[tor-bugs] #7721 [Flashproxy]: flashproxy browser add-on

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Dec 20 16:38:17 UTC 2012 

#7721: flashproxy browser add-on
------------------------+---------------------------------------------------
 Reporter:  proper      |          Owner:  dcf
     Type:  task        |         Status:  new
 Priority:  minor       |      Milestone:     
Component:  Flashproxy  |        Version:     
 Keywords:              |         Parent:     
   Points:              |   Actualpoints:     
------------------------+---------------------------------------------------

Comment(by proper):

 > I guess I can see the appeal of this idea, but: if you abandon the idea
 of "visit a web page to become a proxy," and go for "install this software
 to become a proxy," why not just run a standalone proxy program? Why tie
 it to the browser?

 Maybe because it's easier to install and update? Easier to install and
 forget? Fewer clicks? Easier to keep it up to date? Not sure about those.

 Another point: longer uptimes - you can define the uptime in your codes.

 Just another point: you need less cooperation from website owners.

 Well, I mean, if you manage to get Google to install a badge you won't
 need the add-on. Due to the attached legal and ethical questions attached,
 I'd assume that in the beginning only a few smaller websites, enthusiasts
 will install a badge on their website. People who wish to participate a
 lot are not bound to stay on a website.

 > I suppose a browser plugin only runs when the browser is open?

 I think yes. Haven't heard of a way to run them system wide. Since the
 browser is nowadays the most used applications, it would still run a long
 time. - Longer then being dependent on a badge on a website.

 > So wouldn't an always-on system daemon be better?

 Maybe. I don't know what is more difficult to install and keep updated
 from the end user point of view. Maybe it would be best to have all
 methods? Badge, add-on, cli package (for servers), 1 click system
 installer?

 > In most cases (i.e., not-#6284) we are still limited to using WebSocket,
 which has fingerprinting disadvantages.

 Could you research (or did you) if you could work around this? If Chrome
 gets a TCP API, won't Firefox get it sooner or later? Maybe it's already
 planed?

 > Browsers are complicated and full of security bugs.

 For this point I don't see how an add-on is less secure than a badge on a
 website running in the browser.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7721#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list