March 2016 - tor-dev - lists.torproject.org

Tor browser (and releated) improvement ideas
by Michał Dziczkowski 10 Mar '16

10 Mar '16

Here are few of my improvement ideas for Tor Browser (and releated): * add more possible proxy hosts * make that TOR probes very often all avaliable hosts and pick every time the fastest one to prevent lagging while sites load * add a module with discovers the site load time and it determine that it's (or it's content) load to slow then would self switch proxy for the site to make it load faster * don't make tor browser install by default the No-Script plugin because it's preventing sites from working correctly (and it's very annoying to unblock each time scripts for each page, site or server) --- Mcgiwer

1 0

Make TorBirdy Better [GSoc16]
by Pushkar Pathak 10 Mar '16

10 Mar '16

Hi, I am a sophomore in IIIT,Hyderabd and would like to take the project to build TorBirdy better as my GSoc project.I have experience in c++,python,javascript,bash. Any links to get me started would be obliged. Thanks, Pushkar.

1 0

Interest in GSOC 2016
by AKASH DAS 09 Mar '16

09 Mar '16

Hii Community, I am a great enthusiast in network security and is very keen to increase my knowledge in this field and I think this is a way I can learn more things. So, I want to do something for this org and wanna contribute to it. I am currently a second year undergrad CSE student in Indian Institute Of Information Technology, Sricity. So please can anyone guide me so that I can get into it as soon as possible and start contributing. Regards, Akash Das Indian Institute Of Information Technology, Sricity System Administrator

2 1

TorBirdy (HTTP Proxy) [GSoC 2016]
by Prakhar Pratyush 09 Mar '16

09 Mar '16

Hello, My name is Prakhar Pratyush. I've been working on this project- "Make TorBirdy Better (HTTP Proxy)" for a few days. I have tried to understand the project and I would like to discuss a few things. At present, what TorBirdy does is- it configures ThunderBird to access the internet through a proxy SOCKSv5 server provided by Tor Bundle. So, are we trying to design an standalone HTTP Proxy which will directly connect to Tor network entry point without needing entire Tor bundle or are we just trying to design an intermediatery HTTP Proxy which will then connect to Tor SOCKSv5 proxy using some form of tunneling or Masqueranding. Thanks Prakhar Pratyush 3rd year, IIT Roorkee

1 1

Re: [tor-dev] Leif's important piece on update golden keys
by Nathan Freitas 07 Mar '16

07 Mar '16

On Mon, Mar 7, 2016, at 11:11 AM, Spencer wrote: > Hi, > > >> > >> Holger Levsen: > >> https://reproducible-builds.org and > >> https://reproducible.debian.net > >> > > Thanks! > > > > > Nathan Freitas: > > https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds > > > > Thanks! > > However, even though reproducible-builds seems to address the manual > install as well, which is good, I read the problem as being the actual > backdoor of auto-update. > > Since my Dad will not be able to make this verification, removing > auto-update from the package is the only real resolution here. I think our goal is to remove any one person from having the authority to release an update. F-Droid or similar package managers should expect multiple signatures in the future instead of just one. Part of the trust people will place in projects or apps in the future is that they are not only open-source, but have a judicially diverse or robust set of signatories. > Besides, given the broken/missing auto-update opt-out in packages like > OrFox, it is difficult to trust the developers, since it is the user who > defines "malicious". Can you explain this more? I want to make sure I don't misunderstand what the issue is. +n

2 1

Re: [tor-dev] [valencia2016] Leif's important piece on update golden keys
by Nathan Freitas 07 Mar '16

07 Mar '16

On Sun, Mar 6, 2016, at 11:44 AM, Holger Levsen wrote: > Hi, > > On Montag, 29. Februar 2016, Spencer wrote: > > > [auto update] a threat model we must > > > take more seriously. > > > we are making real progress. > > Like what? > > https://reproducible-builds.org has the very long answer and > https://reproducible.debian.net shows the status for Debian in great > detail. > (And these pages have links to the status of other projects as well.) ... and also: https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds +n

2 1

Questions regarding the future of families
by Brian "redbeard" Harrington 06 Mar '16

06 Mar '16

For a few months I've been tracking this ticket: https://trac.torproject.org/projects/tor/ticket/6676 Regarding the state of family support. I've been working on a project which could be used to expand the number of running relays and have been trying to find the best way to coordinate this so as to make it both obvious who the operator is (which can be done with contact info) as well as to help users avoid building circuits within these related nodes. In the vein of "playing nicely" with the network my concern is that when running large scale infrastructure one needs to minimize the number of moving pieces possible. Ideally this would allow me (in the best case scenario) to supply a static family identifier en masse minimizing the need for managed configurations. In the worst case scenario (that of an entity trying to launch a sybil attack) the administrator would not even attempt to populate this so as to try and appear as separate nodes in the network. Do folks have suggestions on the best way to "play nice" here? --redbeard

5 5

(no subject)
by Alex Mourtziapis 05 Mar '16

05 Mar '16

HI, My name is Alex and I am looking forward in collaborating with you. I am particularly interested in working for Tor messenger but sadly things seemed a little unclear to me and the existing code here [1] didnt help me at all. If I got it right you want the messenger to be written in Node.js and use a lib like nw.js or electron to package and distribute it. Am I looking at the wrong direction? [1] https://gitweb.torproject.org/tor-messenger-build.git ᐧ

2 2

tor-roaster.org creates incentives for *non*-proper MyFamily configurations
by nusenu 05 Mar '16

05 Mar '16

(since this is not really part of that ticket I'm moving this reply to tor-dev) Replying to [comment:21 virgil][1]: > Re: comment #15 >> 2) there are no incentives for a relay operator to set it properly > > Roster aims to fix this. http://tor-roster.org Quite the opposite I think. tor-roster creates incentives for lazy operators because it does not require a proper MyFamily configuration to aggregate relays into a group. tor-roaster's way to group relays (one mutual connection into a group of relays is enough iirc) does not match tor's definition of MyFamily. While tor-roster's way to group actual set of relays to it's operator might represent a more accurate picture of reality than systems that do require proper MyFamily configs, it misses the possibility to create incentives for proper configurations. > For what it's worth, Roster also makes MyFamily a bit less painful to > work with because the detected families are now robust to changes > in the Family graph. For details see [3] This causes the offset between tor's and tor-roster's interpretation/definition. To give you an example, roster says this relay is part of a 24 relays group [4] even though it has only a mutual MyFamily with two other relays: https://atlas.torproject.org/#details/E6E18151300F90C235D3809F90B31330737CE… Ideally tor-roster would make it very clear on their website that groups do not require a complete mutual MyFamily agreement between all relays in that group, or require proper MyFamily configuration to create incentives for properly configured families. [1] https://trac.torproject.org/projects/tor/ticket/6676 [3] ttps://trac.torproject.org/projects/tor/ticket/16750 [4] http://tor-roster.org/family_detail/E26AFC5F718E21AC502899B20C653AEFF688B0D2

1 0

Next version of the algorithm
by Ola Bini 04 Mar '16

04 Mar '16

Hi, Here is the next version of the algorithm - put it in a gist to make it easier to look at: https://gist.github.com/olabini/343da01de8e01491bf5c Cheers -- Ola Bini (https://olabini.se) "Yields falsehood when quined" yields falsehood when quined.

4 16