Karsten Loesing karsten@torproject.org writes:
And question number two: why not make this a "relay and *client* web status and control panel"? In the Torouter case, people might want to use their tor only as a client to route all their connections through tor.
I had suggested something pretty similar (as a replacement for Vidalia, for example) quite a while ago (on IRC only maybe?) and several people thought it was a completely horrible idea (e.g. "that'll NEVER happen") mostly on the grounds of what Damian pointed out already (cross-protocol attacks, bigger attack surface) plus fears like getting people used to looking at "a web thing" to control Tor means fake "web things" get easier to attack them with, ...
Aren't these concerns valid for the relay cases and for a "client" (tor-router) sort of thing as well?
If not, or if tor-dev thinks this *could* be made to work (securely), I could potentially dig out the proof-of-concept I had for anyone who wanted a starting-point to tackle this (with txtorcon + Twisted of course, plus d3.js for realtime bandwidth graphs plus some comet/ajax thing I forget right now).