[tor-dev] Implement JSONP interface for check.torproject.org

Jacob Appelbaum jacob at appelbaum.net
Tue Nov 8 08:53:26 UTC 2011

On 11/08/2011 12:29 AM, warms0x wrote:
>> On 11/05/2011 06:26 PM, Arturo Filastò wrote:
>>> I have made a patch to check.torproject.org to expose a JSONP interface
>>> that would allow people to have the user check client side if (s)he is
>>> using Tor.
>>> This would allow people to embed a badge on their website
>>> (privacybadge.html) that congratulates the user of using Tor or warns
>>> him of non Tor usage with a link to torproject.org.
>>> I can imagine privacy advocates having this deployed on their websites
>>> or systems that engourage users to connect to them anonymously.
>>> Compared to what check.torproject.org does at the moment the risk does
>>> not change, it is erogating exactly the same service, just making it
>>> more useful and flexible.
>>> Basically what it does is check if the ip doing the connection is
>>> connected through Tor. The web service will reply with a JSON encoded
>>> array that can be loaded from the user and display in the browser a nice
>>> looking badge.
>> I think this is a fine idea - it reminds me of the only IPv6 demo turtle.
>> I think it's quite ironic to use these technologies to encourage people
>> to deploy real privacy solutions.
> I also like the idea, but I immediately thought of nefarious uses for such
> an API. No more nefarious than what one can do with a proper list of exit
> nodes I suppose.

It is a real time version of this - powered by... a Tor client. :)

> Is there any general difference between having a queryable API to
> determine if a client is using Tor and the periodic fetching of the list
> of exit nodes?

No, not for a user who is using Tor - the exiting from the network is
generally considered "Tor" and we've supported this to help quash crappy

(note the svn link, it's actually code anyone may run)

In other words, we'd like everyone to enter the Tor network - we won't
help block _entry_ into Tor. But generally, it's OK if some people block
Tor exits as the anonymous user can just go somewhere else...

> Apologies if this isn't a particularly -dev-like question, I'm still fresh
> on a lot of the Tor internals and I'm still not sure what data is public
> versus protected

It's not private information.

The biggest problem with this proposal is simply that many people may
use it and it will generate a lot of load.

All the best,

More information about the tor-dev mailing list