Hi all,
We are glad to announce the release of the new tor2web software.
For those of you who are not aware of what tor2web is let us give you a brief description. The goal of tor2web is that of promoting the use of Tor Hidden Services (https://www.torproject.org/docs/hidden-services.html.en). Hidden Services allow people to run TCP based services without disclosing the identity/location of their server. In the specific they allow people to anonymously publish content to the web. Also, since you are being reached trough the Tor network, you are not required to have a static ip address or purchase a domain. This lowers the entry barrier to content publishing and protect the content publisher from retaliation and Denial of Service attacks.
The problem though is that Hidden Services are usually only accessible by installing a Tor client (https://www.torproject.org/projects/torbrowser.html.en). Tor2web creates a transport, by acting as a web proxy, between the internet and the Tor network. This means that anonymous publishers are able to reach a much wider audience. The user visiting a website though tor2web is always advised to install a Tor client as by doing so he will protect his identity and leverage Hidden Services end-to-end encryption.
This version of tor2web (called tor2web 2.0) is based on glype PHP web proxy (http://www.glype.com) and it is by no means the definitive solution. We are currently working on a new design that will be able to withstand other "attacks" that are currently possible.
What we have implemented is: * A clear disclaimer warning the user that the content is not being served directly from the server, but it comes from the Tor network * Contact forms for abuse complaints and to report broken websites * Transparent rewriting of URLs into the tor2web form (i.e. so4rmjdiwmqjosxz.onion become so4rmjdiwmqjosxz.tor2web.org) * Blocklists to allow a tor2web node maintainer to block particular websites, the blocklists are stored in md5 format so the node maintainer does not need to store potentially illegal site lists.
At this current stage we would like the community to stand-up and help us by: * Finding security and functional bugs in the existing implementation * Volounteering to run new tor2web servers: In this first stage we are looking for reliable systems, run or endorsed by trustworthy organizations involved in anonymity and privacy research and development.
For the new release the goals that we wish to further pursue are: * Distribute responsibility across multiple actors * Minimize the probability of takedown of a tor2web node
If you want further information on the tor2web project visit: Wiki for new developments: http://wiki.tor2web.org/ Tor2web original website: http://www.tor2web.org Github: https://github.com/globaleaks/tor2web-2.0 Mailing List: tor2web-talk@lists.tor2web.org on http://bit.ly/pxFwNS . IRC: irc.oftc.net #tor2web
Have a nice day, Some Random GlobaLeaks Contributors
Please spread across the anonimity communities and mailing lists