Jeremy Rand biolizard89@gmail.com writes:
Hi Tor developers,
I'm interested in participating in GSoC. I'm an undergrad majoring in computer science at University of Oklahoma, and I've been a major Tor enthusiast for years.
There are two possible projects which I'm considering; I'm looking for some feedback on which you think would be better for me to apply for.
One project is allowing hidden services to have human-readable names. I think Namecoin would be an excellent backend for this. I coded a proof-of-concept of using Namecoin to point human-readable .bit domains to .onion domains; that code is available at https://github.com/JeremyRand/Convergence . For example, using this, you can visit http://federalistpapers.bit/ to get to the Federalist Papers hidden service. The proof of concept only works on Firefox right now (not TorBrowser); I would definitely be interested in porting it to TorBrowser, improving its privacy, and making it work for applications other than web browsing. Namecoin also has the useful feature of allowing HTTPS fingerprints to be embedded in the blockchain, which eliminates the need to trust certificate authorities for clearnet HTTPS websites (I understand that malicious exit nodes messing with TLS is currently a significantly voiced concern for Tor). I have a strong understanding of how Namecoin's DNS works and have developed some projects using Namecoin (including a dynamic DNS client), so I think I'm a good fit for such a project if there's interest in the Tor community. I talked with Jacob Appelbaum about using Namecoin recently; he was concerned about a 51% attack. I think that could be mostly resolved via a checkpointing system; while doing so adds a small degree of centralization, Tor is already slightly centralized, and it's still less centralized than other alternative naming systems that have been proposed (e.g. having Tor Project maintain a list of names themselves). While I'm not particularly familiar (yet) with how checkpointing is done within Namecoin's block validation system, I do know how to at least verify whether the currently loaded blockchain matches a given checkpoint (which would at least alert users that an attack had taken place).
I'd like to see human-readable names in HSes, but I'm not very familiar with Namecoin. I don't want to discourage you from working on this, but I'm not sure if I would be a good mentor for this.
BTW, I remember watching a presentation about namecoin, and it seemed like there are still a few serious unresolved problems (domain squatting is easy, no revocation, lightweight clients are impossible). Also, namecoin are not anonymous, but people who get HS domain names care about anonymity.
The other project is making a search engine for hidden services (listed as Project Idea F on the Tor website). I think YaCy could be used to accomplish this in a decentralized and censorship-free way. I would suggest making a separate YaCy network for hidden services, using a regexp whitelist to only index .onion URL's (YaCy has such a network but I think it's currently inactive). YaCy doesn't have whitelist support built in, but I think the blacklist feature should be usable for simulating such a feature with some effort. YaCy's SOLR schema supports searching based on outgoing link URL's, so I think I could make a standard YaCy client search for all clearnet sites which link to a .onion/.onion.to/.tor2web.org URL, and feed those URL's to a Tor YaCy client for indexing. I've been a YaCy enthusiast for a couple years, and I'm actually using YaCy in a grad-level CS project this semester (the course is on Artificial Neural Networks and Evolution), so while I haven't touched the YaCy source code, I think I'm a good match for this project.
Yes, you seem like a good match for this project.
Familiriaty with YaCy will be very useful indeed.
On the crawler side, may I suggest you to also look into archive.org's Heritrix crawler? Someone told me that it's what the cool kids use these days for crawling the web but I haven't used it myself.
I think you would be a good candidate for this project. However, be warned that it's likely that more good candidates will apply for this project so it might be a tough competition.