Hi all!
My name is Israel Leiva, and I'll be working on the "Revamp GetTor" [1] project during this GsoC. My mentors will be sukhe and mrphs.
What I propose is to redesign the current "GetTor" code in order to make it oriented to modules, which the users can access via common "services" (like SMTP, for instance) and get the required info (packages or links). The idea is that this new design could allow the implementation of new modules in the future. You can find more details about my proposal in [2].
Needless to say I'm very excited and honored to collaborate with the Tor project and community!
[1] https://www.torproject.org/getinvolved/volunteer.html.en#revamp_gettor [2] http://ileiva.github.io/gettor_proposal.html
Best,
Hi Israel,
Following are my comments on your proposal[1], that I've mentioned on IRC earlier today.
Sukhbir, Roger and others are more than welcome to share their inputs.
1- wrt cloud-storage mirrors and private git-repo, ideally the links shouldn't be stored anywhere at all. Sending an email to gettor should be the only way to get a link.
Maybe we should generate unique URLs for each request, so in case the censors blocked or limited access to SSL, we could serve the unique links over HTTP.
So the scenario in my mind is something like:
user asks for a bundle -> gettor generates new urls on cloud (either by fetching the latest bundle from dist or recycling old urls) -> reply to user with urls, keeps the urls for a while -> then either remove or recycle the links.
2- I find Skype distribution method, a terrible idea for many reasons. Instead, we could aim for XMPP (with and without OTR support).
3- Having an smart core module to understand a request like "Give me the URL links for TBB in this language" is cool but we need to make sure it wouldn't break or cause problems when we start to get requests in 10 different languages.
Just my 2cents.
[1]: https://ileiva.github.io/gettor_proposal.html
Best of luck and happy coding,
Hi Israel,
Following are my comments on your proposal[1], that I've mentioned on IRC earlier today.
Hi Nima, thanks for commenting.
1- wrt cloud-storage mirrors and private git-repo, ideally the links shouldn't be stored anywhere at all. Sending an email to gettor should be the only way to get a link.
What's wrong with storing these links?
Maybe we should generate unique URLs for each request, so in case the censors blocked or limited access to SSL, we could serve the unique links over HTTP.
So the scenario in my mind is something like:
user asks for a bundle -> gettor generates new urls on cloud (either by fetching the latest bundle from dist or recycling old urls) -> reply to user with urls, keeps the urls for a while -> then either remove or recycle the links.
Sounds great! If we can't ensure message encryption, we could at least delete the uploaded packages after some fixed amount of time, so other people can't (easily) know what you've downloaded. This should consider abuse prevention.
2- I find Skype distribution method, a terrible idea for many reasons. Instead, we could aim for XMPP (with and without OTR support).
Yeah, not the best distributor but IMHO is "less suspicious" or hard to block in a large scale. Replacing it with XMPP sounds fine to me, though.
3- Having an smart core module to understand a request like "Give me the URL links for TBB in this language" is cool but we need to make sure it wouldn't break or cause problems when we start to get requests in 10 different languages.
Of course, whether the code is re-written from scratch or fixed, it has to be done with scalability in mind.
Just my 2cents.
Best of luck and happy coding,
Thanks!
best, israel