some other error, e.g Forbidden or Service Temporarily Unavailable. Some discussion regarding this issue can be found [here](https://gitlab.torproject.org/tpo/community/support/-/issues/40013). + +Our proposed approach consists of: + +1. Writing a web client to periodically fetch a selection of the [Alexa Top Sites](https://www.alexa.com/topsites) via Tor and record how often a Captcha or failure is returned. +1. Record and graph the various types of failure (including Captchas) vs real page rates +1. Using the pre-existing architecture, run a second client that does not fetch this webpage via Tor. This will allow us to contrast and compare how these sites respond to Tor Browser vs other browsers. +1. Track and publish these details publicly + +There are two interesting metrics to track over time: + +- the fraction of exit relays that are getting hit with Captchas and failures, and +- the chance that a Tor client, choosing an exit relay in the normal weighted faction, will get hit by a Captcha or a failure. + +Then there are other interesting patterns to look for: + +- Are certain IP addresses punished consistently and others never punished? +- Is whether you get a failure much more probabilistic and transient? +- Does that pattern change over time? + +# Getting Started + +As this project builds upon an existing project, in order to demonstrate your skills and familiarise yourself with this project you may want to: + +1. Familiarise yourself and start experimenting with various web clients to fetch pages via Tor, bearing in mind you may need to adapt them to your needs if they are lacking the required functionality. +1. Check out the existing [Captcha Scanner](https://dashboard.captcha.wtf/) and [code](https://gitlab.torproject.org/woswos/CAPTCHA-Monitor) +1. Read the comments in ticket [40013](https://gitlab.torproject.org/tpo/community/support/-/issues/40013) and the [original project ticket](https://gitlab.torproject.org/legacy/trac/-/issues/33010) for more ideas. + +# Resources + +There is pre-existing research by the Berkeley ICSI group which includes these sorts of checks: + +- https://www.freehaven.net/anonbib/#differential-ndss2016 +- https://www.freehaven.net/anonbib/#exit-blocking2017 diff --git a/content/gsoc/archive/cloudflare-captcha-monitoring/contents.lr b/content/gsoc/archive/cloudflare-captcha-monitoring/contents.lr new file mode 100644 index 0000000..b8e3346 --- /dev/null +++ b/content/gsoc/archive/cloudflare-captcha-monitoring/contents.lr @@ -0,0 +1,82 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: False +--- +completed: True +--- +url: https://gitlab.torproject.org/woswos/CAPTCHA-Monitor +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 1 +--- +languages: +python +javascript +--- +mentors: +GeKo +arma +--- +difficulty: medium +--- +title: Cloudflare Captcha Monitoring +--- +subtitle: + +This project should implement a mechanism to track the rate that Cloudflare fronted webpages return Captchas to Tor users over time. + +--- +body: + +# Problem + +A large number of Tor users report getting hit by infinite Captcha loops when visiting webpages fronted by Cloudflare. This makes them feel punished for using Tor to protect their privacy and prevents them from legitimately accessing websites. + +# Proposal + +For this project we would like to track in practice how often Cloudflare fronted webpages return Captchas to Tor clients. + +Our proposed approach consists of: + +1. Setting up a very simple static webpage to be fronted by Cloudflare +2. Write a web client to periodically fetch this static webpage via Tor and record how often a Captcha is returned +3. Record and graph Captcha vs real page rates +4. Using the pre-existing architecture, run a second client that does not fetch this webpage via Tor. This will allow us to contrast and compare how Cloudflare responds to Tor Browser vs other browsers. +5. Track and publish these details publicly + +There are two interesting metrics to track over time: + +- the fraction of exit relays that are getting hit with Captchas, and +- the chance that a Tor client, choosing an exit relay in the normal weighted faction, will get hit by a Captcha. + +Then there are other interesting patterns to look for: + +- Are certain IP addresses punished consistently and others never punished? +- Is whether you get a Captcha much more probabilistic and transient? +- Does that pattern change over time? + +# Getting Started + +As this is a new project, in order to demonstrate your skills and familiarise yourself with this project you may want to: + +1. Set up the required infrastructure for this project e.g by setting up a very simple static webpage to be fronted by Cloudflare. +2. Familiarise yourself and start experimenting with various web clients to fetch pages via Tor, bearing in mind you may need to adapt them to your needs if they are lacking the required functionality. +3. Read the comments in ticket [#33010](https://trac.torproject.org/projects/tor/ticket/33010) for more ideas. + +# Resources + +There is pre-existing research by the Berkeley ICSI group which includes these sorts of checks: + +- https://www.freehaven.net/anonbib/#differential-ndss2016 +- https://www.freehaven.net/anonbib/#exit-blocking2017 + +For the original ticket and discussion, please see ticket [#33010](http://bugs.torproject.org/33010) \ No newline at end of file diff --git a/content/gsoc/archive/gettor-distribution/contents.lr b/content/gsoc/archive/gettor-distribution/contents.lr new file mode 100644 index 0000000..5639af3 --- /dev/null +++ b/content/gsoc/archive/gettor-distribution/contents.lr @@ -0,0 +1,50 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: False +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 2 +--- +languages: +python +ansible +--- +org: Tor +--- +mentors: +cohosh +hiro +--- +difficulty: +--- +title: Implement new distribution methods for GetTor +--- +subtitle: + +This project should implement a feature to distribute Tor Browser downloads through Telegram or Facebook messenger. + +--- +body: + +# Problem + +Tor Browser ships with a few different anti-censorship tools to allow people free and open access to Internet content. However, some places censor Tor Browser downloads, making it difficult for users to install it in the first place. + +# Proposal + +[GetTor](https://gettor.torproject.org/) is a system for distributing Tor Browser using alternative methods such as email or Twitter to send users authenticated links to Tor Browser binaries. + +We are looking to expand the ways in which GetTor distributes Tor Browser binaries to make it easier for people to download and install Tor Browser. This project would consist in implementing a feature in GetTor to distribute Tor Browser downloads through Telegram and/or Facebook messenger. + +# Resources + +- GetTor repo on github: https://github.com/torproject/gettor \ No newline at end of file diff --git a/content/gsoc/archive/onion-toolbox/contents.lr b/content/gsoc/archive/onion-toolbox/contents.lr new file mode 100644 index 0000000..f1c0b0e --- /dev/null +++ b/content/gsoc/archive/onion-toolbox/contents.lr @@ -0,0 +1,67 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: False +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 3 +--- +languages: +Python +Docker +PythonQt5 +--- +mentors: +hiro +asn +--- +difficulty: medium +--- +title: Onion Tool Box +--- +subtitle: + +Myonion is a developer tool box, providing a command line interface and a GUI to configure and deploy existing services via .onion. The idea behind myonion is to make onion services accessible to developers that might be interested to innovate in the privacy space, building applications that are designed for privacy and security. +--- +body: + +# Problem + +It is not necessarily difficult to use onion services, but it might be tricky to configure a web service to be offered via .onion so that it doesn’t leak sensitive information. + +There are detailed [guides](https://riseup.net/en/security/network-security/tor/onionservices-best-pract...) available for users that would like to offer a web application via .onion and some tools have been developed to help service operators: discover known misconfiguration or [vulnerabilities](https://onionscan.org/) or deploy an [onion site](https://github.com/alecmuffett/eotk). + +Involving a wider developer community can help creating a better image of Tor and onion services, replacing the “dark net” narrative with the secure and private web one. + +Onion services can also be relevant to all those people interested in the “zero-trust” strategy. The concept behind zero-trust is to adopt strategies and tools to help prevent data breaches by eliminating the concept of trust from an organization’s network architecture, with the principle of never trust, always verify. + +Ultimately myonion is about creating a better experience for onion services developers and operators and therefore fostering a more legitimate onion service ecosystem. + +# Proposal + +Myonion is a developer tool box, providing a command line interface and a GUI to configure and deploy existing services via .onion. A minimal prototype for myonion already [exists](https://github.com/hiromipaw/myonion). + +Someone that may want to run an onion service can use the myonion wrapper app to start a .onion from their computer and share a static website or a web application. + +Myonion can also be used to deploy the resulting configured app to a defined set of cloud providers. + +Myonion provides a way to build and deploy onion ready applications, allowing developers to build and test web applications and easily share them with others, bundling the code and configuration in a lightweight, portable Docker container application that runs the same everywhere. + +The experience for developers will be similar to using other industry solutions, like the [Docker desktop app](https://www.docker.com/products/docker-desktop). + +Developers using myonion are provided with pre-defined and customizable application templates, with corresponding configuration and a test set, eliminating error-prone manual setup and known onion service configuration mistakes. + +The resulting application is therefore deployable via a set of endpoint management tools to known providers. Providing a way to deploy onion services at scale. + +# Resources + +- Myonion repo on github: https://github.com/hiromipaw/myonion + diff --git a/content/gsoc/archive/ooni-explorer-findings/contents.lr b/content/gsoc/archive/ooni-explorer-findings/contents.lr new file mode 100644 index 0000000..b04887e --- /dev/null +++ b/content/gsoc/archive/ooni-explorer-findings/contents.lr @@ -0,0 +1,82 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: False +--- +completed: True +--- +url: https://gist.github.com/kronaemmanuel/ae1ebafa039a3361fb422462109ae035 +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 4 +--- +languages: React +--- +org: OONI +--- +mentors: +Sarath +Federico Ceratto +Arturo Filastò +--- +difficulty: Medium +--- +title: OONI Explorer findings: Improvements related to social media sharing +--- +subtitle: + +OONI Explorer is an open data resource on internet censorship around the world. +OONI Probe is the software used to collect network measurements which are then +shown on OONI Explorer. This project is about making improvements to how +findings from OONI Probe tests are displayed on OONI Explorer when shared on +social media. + +--- +body: + +# Background + +OONI Explorer is an open data resource on internet censorship around the world. +OONI Probe is the software used to collect network measurements which are then +shown on OONI Explorer. This project is about making improvements to how +findings from OONI Probe tests are displayed on OONI Explorer when shared on +social media. + +# Proposal + +Currently, when an OONI Probe user wants to share their network measurement findings from their mobile app, the only option they have is to take screenshots and to share them on social media. + +As part of this activity, the student is asked to improve how OONI measurements are displayed when they are shared on social media. + +This includes: +* Setting the appropriate meta tags to measurement page headers: https://github.com/ooni/explorer/issues/202 +* Generating a screenshot preview to display on the various social media platforms +* Validating that the measurements are displayed well +* Improving the indexing of OONI Explorer by search engines: https://github.com/ooni/ooni.org/issues/328 +* Adding some Call to Action functionality to encourage users to install OONI Probe + +Moreover, the student is encouraged to explore other ways through which OONI +Probe users may be interested in sharing findings (such as a measurement result +set) and how these can be presented in OONI Explorer and embedded in social +media. + +Other relevant github issues include: + +Add support for native sharing capability in OONI Probe +https://github.com/ooni/probe/issues/1070 + +Easier exploration of reports by a specific probe +https://github.com/ooni/explorer/issues/344 + +# Resources + +- OONI Explorer repo on github: https://github.com/ooni/explorer +- OONI Explorer issues github: https://github.com/ooni/explorer/issues diff --git a/content/gsoc/archive/ooni-explorer-testing/contents.lr b/content/gsoc/archive/ooni-explorer-testing/contents.lr new file mode 100644 index 0000000..1345807 --- /dev/null +++ b/content/gsoc/archive/ooni-explorer-testing/contents.lr @@ -0,0 +1,53 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: True +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 4 +--- +languages: React +--- +org: OONI +--- +mentors: +Sarath +Arturo Filastò +--- +difficulty: Medium +--- +title: OONI Explorer: Improvements to testing +--- +subtitle: + +OONI Explorer is an open data resource on internet censorship around the world. This project is about making improvements to the end to end tests of OONI Explorer. +--- +body: + +# Background + +OONI Explorer is an open data resource on internet censorship around the world. This project is about making improvements to the end to end tests of OONI Explorer. + +# Proposal + +Currently, we only have a very basic set of end-to-end tests inside of OONI Explorer, which have been developed using the Cypress end-to-end testing tool. See: https://github.com/ooni/explorer/tree/master/cypress + +As part of this project, the student will work together with the OONI team to define a list of actions and operations that we would like to automate and test. Based on this, they will write end-to-end integration tests using Cypress. + +Currently, OONI Explorer does not have any unit tests. The student is therefore encouraged to explore and look into adding unit testing to the Explorer components. + +Moreover, the student is encouraged to research other ways to improve the quality and testing coverage of the OONI Explorer application, such as visual testing tools like percy: https://percy.io/ + +# Resources + +- OONI Explorer repo on github: https://github.com/ooni/explorer +- OONI Explorer issues github: https://github.com/ooni/explorer/issues + diff --git a/content/gsoc/archive/ooni-probe-desktop-custom-urls/contents.lr b/content/gsoc/archive/ooni-probe-desktop-custom-urls/contents.lr new file mode 100644 index 0000000..6b09396 --- /dev/null +++ b/content/gsoc/archive/ooni-probe-desktop-custom-urls/contents.lr @@ -0,0 +1,72 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: True +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 4 +--- +languages: React +--- +org: OONI +--- +mentors: +Sarath +Arturo Filastò +--- +difficulty: Medium +--- +title: OONI Probe Desktop support for OONI Run and custom URLs +--- +subtitle: + +OONI Probe Desktop is the next generation electron desktop client for running +OONI tests on windows, macOS and Linux. This project is about adding +capabilities related to custom URL testing. + +--- +body: + +# Background + +OONI Probe Desktop is the next generation electron desktop client for running +OONI tests on windows, macOS and Linux. This project is about adding +capabilities related to custom URL testing. + +# Proposal + +Currently the OONI Probe Desktop app does not support specifying a custom URL +for testing. + +As part of this project, the student will add UI support for specifying a +custom URL inside of the OONI Probe desktop app. See: +https://github.com/ooni/probe/issues/936 + +The student will also look into adding support for the handling of OONI Run +links on desktop as well. This will involve creating a deep link handler on +desktop to trigger OONI Run links in OONI Probe desktop too. See: +https://github.com/ooni/probe/issues/1071 + +The OONI Probe Desktop app is an electron based desktop app, and the source +code is available here: https://github.com/ooni/probe-desktop + +Issues for OONI Probe Desktop are tracked here: +https://github.com/ooni/probe/issues?q=is%3Aopen+is%3Aissue+label%3Aooni%2Fp... + +Under the hood, the OONI Probe desktop app is controlling a golang-based +command line interface, called probe-cli: https://github.com/ooni/probe-cli + +# Resources + +- OONI Probe Desktop repo on github: https://github.com/ooni/probe-desktop +- OONI Probe CLI repo on github: https://github.com/ooni/probe-cli +- OONI Probe Desktop issues on github: https://github.com/ooni/probe/issues?q=is%3Aopen+is%3Aissue+label%3Aooni%2Fp... + diff --git a/content/gsoc/archive/privacy-aware-geo-lookup/contents.lr b/content/gsoc/archive/privacy-aware-geo-lookup/contents.lr new file mode 100644 index 0000000..e170747 --- /dev/null +++ b/content/gsoc/archive/privacy-aware-geo-lookup/contents.lr @@ -0,0 +1,56 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: True +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 6 +--- +languages: +Golang +Java +Android +--- +org: OONI +--- +mentors: +Simone Basso +Arturo Filastò +--- +difficulty: Medium +--- +title: Privacy aware geo lookup +--- +subtitle: + +The idea for this project is to research a way to do a GPS based location lookup which resolves the location of the user to a granularity which is useful for qualifying measurements, but that doesn’t compromise users safety and privacy. + +--- +body: + +# Problem + +When looking at OONI Probe measurements we often face a challenge in properly understanding what country (or more granular location) they are telling us things about. + +Often times the location information (since it's based on geoip) is inaccurate, because the underlying GeoIP database we used was old. + +On the other hand we also have a responsibility to protect user privacy to the extent that it's possible and therefore we don't collect IPs or store location information that is more granular than country level. + +# Proposal +*Prerequisites:* familiarity with Android development and aptitude for research + +The idea for this project is to research a way to do a GPS based location lookup which resolves the location of the user to a granularity which is useful for qualifying measurements, but that doesn’t compromise users safety and privacy. + +# Resources + +- OONI Probe engine repo on github: https://github.com/ooni/probe-engine + +For the original ticket and discussion, please see ticket [249](https://github.com/ooni/probe-engine/issues/249) \ No newline at end of file diff --git a/content/gsoc/archive/privacy-friendly-web/contents.lr b/content/gsoc/archive/privacy-friendly-web/contents.lr new file mode 100644 index 0000000..6d8a8e1 --- /dev/null +++ b/content/gsoc/archive/privacy-friendly-web/contents.lr @@ -0,0 +1,59 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: False +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 7 +--- +languages: +javascript +CSS +HTML +Python +--- +mentors: +hiro +--- +difficulty: medium +--- +title: Privacy Friendly Web +--- +subtitle: + +The scope of this project is creating a open-source community-driven browsable list of patterns and release a css/js framework that web developers can extend and use in their work. +--- +body: + +# Problem + +Security concerned web users take conscious steps to limit the amount of data they share with the websites visited and third party services. + +There are a number of security enhancing tools available. Some come in the form of browser extensions and javascript blockers, others are full fledged web browsers designed with providing extra security to their users. + +One of these is the Tor Browser. The Tor Browser was designed to provide privacy while surfing the web and defend users against both network and local forensic adversaries. There are two main categories of requirements that have been considered: Security Requirements, and Privacy Requirements. + +Security Requirements are the minimum properties in order for a browser to be able to support Tor and similar privacy proxies safely. Privacy requirements are primarily concerned with reducing linkability: the ability for a user's activity on one site to be linked with their activity on another site without their knowledge or explicit consent. + +# Proposal + +Websites can work seamlessly with the Tor Browser and other privacy enhancing browsers and tools if they adopt a series of respectful and ethical patterns. + +The Tor Browser is in fact, based on Mozilla's Extended Support Release (ESR) Firefox branch. We have a series of patches against this browser to enhance privacy and security. Browser behavior is additionally augmented through the Torbutton extension, and we also change a number of Firefox preferences from their defaults. + +The Tor Project has developed over the years a set of web development guidelines that allow websites to work with security enhanced browsers without causing any or minimal functionality disruption to their users. These guidelines have been shaped in an internal styleguide that has been adopted across all torproject.org websites. + +We are now formalizing these web development patterns and some security concerns that need to be considered when developing websites for users surfing the web with security enhanced browsers and tools. The scope of this project is creating a open-source community-driven browsable list of patterns and release a css/js framework that web developers can extend and use in their work. + +# Resources + +- Tor Project [styleguide](https://styleguide.torproject.org/) +- Styleguide repo on github: https://github.com/torproject/styleguide diff --git a/content/gsoc/archive/salmon-bridge-distribution/contents.lr b/content/gsoc/archive/salmon-bridge-distribution/contents.lr new file mode 100644 index 0000000..bb33777 --- /dev/null +++ b/content/gsoc/archive/salmon-bridge-distribution/contents.lr @@ -0,0 +1,72 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: False +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 8 +--- +languages: +Python +--- +org: Tor +--- +mentors: +cohosh +ahf +--- +difficulty: +--- +title: Implementing Salmon as a bridge distribution mechanism +--- +subtitle: + +This project entails implementing Salmon, a bridge distribution mechanism that partitions and distributes bridges using reputation to give well-behaved users access to "better" bridges and add a penalty when their bridges get censored. + +--- +body: + +# Problem + +Bridges are Tor relays that are not publicly listed and therefore allow access to the Tor network in places where access to the public Tor relays, and therefore access to the Tor network, is blocked. Many users rely on bridges, or anti-censorship proxies, to connect to the Tor network. However, when censors learn this information, the bridges quickly become blocked and can no longer be used. We need a way of distributing bridge information to users so that they are able to connect without these bridges being discovered by the censors. + +# Proposal + +Our goal is to distribute bridges to users in censored regions when they need them, while also limiting the amount of bridge information that is leaked to censors. This project entails implementing Salmon, a bridge distribution mechanism that partitions and distributes bridges using reputation to give well-behaved users access to "better" bridges and add a penalty when their bridges get censored. + +# Getting started + +1. Read the blog posts to get an introduction to the problem space. +1. Play around with [bridgedb](https://bridges.torproject.org/) to request a bridge and try understand how it works. +1. Checkout the existing [code](#Code-repos). +1. Read the [papers](#academic-papers) listed under [Resources](#Resources). +1. Join the [next anti-censorship team meeting](https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam#I...) to discuss your findings and ask any questions. + +# Resources + +## Academic papers + +- Original Paper: [Salmon: Robust Proxy Distribution for Censorship Circumvention](https://petsymposium.org/2016/files/papers/Salmon__Robust_Proxy_Distribution...) +- [Design of a blocking-resistant anonymity system](https://svn-archive.torproject.org/svn/projects/design-paper/blocking.html) +- [Enemy At the Gateways: Censorship-Resilient Proxy Distribution Using Game Theory](https://people.cs.umass.edu/~amir/papers/TorGame.pdf) +- [rBridge: User Reputation based Tor Bridge Distribution with Privacy Preservation](https://www-users.cs.umn.edu/~hoppernj/rbridge_ndss13.pdf) +- [HYPHAE: Social Secret Sharing](https://patternsinthevoid.net/hyphae/hyphae.pdf) + +## Blog posts +- [Strategies for getting more bridge addresses](https://blog.torproject.org/strategies-getting-more-bridge-addresses) +- [Ten ways to discover Tor bridges](https://blog.torproject.org/research-problems-ten-ways-discover-tor-bridges) +- [Five ways to test bridge reachability](https://blog.torproject.org/research-problem-five-ways-test-bridge-reachabil...) +- [The Next Chapter in Anti-Censorship](https://blog.torproject.org/next-chapter-anti-censorship) + +## Code repos + +- Salmon Project on github: https://github.com/SalmonProject +- BridgeDB Source code: https://gitweb.torproject.org/bridgedb.git diff --git a/content/gsoc/archive/snowflake-android-proxy/contents.lr b/content/gsoc/archive/snowflake-android-proxy/contents.lr new file mode 100644 index 0000000..0b188f6 --- /dev/null +++ b/content/gsoc/archive/snowflake-android-proxy/contents.lr @@ -0,0 +1,72 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: False +--- +completed: True +--- +url: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 9 +--- +languages: +Android +--- +org: Tor +--- +mentors: +cohosh +--- +difficulty: +--- +title: Snowflake proxy on Android +--- +subtitle: + +This project entails implementing a Snowflake proxy app that will run on Android and relay a user's Tor traffic to the Tor network in the background. + +--- +body: + +# Background + +[Snowflake](https://snowflake.torproject.org/) is a circumvention system in which volunteers can run proxies to help users connect to the Tor network. Users make WebRTC connections to the proxies, who then relay this data to a Snowflake bridge and then on to the Tor network. The advantage of using WebRTC is that Snowflake proxies can frequently change IP address or operate behind a NAT. At the moment, we have implemented the Snowflake proxy code as a web extension or a web badge, but we have not yet implemented a proxy that will run smoothly on Android. + +# Proposal + +This project entails implementing a Snowflake proxy app that will run on Android and relay a user's Tor traffic to the Tor network in the background. This application does not use Tor itself, it will relay Tor traffic from censored users to the Snowflake bridge. It will do this by copying Tor traffic between a WebRTC connection to the user and a WebSocket connection to the Snowflake bridge. + +There is an implementation component as well as an exploration and testing component while we figure out how to achieve good performance from a background application without using too much of the volunteer proxy's data or resources. We'd like to build in the ability for multiple users to connect through +a proxy, but we'll start with just one user at first. This project is experimental in the sense that we don't yet know how many resources it will take and whether the proxies will be reliable enough for clients to use. + +# Getting Started + +A good way to get started is to read the resources provided below and familiarize yourself with how Snowflake works. You can then: + +1. Take a look at the existing WebExtension proxy code, and +2. Install the WebExtension to try it out for yourself: https://snowflake.torproject.org/ + +Once you feel ready to get started on some tickets, you can search for webextension (proxy) based tickets on our bug tracking system by looking for the keyword ["webextension"](https://trac.torproject.org/projects/tor/query?status=accepted&status=as...) in the Snowflake component. + +# Resources + +We already have the proxy implemented as a WebExtension in javascript. You can take a look at that implementation for a more detailed idea of what exactly we're trying to do: + +- https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy + +Some other links that will be useful are: + +- the technical writeup: https://keroserene.net/snowflake/technical/ +- deployment details and open tickets: https://trac.torproject.org/projects/tor/wiki/doc/Snowflake + +- [Snowflake](https://snowflake.torproject.org/) +- Snowflake repo: https://gitweb.torproject.org/pluggable-transports/snowflake.git/ \ No newline at end of file diff --git a/content/gsoc/archive/tor-keygen/contents.lr b/content/gsoc/archive/tor-keygen/contents.lr new file mode 100644 index 0000000..8b138bf --- /dev/null +++ b/content/gsoc/archive/tor-keygen/contents.lr @@ -0,0 +1,49 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: False +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 12 +--- +languages: +C +Python +Golang +Rust +--- +mentors: +asn +dgoulet +--- +difficulty: medium/hard +--- +title: tor-keygen +--- +subtitle: + +The scope of this project is to write an application that generates cryptographic keys for Tor relays, dirauths and onion services. +--- +body: + +# Problem + + +# Proposal + +Prerequisites: Understanding of Tor protocol and tor codebase + +# Resources + +- https://trac.torproject.org/projects/tor/ticket/18098 +- https://trac.torproject.org/projects/tor/ticket/14389 +- https://github.com/torproject/tor/blob/e34d963c4453ceac7ff378ce0044d10461980... +- Original tor-keygen repo on github: https://github.com/haxxpop/torkeygen \ No newline at end of file diff --git a/content/gsoc/archive/tor-relay-ipv6-support/contents.lr b/content/gsoc/archive/tor-relay-ipv6-support/contents.lr new file mode 100644 index 0000000..db89d66 --- /dev/null +++ b/content/gsoc/archive/tor-relay-ipv6-support/contents.lr @@ -0,0 +1,120 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: False +--- +completed: True +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 10 +--- +languages: +C +--- +mentors: +teor +ahf +nickm +--- +difficulty: Medium +--- +title: Improve Tor Relay IPv6 Support +--- +subtitle: + +Tor helps people stay safe on the internet, by keeping their internet use secure and anonymous. More Tor clients are running on IPv6-only or dual-stack networks. But only 20% of Tor’s available relay bandwidth supports IPv6. We want to automate relay IPv6 address discovery and reachability checks, so that it is easier for relay operators to run IPv6 relays. + +--- +body: + +The Tor Project will be improving tor relay IPv6 support in 2020. + +Students may choose to focus on: + * designing and implementing tor relay IPv6 features, + * tor relay IPv6 testing, or + * diagnosing and fixing bugs in tor's IPv6 code. + +## Prerequisites + +* Network configuration skills +* Basic understanding of IPv4 and IPv6 + +Recommended: + +* Experience testing network software +* Experience running Internet-connected servers + +## Programming skills needed: + +* C coding +* Building Unix-based (Linux, *BSD, macOS) software + +Recommended: + +* Experience with Unix network programming +* Python coding (for testing) +* Access to a server with public IPv4 and IPv6 addresses (to run a test relay) + +## Getting Started + +1. Clone tor using [git](https://github.com/torproject/tor) +2. Build tor from source +3. Run the tor unit tests using "make check". Let us know if they fail, and we'll help fix them. +4. Clone [chutney]( https://github.com/torproject/chutney) using git. Chutney is a tor integration test tool. +5. Run the tor integration tests using "make test-network". Let us know if they fail, and we'll help fix them. +6. Make sure you have a GitHub account, so you can submit pull requests to tor's [GitHub repository](https://github.com/torproject/tor) + +See our [Getting Started](https://gitweb.torproject.org/tor.git/tree/doc/HACKING/GettingStarted.md) document for more information. + +Once you have completed the above tasks, you may wish to move on to the following initial tasks for the project. + +### Initial Tasks + +* [Use Authority Addresses for Socket-Based Address Detection](https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6...). +* [Add IPv6 Support to is_local_addr()](https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6...). +* [Add a BandwidthStatistics option](https://gitweb.torproject.org/torspec.git/tree/proposals/313-relay-ipv6-stat...). +* [Close Existing Connections Before Testing Reachability](https://gitweb.torproject.org/torspec.git/tree/proposals/311-relay-ipv6-reac...). +* [Add unit tests or chutney tests for IPv6Traffic](https://trac.torproject.org/projects/tor/ticket/31543). + +### Main Tasks + +* [Add IPv6 Support to AuthDirMaxServersPerAddr](https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6...). +* [Use Authenticated NETINFO Cells to Discover Relay IP Addresses](https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6...). +* [Chutney tests for IPv6-only bridge clients](https://trac.torproject.org/projects/tor/ticket/20068). +* [IPv6 Exits succeed on Travis Linux, but Travis Linux doesn't support IPv6](https://trac.torproject.org/projects/tor/ticket/30182). + +### Stretch Goals + +* [Close Existing Connections Before Testing Reachability](https://gitweb.torproject.org/torspec.git/tree/proposals/311-relay-ipv6-reac...). +* [Use Add IPv6 DNS Support via the Libevent DNS API](https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6...). +* [Discovered Addresses as the Default OutboundBindAddress](https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6...). +* [Make chutney check for relay microdescriptors before verifying](https://trac.torproject.org/projects/tor/ticket/33428). +* [chutney doesn't verify using IPv6 addresses](https://trac.torproject.org/projects/tor/ticket/17011). + +## Links/Resources + +### Technical Proposals + +Tor Relay IPv6 Reachability +https://gitweb.torproject.org/torspec.git/tree/proposals/311-relay-ipv6-reac... + +Tor Relay Automatic IPv6 Address Discovery +https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6... + +### Relay Operator Guides + +Tor Relay Guide: IPv6 +https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#IPv6 + +### Roadmaps + +Tor IPv6 Roadmap +https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6Features diff --git a/content/gsoc/onion-balance-v3/contents.lr b/content/gsoc/onion-balance-v3/contents.lr new file mode 100644 index 0000000..53cb558 --- /dev/null +++ b/content/gsoc/onion-balance-v3/contents.lr @@ -0,0 +1,57 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: True +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 3 +--- +languages: +Python +--- +mentors: +asn +--- +difficulty: medium +--- +title: Onion Balance V3 Enhancements +--- +subtitle: + +OnionBalance allows Tor onion service requests to be distributed across multiple backend Tor instances. OnionBalance provides load-balancing while also making onion services more resilient and reliable by eliminating single points-of-failure. +--- +body: + +# Problem + +Onion services have been around for a while. During the past few years, they have been deployed by many serious websites like major media organizations (like the Washington Post), search engines (such as DuckDuckGo) and critical Internet infrastructure (e.g. PGP keyservers). This has been a great opportunity for us, the onion balance development team, since our code has been hardened and tested by the sheer volume of clients that use it every day. + +Onionbalance is one of the standard ways onion service administrators can load balance onion services, but it didn't work for v3 onions. Until [recently](https://blog.torproject.org/cooking-onions-reclaiming-onionbalance) when we released a new version of Onionbalance that supports v3 onion services. + +# Proposal + +We would like someone to help us implement some of the currently [open feature requests](https://github.com/asn-d6/onionbalance/labels/patches-welcome). + +In particular, we would like to implement some or all of the following features: + +- Support for v3 ["distinct descriptor" mode](https://onionbalance-v3.readthedocs.io/en/latest/v2/design.html#choice-of-in...). +This mode allows Onionbalance v2 to load-balance more than 10 backend instances, whereas currently Onionbalance v3 has a limit of 8 backend instances. In theory, Onionbalance could load-balance hundreds of backend instances by publishing descriptors at small time intervals that contain introduction points from a different subset of those instances each time. +- Minimize the differences between both v3 and other descriptors. +Currently Onionbalance v3 descriptors can look different from other descriptors, which makes it possible for clients and HSDirs to learn that a service is using Onionbalance. This can be an issue for more [advanced onion service threat models](https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md#ho...). +- Enable client authorization on the frontend service. +This may be needed in specialized use cases. Adding this feature would first require implementing client authorization support to Stem v3 descriptors and then using that feature in Onionbalance. +- Allow the ability to transfer your existing v3 onion service to Onionbalance. + + +# Resources + +- [OnionBalance v3 repo on github](https://github.com/asn-d6/onionbalance) +- [OnionBalance Documentation](https://onionbalance-v3.readthedocs.io/en/latest/v3/tutorial-v3.html#tutoria...) \ No newline at end of file diff --git a/content/gsoc/ooni-explorer-code-quality/contents.lr b/content/gsoc/ooni-explorer-code-quality/contents.lr new file mode 100644 index 0000000..a24f332 --- /dev/null +++ b/content/gsoc/ooni-explorer-code-quality/contents.lr @@ -0,0 +1,61 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: True +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 6 +--- +languages: +Javascript +ReactJS +Typescript +--- +org: OONI +--- +mentors: +Sarath +--- +difficulty: Advanced +--- +title: OONI: Improve OONI Explorer code quality +--- +subtitle: + +OONI Explorer is an open data resource on internet censorship around the world. As part of this project you would be working on helping to port OONI Explorer code to Typescript. +--- +body: + +# Background + +The Open Observatory of Network Interference (OONI) is a free software project which aims to empower decentralized efforts in increasing transparency of internet censorship around the world. + +OONI Explorer is an open data resource on internet censorship around the world. + +# Proposal + +Typescript has been adopted widely as a way to write more reliable JS applications and now has a well supported toolchain and an active and growing community. We could benefit from porting parts or all of the OONI Explorer code to Typescript especially to be able to handle unpredictable data in API responses. Next.js, the underlying react framework the project is built upon, also has first-class support for Typescript. The project involves: + +1. coming up with a strategy to incrementally port the codebase +1. ensuring integration with other projects in `ooni-components` +1. rewrite code +1. writing unit tests for critical react components in the projects +1. improve build process to leverage typescript features + +- **Prerequisites:** Experience in Typescript, nice to have knowledge of Next.js + +# Resources + +- OONI Explorer repo on github: https://github.com/ooni/explorer +- OONI Explorer issues github: https://github.com/ooni/explorer/issues +- https://github.com/ooni/design-system +- https://nextjs.org/docs/basic-features/typescript +- https://www.typescriptlang.org/ \ No newline at end of file diff --git a/content/gsoc/ooni-geoip-accuracy/contents.lr b/content/gsoc/ooni-geoip-accuracy/contents.lr new file mode 100644 index 0000000..1d7950d --- /dev/null +++ b/content/gsoc/ooni-geoip-accuracy/contents.lr @@ -0,0 +1,61 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: True +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 5 +--- +languages: +Java +Python +--- +org: OONI +--- +mentors: +Arturo +Federico +--- +difficulty: Medium +--- +title: OONI: Measure the accuracy of OONI GeoIP lookup +--- +subtitle: + +OONI Probe is a free software project that aims to uncover internet censorship around the world. As part of this project you would be working on developing a strategy and tooling for assessing the accuracy of our GeoIP databases. +--- +body: + +# Background + +The Open Observatory of Network Interference (OONI) is a free software project which aims to empower decentralized efforts in increasing transparency of internet censorship around the world. + +We develop free and open source software, called OONI Probe, that users can run to measure: + +- Blocking of websites; +- Blocking of instant messaging apps (WhatsApp, Facebook Messenger and Telegram); +- Blocking of censorship circumvention tools (such as Tor); +- Presence of systems (middleboxes) in your network that might be responsible for censorship and/or surveillance; +- Speed and performance of your network. + +By running OONI Probe, users can collect data that can potentially serve as evidence of internet censorship since it shows how, when, where, and by whom it is implemented. + +# Proposal + +When attributing OONI Probe measurements to specific countries we rely on GeoIP databases (https://github.com/ooni/asn-db-generator). These database at times will attribute measurements to the wrong country. We don't currently have a good way of measuring how reliable this approach to geolocation is. +This project is about developing a strategy and tooling for assessing the accuracy of our GeoIP databases by comparing the GeoIP resolution to other location data from the probe, mostly cell tower information and GPS, while respecting user's privacy. + +- **Prerequisites:** Knowledge of Android development and ideally backend development in python + +# Resources + +- OONI Probe Engine repo on github: https://github.com/ooni/probe-engine +- Link to issue: https://github.com/ooni/probe-engine/issues/249 diff --git a/content/gsoc/ooni-probe-testing/contents.lr b/content/gsoc/ooni-probe-testing/contents.lr new file mode 100644 index 0000000..0a8d752 --- /dev/null +++ b/content/gsoc/ooni-probe-testing/contents.lr @@ -0,0 +1,67 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: True +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 7 +--- +languages: +Javascript +ReactJS +--- +org: OONI +--- +mentors: +Sarath +--- +difficulty: Medium +--- +title: OONI: Integration and unit testing of OONI Probe Desktop apps +--- +subtitle: + +OONI Probe is a free software project that aims to uncover internet censorship around the world. As part of this project you would be working on integration and unit testing of OONI Probe Desktop apps. + +--- +body: + +# Background + +The Open Observatory of Network Interference (OONI) is a free software project which aims to empower decentralized efforts in increasing transparency of internet censorship around the world. + +We develop free and open source software, called OONI Probe, that users can run to measure: + +- Blocking of websites; +- Blocking of instant messaging apps (WhatsApp, Facebook Messenger and Telegram); +- Blocking of censorship circumvention tools (such as Tor); +- Presence of systems (middleboxes) in your network that might be responsible for censorship and/or surveillance; +- Speed and performance of your network. + +By running OONI Probe, users can collect data that can potentially serve as evidence of internet censorship since it shows how, when, where, and by whom it is implemented. + +# Proposal + +This project aims to: + +1. add support for automated testing of the desktop app to emulate the user stories end-to-end +1. add support for unit testing react components and javascript code running in electron's `main` process. + +It may be necessary to refactor parts of the codebase and upgrade dependencies to improve testability. The student is encouraged to research existing testing tools and propose solutions that can help complete the project. + +*Prerequisites:* None + +# Resources + +- https://github.com/ooni/probe-desktop/ +- http://electronjs.org/spectron +- https://docs.cypress.io/guides/component-testing/introduction.html +- https://testing-library.com/docs/react-testing-library/intro \ No newline at end of file diff --git a/content/gsoc/ooni-roaming-test/contents.lr b/content/gsoc/ooni-roaming-test/contents.lr new file mode 100644 index 0000000..fb0e4ac --- /dev/null +++ b/content/gsoc/ooni-roaming-test/contents.lr @@ -0,0 +1,64 @@ +_model: project +--- +_template: layout.html +--- +html: two-columns-page.html +--- +active: True +--- +section: GSoC +--- +section_id: gsoc +--- +color: primary +--- +key: 4 +--- +languages: +Python +--- +org: OONI +--- +mentors: +Federico +--- +difficulty: Medium/Advanced +--- +title: OONI: Implement roaming test helpers +--- +subtitle: + +OONI Probe is a free software project that aims to uncover internet censorship around the world. As part of this project you would be working on improving censorship detection while making the OONI infrastructure more resilient. +--- +body: + +# Background + +The Open Observatory of Network Interference (OONI) is a free software project which aims to empower decentralized efforts in increasing transparency of internet censorship around the world. + +We develop free and open source software, called OONI Probe, that users can run to measure: + +- Blocking of websites; +- Blocking of instant messaging apps (WhatsApp, Facebook Messenger and Telegram); +- Blocking of censorship circumvention tools (such as Tor); +- Presence of systems (middleboxes) in your network that might be responsible for censorship and/or surveillance; +- Speed and performance of your network. + +By running OONI Probe, users can collect data that can potentially serve as evidence of internet censorship since it shows how, when, where, and by whom it is implemented. + +# Proposal + +Test helpers are endpoints used by the OONI Probes to detect censorship. The main goal of the project is to improve censorship detection while making the OONI infrastructure more resilient. The main activities are: + +1. Deploy and integrate new test helpers based on the probe codebase. +1. Automate deployment and rotation of test helpers on various public clouds. +1. Implement forwarding methods to use the test helpers as proxies for the collector API. +1. Safely serve metadata about the test collectors through the API. + +- **Prerequisites:** Understanding of Networking, Security, OS, basics of cloud services + +# Resources + + + + diff --git a/content/localization/becoming-tor-translator/contents.lr b/content/localization/becoming-tor-translator/contents.lr index 362df91..02298b7 100644 --- a/content/localization/becoming-tor-translator/contents.lr +++ b/content/localization/becoming-tor-translator/contents.lr @@ -8,7 +8,7 @@ _template: layout.html --- title: Becoming a Tor translator --- -subtitle: Our localization efforts happen in the Localization Lab Hub on Transifex, a third-party translation platform. Learn how to sign up and begin contributing. +subtitle: Learn how to sign up and begin contributing. --- key: 1 --- diff --git a/content/localization/current-status/contents.lr b/content/localization/current-status/contents.lr index e9131f6..25c2860 100644 --- a/content/localization/current-status/contents.lr +++ b/content/localization/current-status/contents.lr @@ -16,14 +16,11 @@ html: two-columns-page.html --- body:
-We have some languages in very good shape, with a number of active and committed contributors (as French, Spanish, Russian, Portuguese). Even when the translations are finished, you are still welcome to help us with these languages. +Some languages are more active than others with a higher number of active and committed contributors (such as French, Russian, Portuguese). However you are still welcome to help us with these languages, even after the translations are complete.
Our translations are incomplete for a lot of languages. They may be spoken by fewer people around the world, but it is still critical that we improve access to Tor for people who do not speak English.
-Please consider [helping with translations](/localization/becoming-tor-translator/) in your native language. +You can see the open tickets about translation issues on our [bugtracker](https://gitlab.torproject.org/tpo/community/l10n/-/issues).
-Right now, we need the most help with Farsi (Persian), Arabic, and Korean. But many other languages are being translated, as you can see here: - -<img class="col-lg-6" src="../../static/images/localization/stats.png"> - -You can see the open tickets about translation problems on our [bugtracker](https://trac.torproject.org/projects/tor/query?status=!closed&component=...). +Our documentation is very important for users around the world to be able to use Tor and Tor Browser: +This includes the Tor Browser User Manual, the Support portal, the Tor Project website and the Community portal. diff --git a/content/localization/pick-a-project/contents.lr b/content/localization/pick-a-project/contents.lr index f651937..72c3f4c 100644 --- a/content/localization/pick-a-project/contents.lr +++ b/content/localization/pick-a-project/contents.lr @@ -19,9 +19,20 @@ We want our tools to be available and localized for anyone who wants to use them
<img class="col-lg-6" src="../../static/images/localization/stats.png">
+Please consider [helping with translations](/localization/becoming-tor-translator/) in your native language, however don't start a new regional variant of your language if there is a more general language available (for example: contribute to the French translation, instead of starting Canadian French). + +This is due to the fact that each additional language requires more resources, including a set of committed translators and space on our servers. + +There are many files to translate and keep up to date to maintain a language for the Tor Project. Moreover, once translated, there are always future updates and new pages needing translated too. +The more users that will benefit from a translation, the more scalable that translation becomes – as it will also benefit from the help of a larger number of volunteers keeping it up to date. + +We also recommend forming a team for your language: this way, the content can be reviewed by at least one other person, producing translations that are of higher quality and are easier to maintain. + Although we would value your contribution to any of the projects above, our most critical needs are Tor Browser, the Tor Browser User Manual, and our Support portal:
* Tor Browser is translated in many different Transifex resources, but you can see the [Tor Browser total strings translated per language](https://torpat.ch/locales) to see where help is needed. * The Tor Browser User Manual is a very useful resource for new users that do not speak English, see [Tor Browser User Manual translation statistics](https://torpat.ch/manual-locales) or [translate](https://www.transifex.com/otf/tor-project-support-community-portal/tbmanual-...) to help. * The [Support portal](https://support.torproject.org/) is also a valuable resource for all Tor users, see [Tor Support portal translation statistics](https://torpat.ch/support-locales) or [translate](https://www.transifex.com/otf/tor-project-support-community-portal/support-p...) to help. + +We are also translating this page, the Community portal: * The [Community portal](https://community.torproject.org/) is this website, where you can find ways to contribute to Tor. Help us [translate](https://www.transifex.com/otf/tor-project-support-community-portal/community...) it. diff --git a/content/onion-services/advanced/https/contents.lr b/content/onion-services/advanced/https/contents.lr index 04c249c..c49fd7a 100644 --- a/content/onion-services/advanced/https/contents.lr +++ b/content/onion-services/advanced/https/contents.lr @@ -19,7 +19,7 @@ body: When visiting a site over HTTPS (HTTP over TLS), the TLS protocol prevents data in transit from being read or manipulated by man in the middle attacks, and an x.509 certificate obtained from a Certificate Authority (CA) is validates that the user is actually connecting to a server representing the domain name in the browser address bar. Modern browsers indicate that a connection is insecure if not using TLS, and require that a TLS connection is authenticated by a CA-issued x.509 certificate.
-When visiting a site over the onion services protocol, the Tor protocol prevents data in transite from being read or manipulated by man in the middle attacks, and the onion service protocol validates that the user is connected to the domain name in the browser address bar. +When visiting a site over the onion services protocol, the Tor protocol prevents data in transit from being read or manipulated by man in the middle attacks, and the onion service protocol validates that the user is connected to the domain name in the browser address bar. No certificate authority is required for this proof, because that name is the actual public key used to authenticate the underlying connection.
As ".onion" is a [special top level domain name](https://tools.ietf.org/html/rfc7686), most Certificate Authorities don't have support for issuing X.509 certificates for onion sites. diff --git a/content/relay-operations/community-resources/eff-tor-legal-faq/tor-dmca-response/contents.lr b/content/relay-operations/community-resources/eff-tor-legal-faq/tor-dmca-response/contents.lr index 847ce19..f782b29 100644 --- a/content/relay-operations/community-resources/eff-tor-legal-faq/tor-dmca-response/contents.lr +++ b/content/relay-operations/community-resources/eff-tor-legal-faq/tor-dmca-response/contents.lr @@ -30,15 +30,28 @@ Dear [ISP]:
Thank you for forwarding me the notice you received from [copyright claimant] regarding [content]. I would like to assure you that I am not hosting the claimed infringing materials, and furthermore, the Digital Millennium Copyright Act's ("DMCA") safe harbors likely protect you from liability arising from this complaint. The notice is likely based upon misunderstandings about the law and about some of the software I run.
-As you know, the DMCA creates four "safe harbors" for service providers to protect them from copyright liability for the acts of their users, when the ISPs fulfill certain requirements. (17 U.S.C. 512) The DMCA's requirements vary depending on the ISP's role. You may be familiar with the "notice and takedown" provisions of section 512(c) of the DMCA; however, those do not apply when an ISP merely acts as a conduit. Instead, the "conduit" safe harbor of section 512(a) of the DMCA has different and less burdensome eligibility requirements, as the D.C. Circuit Court of Appeals held in RIAA v. Verizon (see https://scholar.google.com/scholar_case?case=15815830240179540527) and the Eighth Circuit Court of Appeals confirmed in RIAA v. Charter (see https://scholar.google.com/scholar_case?case=11547531128234336420). +As you know, the DMCA creates four "safe harbors" for service providers to protect them from copyright liability for the acts of their users, when the ISPs fulfill certain requirements. (17 U.S.C. 512) +The DMCA's requirements vary depending on the ISP's role. You may be familiar with the "notice and takedown" provisions of section 512(c) of the DMCA; however, those do not apply when an ISP merely acts as a conduit. +Instead, the "conduit" safe harbor of section 512(a) of the DMCA has different and less burdensome eligibility requirements, as the D.C. Circuit Court of Appeals held in RIAA v. Verizon (see https://scholar.google.com/scholar_case?case=15815830240179540527) and the Eighth Circuit Court of Appeals confirmed in RIAA v. Charter (see https://scholar.google.com/scholar_case?case=11547531128234336420).
-Under DMCA 512(a), service providers like you are typically protected from damages for copyright infringement claims if you also maintain "a policy that provides for termination in appropriate circumstances of subscribers and account holders of the service provider's system or network who are repeat infringers." If you have and implement such a policy, and you otherwise qualify for the safe harbor, you should be free from fear of copyright damages. +Under DMCA 512(a), service providers like you are typically protected from damages for copyright infringement claims if you also maintain "a policy that provides for termination in appropriate circumstances of subscribers and account holders of the service provider's system or network who are repeat infringers." +If you have and implement such a policy, and you otherwise qualify for the safe harbor, you should be free from fear of copyright damages.
-The copyright notice you received was likely triggered by a program I run called Tor. Tor is network software that helps users to enhance their privacy, security, and safety online. It does not host any content. Rather, it is part of a network of nodes on the Internet that simply pass packets among themselves before sending them to their destinations, just as any Internet intermediary does. The difference is that Tor tunnels the connections such that no hop can learn both the source and destination of the packets, giving users protection from nefarious snooping on network traffic. The result is that, unlike most other Internet traffic, the final IP address that the recipient receives is not the IP address of the sender. Tor protects users against hazards such as harassment, spam, and identity theft. Initial development of Tor, including deployment of a public-use Tor network, was a project of the U.S. Naval Research Laboratory, with funding from ONR and DARPA. (For more on Tor, see https://www.torproject.org/.) I hope, as an organization committed to protecting the privacy of its customers, you'll agree that this is a valuable technology. +The copyright notice you received was likely triggered by a program I run called Tor. Tor is network software that helps users to enhance their privacy, security, and safety online. +It does not host any content. Rather, it is part of a network of nodes on the Internet that simply pass packets among themselves before sending them to their destinations, just as any Internet intermediary does. +The difference is that Tor tunnels the connections such that no hop can learn both the source and destination of the packets, giving users protection from nefarious snooping on network traffic. +The result is that, unlike most other Internet traffic, the final IP address that the recipient receives is not the IP address of the sender. +Tor protects users against hazards such as harassment, spam, and identity theft. Initial development of Tor, including deployment of a public-use Tor network, was a project of the U.S. Naval Research Laboratory, with funding from ONR and DARPA. (For more on Tor, see https://www.torproject.org/.) +I hope, as an organization committed to protecting the privacy of its customers, you'll agree that this is a valuable technology.
-While the Tor node that I run may appear to be the source of material that is alleged to be copyright-infringing, I do not host that material. I do not select the material transmitted through the Tor node that I run, and I have no practical means of either identifying the source of such material or preventing its transmission. I do nothing to encourage or promote the use of the Tor network for copyright infringement. For these reasons, I am not an infringer of copyright in any materials that are transmitted through the Tor node that I run, either directly or under a theory of contributory or vicarious liability. Therefore, you should continue to be protected under the DMCA 512(a) safe harbor without taking any further action. +While the Tor node that I run may appear to be the source of material that is alleged to be copyright-infringing, I do not host that material. +I do not select the material transmitted through the Tor node that I run, and I have no practical means of either identifying the source of such material or preventing its transmission. +I do nothing to encourage or promote the use of the Tor network for copyright infringement. +For these reasons, I am not an infringer of copyright in any materials that are transmitted through the Tor node that I run, either directly or under a theory of contributory or vicarious liability. +Therefore, you should continue to be protected under the DMCA 512(a) safe harbor without taking any further action.
-Thank you for working with me on this matter. As a loyal subscriber, I appreciate your notifying me of this issue and hope that the protections of DMCA 512 put any concerns you may have to rest. If not, please contact me with any further questions. +Thank you for working with me on this matter. As a loyal subscriber, I appreciate your notifying me of this issue and hope that the protections of DMCA 512 put any concerns you may have to rest. +If not, please contact me with any further questions.
Very truly yours, Your customer, [User] diff --git a/content/relay-operations/community-resources/good-bad-isps/contents.lr b/content/relay-operations/community-resources/good-bad-isps/contents.lr index f8da4ae..dc4bb3c 100644 --- a/content/relay-operations/community-resources/good-bad-isps/contents.lr +++ b/content/relay-operations/community-resources/good-bad-isps/contents.lr @@ -87,19 +87,30 @@ For network diversity and stronger anonymity, you should avoid providers and cou | **Company/ISP** | **ASN** | **Bridges** | **Relay** | **Exit** | **Comments** | **Last Updated** | |-------------------------|-------------|-----------------|--------------|-------------|---------------------|------------------------| | [Weesly](http://weesly.de) | - | Yes | Yes | Yes | Note that you should let them know about your intention when ordering a server or in advance. | 06/2013 | -| [EUServ](http://euserv.de) | - | - | Yes | No | They have a bad support, but if you know how to maintain your server, this ISP is a good choice. | - | -| [IPX-Server](https://www.ipx-server.de/) | - | Yes | Yes | - | - | - | -| [Keyweb](https://www.keyweb.de/) | - | - | No | No | "Unfortunately this is not possible with us." | 2020 | -| [Afterburst](http://afterburst.com) | - | - | Yes | No | - | - | +| [EUServ](http://euserv.de) | AS35366 | Yes | Yes | Yes | "Relays only allowed on dedicated Servers Prime64 and Pro64, Exit nodes only allowed on Prime64 and Pro64 with Pro-Option, own subnet, RIPE entry along with publicly visible abuse and police contact." | 03/2021 | +| [IPX-Server](https://www.ipx-server.de) | - | Yes | Yes | - | - | - | +| [Keyweb](https://www.keyweb.de) | AS31103 | Yes | Yes | Yes | "Everything that is in accordance with current jurisprudence is permitted on our servers." | 03/2021 | +| [Afterburst](http://afterburst.com) | AS29761, AS8100 | - | Yes | No | - | - | | [myLoc Managed IT](https://myloc.de) | AS31010, AS24961 | Yes | Yes | No | - | 2018-10-25 | -| [linevast](https://www.linevast.de/) | - | Yes | Yes | Yes | Only allowed on dedicated servers | 13/11/2015 | -| [Server4You](https://www.server4you.de/)%7C - | Yes | Yes | No | Part of [Intergenia AG](http://www.intergenia.de/)), I've asked Server4You support and they state servers with complaints about Tor will be canceled immediately (see the quote in the "Bad Experience" section) | - | -| [Hetzner](http://hetzner.de/) | - | - | Yes | No | Offers good dedicated root servers for a good price. | - | -| [Contabo](https://contabo.de) | - | Yes | Yes | Yes | Has no restriction for relays or exit nodes. However, possible abuse complaints will be forwarded to the owner and need to be addressed. | 2018/06 | -| [Strato](https://strato.de) | - | - | Yes | No | Exit-Nodes are prohibited by their general terms and conditions | - | -| [PraHost](https://www.prahost.com/) | - | - | Yes | Yes | Stated in November 2014 that they allow exit nodes if abuse complaints are handled. Suspends the server if no "valid" action (read: blocking) is taken within 24 hours of an abuse ticket. Their ticket system does not reliably handle email replies, use the web interface instead. | 2017-10-31 | -| [DomainFactory](https://www.df.eu/de/cloud-hosting/cloud-server/) | - | - | Yes | No | - | - | -| [NetCologne](https://www.netcologne.de/) | - | - | Yes | Yes | - | - | +| [linevast](https://www.linevast.de) | AS201206 | No | No | No | | 03/2021 | +| [Server4You](https://www.server4you.de)%7C AS131914 | No | No | No | - | 03/2021 | +| [Hetzner](http://hetzner.de) | AS24940 | Yes | Yes | Yes | Offers good dedicated root servers for a good price. "It is not a Problem, however, abuse reports can lead to a server lock" | 03/2021 | +| [Contabo](https://contabo.de) | AS51167 | No | No | No | Tor prohibited due to terms of service | 03/2021 | +| [Strato](https://strato.de) | AS6724 | No | No | No | - | 03/2021 | +| [PraHost](https://www.prahost.com) | - | Yes | Yes | Yes | "If there is any abuse notice received, you need to solve it in given time, else your IP will be blocked until you take any action" | 03/2021 | +| [DomainFactory](https://www.df.eu/de/cloud-hosting/cloud-server) | AS34011 | Yes | Yes | Yes | Only allowed on jiffybox | 03/2021 | +| [NetCologne](https://www.netcologne.de) | - | - | Yes | Yes | - | - | +| [Signaltransmitter](https://signaltransmitter.de) | AS24961 | Yes | Yes | Yes | "In principle, we do not limit our services apart from mining bitcoins" | 03/2021 | +| [Netcup](https://www.netcup.de) | AS197540 | Yes | Yes | Yes | Tor allowed on VPS and rootservers | 03/2021 | +| [Onyxhosting](https://onyxhosting.de) | - | No | No | No | - | 03/2021 | +| [IP-Projects](https://www.ip-projects.de) | AS48314 | No | No | No | - | 03/2021 | +| [Lansol](https://www.lansol.de) | - | No | No | No | - | 03/2021 | +| [delta.networks](https://www.delta-networks.de) | AS9937 | No | No | No | - | 03/2021 | +| [VPS2Day](https://www.vps2day.com) | AS58329 | Yes | Yes | No | Exit nodes prohibited due to terms of service | 03/2021 | +| [Serverprofis](https://www.serverprofis.de) | AS5539 | No | No | No | - | 03/2021 | +| [manitu](https://www.manitu.de) | AS34240 | No | No | No | "I'm sorry - even if the network has great added value for specific purposes, we have decided to prohibit Tor services on our network" | 03/2021 | +| [active-servers](https://www.active-servers.com) | AS197071 | Yes | Yes | Yes | "Usually this leads to abuse mails, which only cause trouble – but basically we have nothing against it" | 03/2021 | +| [UltraVPS](https://www.ultravps.eu) | - | No | No | No | "We are not the right host for your project" | 03/2021 |
### Hong Kong diff --git a/content/relay-operations/community-resources/tor-abuse-templates/contents.lr b/content/relay-operations/community-resources/tor-abuse-templates/contents.lr index 1cd12f9..3d2f00c 100644 --- a/content/relay-operations/community-resources/tor-abuse-templates/contents.lr +++ b/content/relay-operations/community-resources/tor-abuse-templates/contents.lr @@ -92,8 +92,7 @@ We're sorry your site is experiencing this heavy load from Tor. However, it is possible that your rate limiting alarms simply experienced a false positive due to the amount of traffic that flows through the router. We provide service to almost a gigabit of traffic per second, 98% of which is web traffic.
-If the attack is real and ongoing, however, the Tor project provides an automated DNSRBL for you to query to block login attempts coming -from Tor nodes: https://www.torproject.org/projects/tordnsel.html.en +If the attack is real and ongoing, however, the Tor project provides an automated DNSRBL for you to query to block login attempts coming from Tor nodes: https://www.torproject.org/projects/tordnsel.html.en
It is also possible to download a list of all Tor exit IPs that will connect to your server port: https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=YOUR_IP&port=... @@ -175,11 +174,9 @@ Additionally, the Tor project provides an automated DNSRBL for you to query to f
It also provides a Bulk Exit List service for retrieving the entire list: https://check.torproject.org/cgi-bin/TorBulkExitList.py
-You can use this list to help you take a closer look at Tor orders, or to hold them temporarily for additional verification, without losing -legitimate customers. +You can use this list to help you take a closer look at Tor orders, or to hold them temporarily for additional verification, without losing legitimate customers.
-In fact, in my experience, the fraud processing teams contracted by many ISPs simply mark all requests from Tor nodes as fraud using that -very list. +In fact, in my experience, the fraud processing teams contracted by many ISPs simply mark all requests from Tor nodes as fraud using that very list. So it is even possible this is a legitimate order, but was flagged as fraud solely based on IP, especially if you contract out fraud detection to a third party. ```
diff --git a/content/relay-operations/technical-setup/bridge/debian-ubuntu/contents.lr b/content/relay-operations/technical-setup/bridge/debian-ubuntu/contents.lr index 8dfc9e7..4d25952 100644 --- a/content/relay-operations/technical-setup/bridge/debian-ubuntu/contents.lr +++ b/content/relay-operations/technical-setup/bridge/debian-ubuntu/contents.lr @@ -15,7 +15,7 @@ Get the latest version of Tor. If you're on Debian stable, `sudo apt-get install ### 2. Install obfs4proxy
On [Debian](https://packages.debian.org/search?keywords=obfs4proxy), the `obfs4proxy` package is available in unstable, testing, and stable. -On [Ubuntu](https://packages.ubuntu.com/search?keywords=obfs4proxy), bionic, cosmic, disco, and eoan have the package. +On [Ubuntu](https://packages.ubuntu.com/search?keywords=obfs4proxy), bionic, cosmic, disco, eoan, and focal have the package. If you're running any of them, `sudo apt-get install obfs4proxy` should work.
If not, you can [build it from source](https://gitlab.com/yawning/obfs4#installation). diff --git a/content/relay-operations/technical-setup/bridge/docker/contents.lr b/content/relay-operations/technical-setup/bridge/docker/contents.lr index eb449a8..00e26a1 100644 --- a/content/relay-operations/technical-setup/bridge/docker/contents.lr +++ b/content/relay-operations/technical-setup/bridge/docker/contents.lr @@ -9,11 +9,7 @@ body: ### 1. Deploy a container
We provide a docker-compose file that helps you deploy the container. -First, -[download docker-compose.yml](https://dip.torproject.org/torproject/anti-censorship/docker-obfs4-bridge/ra...), -and then write your bridge configuration to a new file, `.env`, which is in the -same directory as `docker-compose.yml`. Here's a -template: +First, [download docker-compose.yml](https://dip.torproject.org/torproject/anti-censorship/docker-obfs4-bridge/ra...), and then write your bridge configuration to a new file, `.env`, which is in the same directory as `docker-compose.yml`. Here's a template:
``` # Your bridge's Tor port. @@ -24,18 +20,14 @@ PT_PORT=Y EMAIL=Z ```
-Replace `X` with your desired OR port, `Y` with your obfs4 port (make sure that -**both** ports are forwarded in your firewall), and `Z` with your email address, -which allows us to get in touch with you if there are problems with your bridge. -With your bridge configuration in place, you can now deploy the container by -running: +Replace `X` with your desired OR port, `Y` with your obfs4 port (make sure that **both** ports are forwarded in your firewall), and `Z` with your email address, which allows us to get in touch with you if there are problems with your bridge. +With your bridge configuration in place, you can now deploy the container by running:
``` docker-compose up -d obfs4-bridge ```
-This command will automatically load your `docker-compose.yml` file while -considering the environment variables in `.env`. +This command will automatically load your `docker-compose.yml` file while considering the environment variables in `.env`.
You should now see output similar to the following:
diff --git a/content/relay-operations/technical-setup/bridge/freebsd/contents.lr b/content/relay-operations/technical-setup/bridge/freebsd/contents.lr index e1cef75..29baea0 100644 --- a/content/relay-operations/technical-setup/bridge/freebsd/contents.lr +++ b/content/relay-operations/technical-setup/bridge/freebsd/contents.lr @@ -109,10 +109,8 @@ FreeBSDlatest: {
### 7. Final notes
-If you are having trouble setting up your bridge, have a look at [our help -section](https://community.torproject.org/relay/getting-help/). If -your bridge is now running, check out the [post-install -notes](https://community.torproject.org/relay/setup/bridge/post-install/). +If you are having trouble setting up your bridge, have a look at [our help section](https://community.torproject.org/relay/getting-help/). +If your bridge is now running, check out the [post-install notes](https://community.torproject.org/relay/setup/bridge/post-install/).
--- subtitle: How to deploy an obfs4 bridge on FreeBSD diff --git a/content/relay-operations/technical-setup/bridge/windows/contents.lr b/content/relay-operations/technical-setup/bridge/windows/contents.lr index 5ce0b6c..7bf3ddc 100644 --- a/content/relay-operations/technical-setup/bridge/windows/contents.lr +++ b/content/relay-operations/technical-setup/bridge/windows/contents.lr @@ -22,24 +22,24 @@ You will need to show hidden items and file name extensions. In your Explorer wi
### 2. Build files and relocate
-Open up the Tor folder on your desktop. Double click `tor.exe`. Once the command prompt reads: `[notice] Bootstrapped 100% (done): Done`, close the window. This creates the folder `C:\Users\<user>\AppData\Roaming\tor\` (where `<user>` is your user name). +Open up the Tor folder on your desktop. Double click `tor.exe`. Once the command prompt reads: `[notice] Bootstrapped 100% (done): Done`, close the window. This creates the folder `C:\Users<user>\AppData\Roaming\tor` (where `<user>` is your user name).
-From the Tor folder on your desktop, select all `.dll`'s and `.exe`'s and cut/paste them into the `C:\Users\<user>\AppData\Roaming\tor\` folder. +From the Tor folder on your desktop, select all `.dll`'s and `.exe`'s and cut/paste them into the `C:\Users<user>\AppData\Roaming\tor` folder.
-Open up the Data folder on your desktop. Inside that Tor folder, select both `geoip` and `geoip6` and cut/paste them into the `C:\Users\<user>\AppData\Roaming\tor\` folder. +Open up the Data folder on your desktop. Inside that Tor folder, select both `geoip` and `geoip6` and cut/paste them into the `C:\Users<user>\AppData\Roaming\tor` folder.
-Navigate to `C:\Users\<user>\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports`. Select `obfs4proxy.exe` and cut/paste it into the `C:\Users\<user>\AppData\Roaming\tor\` folder. +Navigate to `C:\Users<user>\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports`. Select `obfs4proxy.exe` and cut/paste it into the `C:\Users<user>\AppData\Roaming\tor` folder.
### 3. Create and edit your Tor config file
-In the `C:\Users\<user>\AppData\Roaming\tor\` folder, right-click on white space and select `New > Text Document`. Name the file `torrc`; there is no extension. +In the `C:\Users<user>\AppData\Roaming\tor` folder, right-click on white space and select `New > Text Document`. Name the file `torrc`; there is no extension.
Double-click on the `torrc` file. When prompted *How do you want to open this file?*, select `Notepad`. Add the following:
``` -Log notice file C:\Users\<user>\AppData\Roaming\tor\notice.log -GeoIPFile C:\Users\<user>\AppData\Roaming\tor\geoip -GeoIPv6File C:\Users\<user>\AppData\Roaming\tor\geoip6 +Log notice file C:\Users<user>\AppData\Roaming\tor\notice.log +GeoIPFile C:\Users<user>\AppData\Roaming\tor\geoip +GeoIPv6File C:\Users<user>\AppData\Roaming\tor\geoip6
BridgeRelay 1
@@ -48,7 +48,7 @@ BridgeRelay 1 # Avoid port 9001 because it's commonly associated with Tor and censors may be scanning the Internet for this port. ORPort TODO1
-ServerTransportPlugin obfs4 exec C:\Users\<user>\AppData\Roaming\tor\obfs4proxy.exe +ServerTransportPlugin obfs4 exec C:\Users<user>\AppData\Roaming\tor\obfs4proxy.exe
# Replace "TODO2" with an obfs4 port of your choice. # This port must be externally reachable and must be different from the one specified for ORPort. @@ -77,11 +77,11 @@ Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`,
### 4. Start tor
-Open up the Command Prompt App. Change your directory with: `cd C:\Users\<user>\AppData\Roaming\tor\`. Type: `tor.exe -f torrc`. +Open up the Command Prompt App. Change your directory with: `cd C:\Users<user>\AppData\Roaming\tor`. Type: `tor.exe -f torrc`.
### 5. Monitor your logs
-To confirm your bridge is running with no issues, you should see something like this in `C:\Users\<user>\AppData\Roaming\tor\notice.log`. +To confirm your bridge is running with no issues, you should see something like this in `C:\Users<user>\AppData\Roaming\tor\notice.log`.
``` [notice] Your Tor server's identity key fingerprint is '<NICKNAME> <FINGERPRINT>' diff --git a/content/relay-operations/technical-setup/exit/contents.lr b/content/relay-operations/technical-setup/exit/contents.lr index 69c19fc..5b17ec7 100644 --- a/content/relay-operations/technical-setup/exit/contents.lr +++ b/content/relay-operations/technical-setup/exit/contents.lr @@ -26,6 +26,8 @@ Before turning your non-exit relay into an exit relay, ensure that you have set
If your provider offers it, make sure your WHOIS record contains clear indications that this is a Tor exit relay.
+Do use a domain name that you own. Definitely do not use `torproject.org` as a domain name for your reverse DNS. + ## Exit Notice HTML page
To make it even more obvious that this is a Tor exit relay you should serve a Tor exit notice HTML page.
tor-commits@lists.torproject.org