[tor-dev] Remote anonymous browsing

Matthew Finkel matthew.finkel at gmail.com
Wed Apr 17 03:43:47 UTC 2013

On Tue, Apr 16, 2013 at 10:49:38PM -0400, Paul Syverson wrote:
> On Wed, Apr 17, 2013 at 12:46:17AM +0000, Matthew Finkel wrote:
> > 
> > 4) Who do you trust? With this remote-proxy, it really depends on what
> > you're looking to gain from using the Tor network. Are you looking for a
> > censorship circumvention tool? Then you probably don't want to use a
> > remote-proxy node run by the censorer or any of it's allies. If you're
> > looking to remain anonymous...well, anonymous with respect to whom,
> > I suppose?
> Actually, if you could log in remotely to an interface that isn't
> obviously a gateway to Tor and the proxy/bridge there was one that you
> ran yourself or otherwise trusted, this could be an easy way to make
> sure your transport didn't look like it was talking a Tor protocol
> (because it wouldn't be talking Tor protocol).  That's just off the
> top of my head, but the point is that there could be scenarios where
> this could support circumvention as well as anonymity.

I agree, but then the problem of having these nodes available to those who
need them becomes an issue. One benefit about Bridges is that they are
available to anyone who can send an email or visit a website or knows
someone running one. For journalists and such, I suppose it's possible
their local IT folk may be willing to setup a remote-proxy system for them
but what about the little guy? Maybe another system similar to the one
currently used to distribute Bridges could be used to partially solve the
key distribution problem, but it doesn't completely solve the trust problem
(but then again I'm not sure it can be solved short of the scenario you
suggested). I think I have one vague idea related to the second hop in
the circuit not actually relaying the webpage to the remote-proxy but to
another remote-proxy and sending a redirect to the original and maybe
with some JavaScript crypto to give people the warm fuzzies, but this
hasn't exactly been thought through :). There's also a ticket for a PT
that looks like a HTTP(S) server (IIRC), which may help with this?

Mahesh, what are your thoughts about how this would be implemented?
(Just curious :) )

- Matt

More information about the tor-dev mailing list