[tor-dev] Tor2web 2.0 is live!

Arturo Filastò art at globaleaks.org
Sat Aug 20 17:54:53 UTC 2011

Hi all,

We are glad to announce the release of the new tor2web software.

For those of you who are not aware of what tor2web is let us give you a
brief description. The goal of tor2web is that of promoting the use of
Tor Hidden Services
(https://www.torproject.org/docs/hidden-services.html.en). Hidden
Services allow people to run TCP based services without disclosing the
identity/location of their server. In the specific they allow people to
anonymously publish content to the web. Also, since you are being
reached trough the Tor network, you are not required to have a static ip
address or purchase a domain. This lowers the entry barrier to content
publishing and protect the content publisher from retaliation and Denial
of Service attacks.

The problem though is that Hidden Services are usually only accessible
by installing a Tor client
(https://www.torproject.org/projects/torbrowser.html.en). Tor2web
creates a transport, by acting as a web proxy, between the internet and
the Tor network. This means that anonymous publishers are able to reach
a much wider audience. The user visiting a website though tor2web is
always advised to install a Tor client as by doing so he will protect
his identity and leverage Hidden Services end-to-end encryption.

This version of tor2web (called tor2web 2.0) is based on glype PHP web
proxy (http://www.glype.com) and it is by no means the definitive
solution. We are currently working on a new design that will be able to
withstand other "attacks" that are currently possible.

What we have implemented is:
* A clear disclaimer warning the user that the content is not being
served directly from the server, but it comes from the Tor network
* Contact forms for abuse complaints and to report broken websites
* Transparent rewriting of URLs into the tor2web form (i.e.
so4rmjdiwmqjosxz.onion become so4rmjdiwmqjosxz.tor2web.org)
* Blocklists to allow a tor2web node maintainer to block particular
websites, the blocklists are stored in md5 format so the node maintainer
does not need to store potentially illegal site lists.

At this current stage we would like the community to stand-up and help
us by:
* Finding security and functional bugs in the existing implementation
* Volounteering to run new tor2web servers:
   In this first stage we are looking for reliable systems, run or
endorsed by trustworthy organizations involved in anonymity and privacy
research and development.

For the new release the goals that we wish to further pursue are:
* Distribute responsibility across multiple actors
* Minimize the probability of takedown of a tor2web node

If you want further information on the tor2web project visit:
Wiki for new developments: http://wiki.tor2web.org/
Tor2web original website: http://www.tor2web.org
Github: https://github.com/globaleaks/tor2web-2.0
Mailing List: tor2web-talk at lists.tor2web.org on http://bit.ly/pxFwNS .
IRC: irc.oftc.net #tor2web

Have a nice day,
Some Random GlobaLeaks Contributors

Please spread across the anonimity communities and mailing lists

More information about the tor-dev mailing list