Resurrecting a thread from the grave!
I have made a patch to check.torproject.org to expose a JSONP interface that would allow people to have the user check client side if (s)he is using Tor.
This would allow people to embed a badge on their website (privacybadge.html) that congratulates the user of using Tor or warns him of non Tor usage with a link to torproject.org.
I can imagine privacy advocates having this deployed on their websites or systems that engourage users to connect to them anonymously.
Compared to what check.torproject.org does at the moment the risk does not change, it is erogating exactly the same service, just making it more useful and flexible.
Basically what it does is check if the ip doing the connection is connected through Tor. The web service will reply with a JSON encoded array that can be loaded from the user and display in the browser a nice looking badge.
Since I noticed that check.tpo was removed from the front page I was thinking it would be a good idea to bring back up the topic of migrating check.torproject.org to a JSONP based system.
Such a system would also allow to have the "JSONP check nodes" distributed across multiple machines (avoiding the single point of failure that check currently is) and the client side software could be embedded inside of TBB directly.
People could further promote the usage of Tor by placing an "Anonymity" badge on their website.
A person wishing to setup such a node needs to simply install TorBel and a python based web app that runs this JSONP system.
My threat model for this is very lax, so I don't see any purpose in bad actors telling a client when he is not using Tor that he is using it. If check.tpo tells the user is not using Tor it already means that TBB failed, the purpose of it is just to provide visual feedback to the user that all is did went well.
I still need to finish the styling of the badge to contain links to torproject.org and generally make it cooler.
Also, the check.torproject repo should be moved to svn.
Isn't it already in svn? Shouldn't we move it to git?
If check is moved to git and you think it is a good idea I can start working on this.
- Art.