[tor-bugs] #7160 [Tor Sysadmin Team]: Decide if Flashproxy can move to torproject.org

Sun Dec 30 16:28:28 UTC 2012

#7160: Decide if Flashproxy can move to torproject.org
-------------------------------+--------------------------------------------
 Reporter:  bastik             |          Owner:  dcf
     Type:  task               |         Status:  new
 Priority:  normal             |      Milestone:     
Component:  Tor Sysadmin Team  |        Version:     
 Keywords:                     |         Parent:     
   Points:                     |   Actualpoints:     
-------------------------------+--------------------------------------------

Comment(by dcf):

 Replying to [comment:2 phobos]:
 > We shouldn't rush into this. We as Tor the non-profit cannot run any
 parts of the Tor network, from bridges to relays, or according to smart
 lawyers, we cross a line between a volunteer tor network and assuming
 liability for all of the tor network. I need to understand what the
 facilitator does in detail and its role overall before we can setup a
 machine and run it in the torproject.org domain.

 I can appreciate that. The motivation for moving the facilitator to
 another domain is to reduce the WTF some people feel when they see
 connections to tor-facilitator.bamsoftware.com. A possible alternative is
 for me to register a completely new domain, one not associated with my
 other domains nor those of the Tor Project.

 > My high-level understanding of the facilitator is that it is analogous
 to the role of bridgeDB.

 It is analogous to bridgeDB, but does the opposite: rather than store
 bridge addresses to give to clients, it stores client addresses to give to
 bridges (flash proxies).

 The facilitator runs the programs:
  *
 https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/facilitator/facilitator
  * https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/facilitator
 /facilitator-email-poller
  *
 https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/facilitator/facilitator.cgi
  * https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/flashproxy-
 client
 `flashproxy-client` listens on ports 9000 and 9999. It's only for
 demonstration purposes and could be completely removed. `facilitator.cgi`
 listens via Apache on port 443. The other programs don't open any
 Internet-exposed listening sockets.

 There is some secret key material stored on the facilitator. The Apache
 certificate key, and a private key associated with the email registration
 method (#6383). There will likely be another private key associated with a
 URL-based registration method (#7559).

 The Apache logs are completely disabled (go to /dev/null). The facilitator
 logs the time when proxies and clients connect, and when a client is
 served to a proxy, but does not log any IP addresses.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7160#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online