[tor-commits] r26117: {website} Dropping commented out project ideas Why are we still bundli (website/trunk/getinvolved/en)
Damian Johnson
atagar1 at gmail.com
Mon Mar 18 22:50:47 UTC 2013
Author: atagar
Date: 2013-03-18 22:50:47 +0000 (Mon, 18 Mar 2013)
New Revision: 26117
Modified:
website/trunk/getinvolved/en/volunteer.wml
Log:
Dropping commented out project ideas
Why are we still bundling dozens of commented out tasks with the page? If we
want to add these back in later then we should... well, add them back in later.
That's what SCMs are for (even if svn sucks at it). :P
This is slowing down page loads, and most ideas are getting to be pretty old
anyway.
Modified: website/trunk/getinvolved/en/volunteer.wml
===================================================================
--- website/trunk/getinvolved/en/volunteer.wml 2013-03-18 22:32:51 UTC (rev 26116)
+++ website/trunk/getinvolved/en/volunteer.wml 2013-03-18 22:50:47 UTC (rev 26117)
@@ -412,14 +412,6 @@
privacy and security issues in mainline version.
</p>
- <!--
- <p>
- <b>Project Ideas:</b><br />
- <i><a href="#auditTBB">Audit Tor Browser Bundles for data leaks</a></i><br />
- <i><a href="#usabilityTesting">Usability testing of Tor</a></i>
- </p>
- -->
-
<a id="project-torbutton"></a>
<h3><a href="<page torbutton/index>">Torbutton</a> (<a
href="https://gitweb.torproject.org/torbutton.git">code</a>, <a
@@ -459,14 +451,6 @@
lead with pushing the project forward.
</p>
- <!--
- <p>
- <b>Project Ideas:</b><br />
- <i><a href="#vidaliaStatusEventInterface">Tor Controller Status Event Interface for Vidalia</a></i><br />
- <i><a href="#vidalia-hidden-service-panel">Torrc plugin and improved hidden service configuration panel</a></i>
- </p>
- -->
-
<a id="project-arm"></a>
<h3><a href="http://www.atagar.com/arm/">Arm</a> (<a
href="https://gitweb.torproject.org/arm.git">code</a>, <a
@@ -481,14 +465,6 @@
a bit more.
</p>
- <!--
- <p>
- <b>Project Ideas:</b><br />
- <i><a href="#armClientMode">Client Mode Use Cases for Arm</a></i><br />
- <i><a href="#armGui">GUI for Arm</a></i>
- </p>
- -->
-
<a id="project-orbot"></a>
<h3><a href="https://guardianproject.info/apps/orbot/">Orbot</a> (<a
href="https://gitweb.torproject.org/orbot.git">code</a>, <a
@@ -500,15 +476,6 @@
development up through Fall 2010, after which things have been quiet.
</p>
- <!--
- <p>
- <b>Project Ideas:</b><br />
- <i><a href="#orbot-torbutton">TorButton for Mobile Firefox 4 or Custom Browser on Android</a></i><br />
- <i><a href="#orbot-userInterface">Build a better user interface for Orbot</a></i><br />
- <i><a href="#orbot-optimisation">Core Tor mobile optimisation</a></i>
- </p>
- -->
-
<a id="project-tails"></a>
<h3><a href="https://tails.boum.org/">The Amnesic Incognito Live System</a> (<a
href="http://git.immerda.ch/?p=amnesia.git;a=summary">code</a>, <a
@@ -523,16 +490,6 @@
and still under very active development.
</p>
- <!--
- <p>
- <b>Project Ideas:</b><br />
- <i><a href="#tailsHiddenServicePetnames">Petname system for Tor hidden
- services</a></i><br />
- <i><a href="#tailsServer">Tails server: Self-hosted services behind
- Tails-powered Tor hidden services</a></i>
- </p>
- -->
-
<a id="project-torramdisk"></a>
<h3><a href="http://opensource.dyc.edu/tor-ramdisk">Tor-ramdisk</a> (<a
href="http://opensource.dyc.edu/gitweb/?p=tor-ramdisk.git;a=summary">code</a>, <a
@@ -567,13 +524,6 @@
otherwise feature complete.
</p>
- <!--
- <p>
- <b>Project Ideas:</b><br />
- <i><a href="#torsocksForOSX">Make torsocks/dsocks work on OS X</a></i>
- </p>
- -->
-
<a id="project-torbirdy"></a>
<h3>TorBirdy (<a
href="https://github.com/ioerror/torbirdy">code</a>, <a
@@ -597,15 +547,6 @@
block Tor. This has both a C and python implementation.
</p>
- <!--
- <p>
- <b>Project Ideas:</b><br />
- <i><a href="#obfsproxy-new-transports">New and innovative pluggable transports</a></i><br />
- <i><a href="#obfsproxy-scanning-measures">Defensive bridge active scanning measures</a></i><br />
- <i><a href="#obfsproxy-fuzzer">Fuzzer for the Tor protocol</a></i>
- </p>
- -->
-
<a id="project-flash-proxy"></a>
<h3><a href="https://crypto.stanford.edu/flashproxy/">Flash Proxy</a> (<a
href="https://gitweb.torproject.org/flashproxy.git">code</a>, <a
@@ -900,33 +841,6 @@
<ol>
- <!--
- <a id="auditTBB"></a>
- <li>
- <b>Audit Tor Browser Bundles for data leaks</b>
- <br>
- Effort Level: <i>High</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Jacob</i>
- <p>The Tor Browser Bundle incorporates Tor, Firefox, Polipo, and the Vidalia
- user interface (and optionally the <a href="http://pidgin.im/">Pidgin</a>
- Instant Messaging client). Components are pre-configured to operate in a
- secure way, and it has very few dependencies on the installed operating
- system. It has therefore become one of the most easy to use, and popular,
- ways to use Tor on Windows.</p>
- <p>This project is to identify all of the traces left behind by
- using a Tor Browser Bundle on Windows, Mac OS X, or Linux. Developing
- ways to stop, counter, or remove these traces is a final step.</p>
- <p>Students should be familiar with operating system analysis,
- application development on one or preferably all of Windows, Linux,
- and Mac OS X, and be comfortable with C/C++ and shell scripting.</p>
- <p>Since the core of this project is researching and auditing TBB this is
- not likely to be a good GSoC project.</p>
- </li>
- -->
-
<a id="txtorcon-stemIntegration"></a>
<li>
<b>Txtorcon/Stem Integration</b>
@@ -949,216 +863,6 @@
bonus points if it's Twisted.</p>
</li>
- <!--
- <a id="orbot-userInterface"></a>
- <li>
- <b>Build a better user interface for Orbot</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Jake</i>
- <p>Improved home screen to show confirmation of connection (via a TorCheck
- API call), better statistics about data transferred (up/down), number of
- circuits connected, quality of connection and so on. The "Tether
- Wifi" Android application is a good model to follow in how it shows a
- realtime count of bytes transferred as well as notifications when wifi
- clients connect. In addition, better handling of Tor system and error
- messages would also be very helpful, include use of standard Android
- operating systems notifications. The addition of a wizard or tutorial
- walkthrough for novice users to explain to them exactly what is and what is
- not anonymized or protected would greatly improve the likelihood they will
- use Orbot correctly. All of this should work on the range of screens and
- device types now offered for Android, from 2" phone to 10"
- Tablet.</p>
- </li>
- -->
-
- <!--
- <a id="armClientMode"></a>
- <li>
- <b>Client Mode Use Cases for Arm</b>
- <br>
- Effort Level: <i>High</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Damian (atagar)</i>
- <p><a href="<page projects/arm>">Arm</a> is a Tor command line status
- monitor on *nix environments (Linux, Mac, and BSD). It functions much like
- top does, giving a CLI overlay of Tor's bandwidth usage, connections,
- configuration, log, etc. Thus far its design has been geared for Tor relay
- operators. However, this doesn't need to be the case. This project would be
- to expand and simplify arm to make it useful for Tor's client users
- too.</p>
-
- <p>This would include UI design, experimenting, and a lot of python
- hacking. Here's some ideas for client functionality arm could provide:</p>
-
- <ul>
- <li>A panel for client connections, showing each hop of the user's
- circuits with the ISP, country, and jurisdiction where those relays
- reside. Other interesting information would be the circuit's latency, how
- long its been around, and its possible exit ports. Some of this will be
- pretty tricky and require some experimentation to figure out what
- information can be fetched safely (for instance, scraping rdns and whois
- lookups could give hints about a relay's ISP, but we'd need to do it on
- all Tor relays to avoid leaking our connections to the resolver).</li>
-
- <li>Options to let the user request new circuits (the "New
- Identity" feature in Vidalia), select the exit country, etc.</li>
-
- <li>A panel showing Internet application and if their connections are
- being routed through Tor or not (giving a warning if there's leaks).</li>
-
- <li>The status of the bridges we're configured to use (ie, are they up?).
- This would include adding control port functionality to Tor for <a
- href="https://trac.torproject.org/projects/tor/ticket/2068">ticket
- 2068</a>.</li>
-
- <li>A one click option to set Tor to be a client, relay, or bridge. The
- goal would be to make it trivial for users to voluntarily contribute to
- the Tor network.</li>
-
- <li>Menus as an alternative to hotkeys to make the interface more
- intuitive and usable for beginners (<a
- href="http://gnosis.cx/publish/programming/charming_python_6.html">example</a>).</li>
-
- <li>Look at Vidalia and TorK for ideas and solicit input from the Tor community.</li>
- </ul>
-
- <p>
- More information is available in the following sections of arm's dev notes: <a href="https://trac.torproject.org/projects/tor/wiki/doc/arm#ConnectionListingExpansion">Connection Listing Expansion</a>, <a href="https://trac.torproject.org/projects/tor/wiki/doc/arm#CircuitDetails">Circuit Details</a>, and <a href="https://trac.torproject.org/projects/tor/wiki/doc/arm#ClientModeUseCases">Client Mode Use Cases</a>
- </p>
- </li>
- -->
-
- <!--
- <a id="orbot-optimisation"></a>
- <li>
- <b>Core Tor mobile optimisation</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>High</i>
- <br>
- Likely Mentors: <i>Jake</i>
- <p>
- The existing port of Tor to Android is basically a straight
- cross-compile to Linux ARM. There has been no work done in looking at
- possible optimizations of Tor within a mobile hardware environment or on
- mobile networks. In addition, a number of additional Android OS APIs are
- available (such as wireless network status) that could be taken
- advantage of.
- </p>
-
- <p>
- It should be noted, that even without optimisation, Tor is handling the
- mobile network environment very well, automatically detecting change in
- IP addresses, opening circuits, etc, as the device switches from no
- coverage to 2G, 3G or Wifi constantly as it changes position. However,
- this observation of "very well", is just based on user
- experience, and not any detailed study of what exactly is happening, and
- what threats might exist because of this constantly changing network state.
- </p>
-
- <p>
- Finally, the build process needs to be moved to the Android NDK from the
- custom GCC toolchain we are now using, and compatibility with Android
- 2.3 and 3.x Honeycomb OS need to be verified.
- </p>
-
- <p>
- For more information see the <a
- href="https://svn.torproject.org/svn/projects/android/trunk/Orbot/BUILD">Orbot
- build documentation</a>.
- </p>
- </li>
- -->
-
- <!--
- <a id="obfsproxy-scanning-measures"></a>
- <li>
- <b>Defensive bridge active scanning measures</b>
- <br>
- Effort Level: <i>High</i>
- <br>
- Skill Level: <i>High</i>
- <br>
- Likely Mentors: <i>asn</i>
- <p>Involves providing good answers to <a
- href="https://lists.torproject.org/pipermail/tor-dev/2011-November/003073.html">this
- thread</a> as well as concrete implementation plans for it.</p>
-
- <p>This also involves implementing proposals <a
- href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/189-authorize-cell.txt">189</a>
- and <a
- href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/190-shared-secret-bridge-authorization.txt">190</a>.</p>
- </li>
- -->
-
- <!--
- <a id="firewallProbeTool"></a>
- <li>
- <b>Develop a fully automatic firewall-probing system</b>
- <br>
- Effort Level: <i>Medium to High</i>
- <br>
- Skill Level: <i>High</i>
- <br>
- Likely Mentors: <i>Robert Ransom, Jacob</i>
- <p>We would like to have a fully automatic firewall-probing system for
- blocking systems with no long-term state (i.e. firewalls that can
- examine each connection, but do not change their behaviour for future
- connections based on the traffic they have seen).</p>
- <p>Ideally, volunteers would only need to set up one or more test servers,
- and run the probe client program on a publicly accessible computer
- behind the firewall.</p>
- <p>The test tool should:</p>
- <ul>
- <li>generate packet captures on both ends (and send them out to the
- extent possible),</li>
- <li>cycle through all the SSL configurations we might want to test
- through a censorship device, and</li>
- <li>also test some other protocols to see whether they are allowed
- through the firewall (IMAP and other mail protocols, BitTorrent,
- DTLS, etc.).</li>
- </ul>
- </li>
- -->
-
- <!--
- <a id="obfsproxy-fuzzer"></a>
- <li>
- <b>Fuzzer for the Tor protocol</b>
- <br>
- Effort Level: <i>Medium to High</i>
- <br>
- Skill Level: <i>High</i>
- <br>
- Likely Mentors: <i>asn</i>
- <p>Involves researching good and smart ways to fuzz stateful network
- protocols, and also implementing the fuzzer.</p>
-
- <p>We are mostly looking for a fuzzer that fuzzes the Tor protocol
- itself, and not the Tor directory protocol.</p>
-
- <p>Bonus points if it's extremely modular. Relevant research:</p>
-
- <ul>
- <li>PROTOS - Security Testing of Protocol Implementations</li>
- <li>INTERSTATE: A Stateful Protocol Fuzzer for SIP</li>
- <li>Detecting Communication Protocol Security Flaws by Formal Fuzz
- Testing and Machine Learning</li>
- <li>SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZE</li>
- <li>Michal Zalewski's "bugger"</li>
- <li>Also look at the concepts of "model checking" and
- "symbolic execution" to get inspired.</li>
- </ul>
- </li>
- -->
-
<a id="httpsImpersonation"></a>
<li>
<b>HTTPS Server Impersonation</b>
@@ -1178,168 +882,6 @@
</p>
</li>
- <!--
- <a id="geoIPUpgrade"></a>
- <li>
- <b>Improve our GeoIP file format</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Medium to High</i>
- <br>
- Likely Mentors: <i>Robert Ransom</i>
- <p>Currently, Tor bridges and relays read an entire IP->country database
- into memory from a text file during startup. We would like to
- distribute this database and store it on disk in a much more compact
- form, and perform IP->country lookups on it in its on-disk format if
- possible.</p>
- <p>We have <a href='https://trac.torproject.org/projects/tor/ticket/2506'>a
- sketch of a design</a> for a moderately optimized format for IPv4 GeoIP
- data; this project will involve both implementing the IPv4 format and
- designing and implementing a format for IPv6 GeoIP data.</p>
- <p>Since the core of this project is researching IPv6 GeoIP data and
- designing the IPv6 format, this is not likely to be a good GSoC
- project.</p>
- </li>
- -->
-
- <!--
- <a id="unitTesting"></a>
- <li>
- <b>Improve our unit testing process</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Nick, Erinn</i>
- <p>Tor needs to be tested far more thoroughly. This is a
- multi-part effort. To start with, our unit test coverage should
- rise substantially, especially in the areas outside the utility
- functions. This will require significant refactoring of some parts
- of Tor, in order to dissociate as much logic as possible from
- globals.</p>
- <p>Additionally, we need to automate our performance testing. We've got
- buildbot to automate our regular integration and compile testing already
- (though we need somebody to set it up on Windows),
- but we need to get our network simulation tests (as built in <a
- href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>)
- updated for more recent versions of Tor, and designed to launch a test
- network either on a single machine, or across several, so we can test
- changes in performance on machines in different roles automatically.</p>
- </li>
- -->
-
- <!--
- <a id="vidaliaNetworkMap"></a>
- <li>
- <b>Improved and More Usable Network Map in Vidalia</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Tomás</i>
- <p>
- One of Vidalia's existing features is a network map that shows the user
- the approximate geographic location of relays in the Tor network and
- plots the paths the user's traffic takes as it is tunneled through the
- Tor network. The map is currently not very interactive and has rather
- poor graphics. Instead, we implemented KDE's Marble widget such
- that it gives us a better quality map and enables improved interactivity,
- such as allowing the user to click on individual relays or circuits to
- display additional information. We want to add the ability
- for users to click on a particular relay or a country containing one or
- more Tor exit relays and say, "I want my connections to exit
- from here."
- </p>
-
- <p>
- This project will first involve getting familiar with Vidalia
- and the Marble widget's API. One will then integrate the widget
- into Vidalia and customize Marble to be better suited for our application,
- such as making circuits clickable, storing cached map data in Vidalia's
- own data directory, and customizing some of the widget's dialogs.
- </p>
-
- <p>
- A person undertaking this project should have good C++ development
- experience. Previous experience with Qt and CMake is helpful, but not
- required.
- </p>
- </li>
- -->
-
- <!--
- <a id="resistCensorship"></a>
- <li>
- <b>Improving Tor's ability to resist censorship</b>
- <br>
- Effort Level: <i>Medium to High</i>
- <br>
- Skill Level: <i>High</i>
- <br>
- Likely Mentors: <i>Jake, Thomas</i>
- <p>The Tor 0.2.1.x series makes <a
- href="<svnprojects>design-paper/blocking.html">significant
- improvements</a> in resisting national and organizational censorship.
- But Tor still needs better mechanisms for some parts of its
- anti-censorship design.</p>
- <p>One huge category of work is adding features to our <a
- href="https://gitweb.torproject.org/bridgedb.git?a=tree">BridgeDB</a>
- service (Python). Tor aims to give out <a href="<page docs/bridges>">bridge
- relay addresses</a> to users that can't reach the Tor network
- directly, but there's an arms race between algorithms for distributing
- addresses and algorithms for gathering and blocking them. See <a
- href="<blog>bridge-distribution-strategies">our
- blog post on the topic</a> as an overview, and then look at <a
- href="https://lists.torproject.org/pipermail/tor-dev/2009-December/000666.html">Roger's
- or-dev post</a> from December 2009 for more recent thoughts — lots of
- design work remains.</p>
- <p>If you want to get more into the guts of Tor itself (C), a more minor problem
- we should address is that current Tors can only listen on a single
- address/port combination at a time. There's
- <a href="<specblob>proposals/118-multiple-orports.txt">a
- proposal to address this limitation</a> and allow clients to connect
- to any given Tor on multiple addresses and ports, but it needs more
- work.</p>
- <p>This project could involve a lot of research and design. One of the big
- challenges will be identifying and crafting approaches that can still
- resist an adversary even after the adversary knows the design, and
- then trading off censorship resistance with usability and
- robustness.</p>
- </li>
- -->
-
- <!--
- <a id="user-space-transport"></a>
- <li>
- <b>Integrating Tor with user-space transport protocol libraries</b>
- <br>
- Effort Level: <i>High</i>
- <br>
- Skill Level: <i>High</i>
- <br>
- Likely Mentors: <i>Steven</i>
- <p>Tor currently sends data over TCP links between nodes. <a
- href="http://static.usenix.org/events/sec09/tech/full_papers/reardon.pdf">Prior
- research</a> has indicated that this may not be optimal, and instead the
- role that TCP plays (congestion control and reliability) should be moved
- into Tor itself. This would allow a number of desirable changes, such as
- preventing errors on one circuit delaying another, and giving Tor control
- and visibility of congestion control.</p>
- <p>There are <a
- href="http://www.cl.cam.ac.uk/~sjm217/papers/tor11datagramcomparison.pdf">many
- ways to do this</a>, each with their own tradeoffs and difficulty of
- implementation. This project will be to select one (or more) option and
- implement it in Tor. The primary goal will be to test this modified version
- of Tor in simulation, but if it turns out to work well, it could be
- deployed in the live Tor network.</p>
- <p>Excellent C programming skills are needed, and knowledge of Tor
- internals are highly desirable.</p>
- </li>
- -->
-
<a id="chutneyExpansion"></a>
<li>
<b>Make Chutney Do More, More Reliably</b>
@@ -1363,132 +905,6 @@
</p>
</li>
- <!--
- <a id="torsocksForOSX"></a>
- <li>
- <b>Make torsocks/dsocks work on OS X</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Robert Hogan</i>
- <p>
- <a href="https://code.google.com/p/torsocks/">Torsocks</a> and <a
- href="https://code.google.com/p/dsocks/">dsocks</a> are wrappers that will
- run applications, intercept their outgoing network connections, and push
- those connections through Tor. The goal is to handle applications that
- don't support proxies (or don't supporting them well). To get it right,
- they need to intercept many system calls. The syscalls you need to
- intercept on Linux differ dramatically from those on BSD. So Torsocks
- works fine on Linux, dsocks works ok on BSD (though it may be less
- maintained and thus might miss more syscalls), and nothing works well
- on both. First, we should patch dsocks to use Tor's <i>mapaddress</i>
- commands from the controller interface, so we don't waste a whole
- round-trip inside Tor doing the resolve before connecting. Second,
- we should make our <i>torify</i> script detect which of torsocks or
- dsocks is installed, and call them appropriately. This probably means
- unifying their interfaces, and might involve sharing code between them
- or discarding one entirely.
- </p>
- </li>
- -->
-
- <!--
- <a id="obfsproxy-new-transports"></a>
- <li>
- <b>New and innovative pluggable transports</b>
- <br>
- Effort Level: <i>High</i>
- <br>
- Skill Level: <i>High</i>
- <br>
- Likely Mentors: <i>asn, Steven</i>
- <p>Not-very-smart transports like ROT13 and base64 are nice but not super
- interesting. Other ideas like bittorrent transports might be relevant,
- but you will have to provide security proofs on why they are harder to
- detect and block than other less-sophisticated transports.</p>
-
- <p>The whole point of this project, though, is to come up with new
- transports that we haven't already thought of. Be creative.</p>
-
- <p>Bonus points if your idea is interesting and still implementable
- through the summer period.</p>
-
- <p>More bonus points if it's implemented on top of obfsproxy, or if your
- implementation has a pluggable transport interface on top of it (as
- specified <a href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/180-pluggable-transport.txt">here</a>).</p>
- </li>
- -->
-
- <!--
- <a id="orbot-orlibAndOutreach"></a>
- <li>
- <b>Orbot integration library and community outreach</b>
- <br>
- Effort Level: <i>Low</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Nathan (n8fr8)</i>
- <p>
- We need additional work on <a
- href="https://github.com/guardianproject/orlib">ORLib</a>, our library for
- use with third-party application to easily enable them to support
- "Torification" on non-rooted devices (i.e. w/o transparent
- proxying). This library includes a SOCKS client, a wrapper for the Apache
- HTTPClient library, a utility class for detecting the state of Orbot
- connectivity, and other relevant/useful things an Android app might need to
- anonymize itself. This work would includes direct development of the
- library, documentation, and sample code. Outreach or effort to implement
- the library within other open-source apps is also needed.
- </p>
- </li>
- -->
-
- <!--
- <a id="tailsHiddenServicePetnames"></a>
- <li>
- <b>Petname system for Tor hidden services</b>
- <br>
- Effort Level: <i>High</i>
- <br>
- Skill Level: <i>High</i>
- <br>
- Likely Mentors: <i>ague</i>
- <p>Tor provides hidden services. These services are only reachable through
- Tor itself, and provide greater anonymity both for the providers of the
- service and for its users.</p>
- <p>One current downside of Tor hidden services is that they are addressed
- using 80-bit base32-encoded addresses such as "v2cbb2l4lsnpio4q.onion".
- These addresses are hard to remember; this makes them hard to use
- within amnesic environment like Tails.</p>
- <p>The project is to implement a petname system for Tor hidden services:
- a way for users or providers of Tor hidden services to add a simple
- 'nickname' to a central database. Users could then query this central
- database to retrieve a full hidden service address by giving
- a nickname.</p>
- <p>Adding petnames to the database could be done using a web interface or
- automated fetch like those described in the <a
- href="https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/ideas/xxx-onion-nyms.txt">".onion
- nym system" proposal</a>.</p>
- <p>Querying the database could be done using a web interface, a REST API and
- a DNS interface.</p>
- <p>In order not to grow indefinitely, the software should make regular tests to
- see if hidden services are still reachable and, depending on the last time
- a nickname was accessed, cleanup the database as necessary.</p>
- <p>The software should allow a distributed, fault-tolerant setup.
- All nodes should have a synchronized copy of the database, should be
- ready to answer queries and should coordinate the tests for hidden
- service availability.</p>
- <p>The resulting codebase must be easy to deploy: it should not be hard to
- setup new databases.</p>
- <p>It is expected that the volunteer will be using Behaviour Driven
- Development methods. Either in Ruby using Cucumber and RSpec, or in
- Python using similar tools.</p>
- </li>
- -->
-
<a id="limitCapabilities"></a>
<li>
<b>Run With Limited Capabilities</b>
@@ -1570,42 +986,6 @@
data.</p>
</li>
- <!--
- <a id="simulateSlowConnections"></a>
- <li>
- <b>Simulator for slow Internet connections</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Nick</i>
- <p>
- Many users of Tor have poor-quality Internet connections, giving low
- bandwidth, high latency, and high packet loss/re-ordering. User
- experience is that Tor reacts badly to these conditions, but it is
- difficult to improve the situation without being able to repeat the
- problems in the lab.
- </p>
-
- <p>
- This project would be to build a simulation environment which
- replicates the poor connectivity so that the effect on Tor performance
- can be measured. Other components would be a testing utility to
- establish what are the properties of connections available, and to
- measure the effect of performance-improving modifications to Tor.
- </p>
-
- <p>
- The tools used would be up to the student, but dummynet (for FreeBSD)
- and nistnet (for Linux) are two potential components on which this
- project could be built. Students should be experienced with network
- programming/debugging and TCP/IP, and preferably familiar with C and a
- scripting language.
- </p>
- </li>
- -->
-
<a id="stemUsability"></a>
<li>
<b>Stem Usability and Porting</b>
@@ -1681,93 +1061,6 @@
<b>As part of your application for this project please write some code to expand stem's tests.</b> Bonus points if it impelments one of your suggestions for better testing Tor!
</p>
- <!--
- <a id="tailsServer"></a>
- <li>
- <b>Tails server: Self-hosted services behind Tails-powered Tor hidden services</b>
- <br>
- Effort Level: <i>High</i>
- <br>
- Skill Level: <i>Medium, but wide-scoped</i>
- <br>
- Likely Mentors: <i>intrigeri, anonym</i>
- <p>Let's talk about group collaboration, communication and data sharing
- infrastructure, such as chat servers, wikis, or file repositories.</p>
- <p>Hosting such data and infrastructure <b>in the cloud</b> generally
- implies to trust the service providers not to disclose content, usage or
- users location information to third-parties. Hence, there are many threat
- models in which cloud hosting is not suitable.</p>
- <p>Tor partly answers the <b>users location</b> part; this is great, but
- <b>content</b> is left unprotected.</p>
- <p>There are two main ways to protect such content: either to encrypt it
- client-side (<b>security by design</b>), or to avoid putting it into
- untrusted hands in the first place.</p>
- <p>Cloud solutions that offer security by design are rare and generally
- not mature yet. The <b>Tails server</b> project is about exploring the
- other side of the alternative: avoiding to put private data into
- untrusted hands in the first place.</p>
- <p>This is made possible thanks to Tor hidden services, that allow users
- to offer location-hidden services, and make self-hosting possible in
- many threat models. Self-hosting has its own lot of problems, however,
- particularly in contexts where the physical security of the hosting
- place is not assured. Combining Tor hidden services with Tails'
- amnesia property and limited support for persistent encrypted data
- allows to protect content, to a great degree, even in such contexts.</p>
- <p>In short, setting up a new Tails server would be done by:</p>
-
- <ol style="list-style-type: decimal">
- <li>Alice plugs a USB stick into a running desktop Tails system.</li>
- <li>Alice uses a GUI to easily configure the needed services.</li>
- <li>Alice unplugs the USB stick, that now contains encrypted services
- configuration and data storage space.</li>
- <li>Alice plugs that USB stick (and possibly a Tails Live CD) into the
- old laptop that was dedicated to run Tails server.</li>
- <li>Once booted, Alice enters the encryption passphrase either
- directly using the keyboard or through a web interface listening on the
- local network.</li>
- <li>Then, Bob can use the configured services once he gets a hold on
- the hidden service address. (The <b>petname system for Tor hidden
- services</b> project would be very complementary to this one, by the
- way.)</li>
- </ol>
-
- <p>Tails server should content itself with hardware that is a bit old
- (such as a PIII-450 laptop with 256MB of RAM) and/or half broken (e.g.
- non-functional hard-disk, screen or keyboard).</p>
- <p>The challenges behind this project are:</p>
-
- <ul>
- <li>Design and write the services configuration GUI [keywords: edit
- configuration files, upgrade between major Debian versions,
- debconf].</li>
- <li>How to create the hidden service key? [keywords: Vidalia, control
- protocol].</li>
- <li>Adapt the Tails boot process to allow switching to "server
- mode" when appropriate.</li>
- <li>Add support, to the Tails persistence setup process, for asking an
- encryption passphrase without X, and possibly with a broken keyboard
- and/or screen [keywords: local network, SSL/TLS?, certificate?].</li>
- </ul>
-
- <p>This project can easily grow quite large, so the first task would
- probably be to clarify what it would need to get an initial (minimal
- but working) implementation ready to be shipped to users.</p>
- <p>This project does not require to be an expert in one specific field,
- but it requires to be experienced and at ease with a large scope of
- software development tools, processes, and operating system knowledge.</p>
- <p>Undertaking this project requires in-depth knowledge of Debian-like
- systems (self-test: do the "dpkg conffile" and "debconf preseeding"
- words sound new to your ear?); the Debian Live persistence system
- being written in shell, being at ease with robust shell scripting is
- a must; to end with, at least two pieces of software need to be
- written from scratch (a GUI and a webapp): the preferred languages for
- these tasks would be Python and Perl. Using Behaviour Driven
- Development methods to convey expectations and acceptance criteria
- would be most welcome.</p>
- <p>For more information see https://tails.boum.org/todo/server_edition/</p>
- </li>
- -->
-
<a id="torCleanup"></a>
<li>
<b>Tor Codebase Cleanup</b>
@@ -1804,141 +1097,7 @@
</p>
</li>
- <!--
- <a id="vidaliaStatusEventInterface"></a>
<li>
- <b>Tor Controller Status Event Interface for Vidalia</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Low to Medium</i>
- <br>
- Likely Mentors: <i>Tomás</i>
- <p>There are a number of status changes inside Tor of which the user may need
- to be informed. For example, if the user is trying to set up his Tor as a
- relay and Tor decides that its ports are not reachable from outside
- the user's network, we should alert the user. Currently, all the user
- gets is a couple of log messages in Vidalia's 'message log' window, which they
- likely never see since they don't receive a notification that something
- has gone wrong. Even if the user does actually look at the message log,
- most of the messages make little sense to the novice user.</p>
- <p>Tor has the ability to inform Vidalia of many such status
- changes, and we recently implemented support for a couple of these
- events. Still, there are many more status events which the user should
- be informed of, and we need a better UI for actually displaying them
- to the user.</p>
- <p>The goal of this project then is to design and implement a UI for
- displaying Tor status events to the user. For example, we might put a
- little badge on Vidalia's tray icon that alerts the user to new status
- events they should look at. Double-clicking the icon could bring up a
- dialog that summarizes recent status events in simple terms and maybe
- suggests a remedy for any negative events if they can be corrected by
- the user. Of course, this is just an example and one is free to
- suggest another approach.</p>
- <p>A person undertaking this project should have good UI design and layout
- skills and some C++ development experience. Previous experience with Qt and
- Qt's Designer will be very helpful, but are not required. Some
- English writing ability will also be useful, since this project will
- likely involve writing small amounts of help documentation that should
- be understandable by non-technical users. Bonus points for some graphic
- design/Photoshop fu, since we might want/need some shiny new icons too.</p>
- </li>
- -->
-
- <!--
- <a id="orbot-torbutton"></a>
- <li>
- <b>TorButton for Mobile Firefox 4 or Custom Browser on Android</b>
- <br>
- Effort Level: <i>High</i>
- <br>
- Skill Level: <i>High</i>
- <br>
- Likely Mentors: <i>Jake</i>
- <p>Initial work has been done on implementing a proxy-setting add-on for
- Firefox on Android (see <a
- href="https://github.com/guardianproject/ProxyMob">ProxyMob</a>), but a
- full port of TorButton needs to be done (dependent upon Firefox 4 port of
- TorButton). The other approach is to implement a custom "Tor
- Browser" based on Firefox or Webkit browser. See <a
- href="http://code.google.com/p/torora/wiki/Android">Torora</a> for progress
- on this so far.</p>
- </li>
- -->
-
- <!--
- <a id="vidalia-hidden-service-panel"></a>
- <li>
- <b>Torrc plugin and improved hidden service configuration panel</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Tomás</i>
- <p>Vidalia's configuration handling has changed in the alpha branch. Now
- every Tor option is saved in the torrc file. With that change, the
- Hidden Service configuration panel was removed due to its specificity
- and its multiple bugs.</p>
-
- <p>The idea would be to provide the new Torrc class' functionality to the
- Plugin Engine and with that, create a better Hidden Service
- configuration panel as a plugin.</p>
-
- <p>A person undertaking this project should have good UI design, layout
- skills and some C++ development experience. Previous experience with Qt
- and Qt's Designer will be very helpful, but are not required. Javascript
- knowledge is a plus, but it shouldn't be a problem if the person
- complies with the previous requirements.</p>
- </li>
- -->
-
- <!--
- <a id="usabilityTesting"></a>
- <li>
- <b>Usability testing of Tor</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Low to Medium</i>
- <br>
- Likely Mentors: <i>Andrew</i>
- <p>
- Especially the browser bundle, ideally amongst our target demographic.
- That would help a lot in knowing what needs to be done in terms of bug
- fixes or new features. We get this informally at the moment, but a more
- structured process would be better.
- </p>
-
- <p>
- Please note that since this isn't a coding project, it isn't suitable for
- Google Summer of Code.
- </p>
- </li>
- -->
-
- <!--
- <a id="docUpdate"></a>
- <li>
- <b>Website and video documentation update</b>
- <br>
- Effort Level: <i>Medium</i>
- <br>
- Skill Level: <i>Medium</i>
- <br>
- Likely Mentors: <i>Runa, Karen</i>
- <p>
- Identify outdated and/or weak pages on torproject.org and re-write the
- documentation to appeal to a less technical, more goal-oriented
- audience. Create a number of 3-5 minute videos with graphically
- portray the written documentation. See
- <a href="https://trac.torproject.org/projects/tor/query?component=Website&status=new">the
- website tickets</a> for more information and a starting point.
- </p>
- </li>
- -->
-
- <li>
<b>Bring up new ideas!</b>
<br>
Don't like any of these? Look at the <a
More information about the tor-commits
mailing list