[tor-dev] Flashproxy alpha bundles

adrelanos adrelanos at riseup.net
Thu Dec 13 18:38:03 UTC 2012

Have you considered Hole punching techniques? [1] TCP, UDP, ICMP hole
punching... There are many techniques. I don't know if the WebSocket
protocol would prevent it.

STUN [2] like techniques where a third non-firewalled server helps to
traversal the NAT. (Only NAT, not used a proxy.)

pwnat [3] also looks interesting. It doesn't need a third server and
lets connect two nat'ed machines with each other.

There are probable more things to consider. For example if the pwnat
method (or any other nat traversal method) could later be easily used to
fingerprint and censor the connection.

[1] https://en.wikipedia.org/wiki/Hole_punching
[2] https://en.wikipedia.org/wiki/STUN
[3] http://samy.pl/pwnat/

> It's unfortunately a limitation of the technology we are using.
> The proxies run as javascript code in peoples' web browsers,
> and use the WebSocket protocol to relay traffic from the client
> to the relay. 
> This protocol is designed to allow bidirectional
> communication from a browser to a web server using a single
> connection, as a replacement for the current method, which
> is to constantly make new http requests to the server. In this
> scenario it doesn't really make sense for  web browsers to accept 
> connections, so browser implementations don't let you do it.
> So the user has to be able to accept connections on his end.
> You can get the full details on flash proxies here:
> https://crypto.stanford.edu/flashproxy/
> Alex
> On 2012-12-13, at 12:10 PM, adrelanos <adrelanos at riseup.net> wrote:
>> Alexandre:
>>> - Is configuring port forwarding insurmountable for you?
>> It was always too much to ask the user to set up a port forwarding. Try
>> asking your non-technical friends or family. You'll see. Alternatively
>> search for RetroShare, emule, filesharing port forwarding and see how
>> many people having trouble.
>> There are also cases, where it is impossible to set up a port
>> forwarding. Such cases include for example 3G networks, WiFi hotspots or
>> all other networks where the admin won't do it for you.
>> I think dropping the requirement for a port forwarding is crucial to let
>> any non-geek users profit from it. Or wait for IPv6 and such problems
>> will vanish?
>> _______________________________________________
>> tor-dev mailing list
>> tor-dev at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

More information about the tor-dev mailing list