[tor-dev] Interested in GSoC - Hidden Service Naming or Hidden Service Searching

[Jeremy Rand]

Hi Tor developers,

I'm interested in participating in GSoC.  I'm an undergrad majoring in 
computer science at University of Oklahoma, and I've been a major Tor 
enthusiast for years.

There are two possible projects which I'm considering; I'm looking for 
some feedback on which you think would be better for me to apply for.

One project is allowing hidden services to have human-readable names.  I 
think Namecoin would be an excellent backend for this.  I coded a 
proof-of-concept of using Namecoin to point human-readable .bit domains 
to .onion domains; that code is available at 
https://github.com/JeremyRand/Convergence .  For example, using this, 
you can visit http://federalistpapers.bit/ to get to the Federalist 
Papers hidden service.  The proof of concept only works on Firefox right 
now (not TorBrowser); I would definitely be interested in porting it to 
TorBrowser, improving its privacy, and making it work for applications 
other than web browsing.  Namecoin also has the useful feature of 
allowing HTTPS fingerprints to be embedded in the blockchain, which 
eliminates the need to trust certificate authorities for clearnet HTTPS 
websites (I understand that malicious exit nodes messing with TLS is 
currently a significantly voiced concern for Tor).  I have a strong 
understanding of how Namecoin's DNS works and have developed some 
projects using Namecoin (including a dynamic DNS client), so I think I'm 
a good fit for such a project if there's interest in the Tor community.  
I talked with Jacob Appelbaum about using Namecoin recently; he was 
concerned about a 51% attack.  I think that could be mostly resolved via 
a checkpointing system; while doing so adds a small degree of 
centralization, Tor is already slightly centralized, and it's still less 
centralized than other alternative naming systems that have been 
proposed (e.g. having Tor Project maintain a list of names themselves).  
While I'm not particularly familiar (yet) with how checkpointing is done 
within Namecoin's block validation system, I do know how to at least 
verify whether the currently loaded blockchain matches a given 
checkpoint (which would at least alert users that an attack had taken 
place).

The other project is making a search engine for hidden services (listed 
as Project Idea F on the Tor website).  I think YaCy could be used to 
accomplish this in a decentralized and censorship-free way.  I would 
suggest making a separate YaCy network for hidden services, using a 
regexp whitelist to only index .onion URL's (YaCy has such a network but 
I think it's currently inactive).  YaCy doesn't have whitelist support 
built in, but I think the blacklist feature should be usable for 
simulating such a feature with some effort.  YaCy's SOLR schema supports 
searching based on outgoing link URL's, so I think I could make a 
standard YaCy client search for all clearnet sites which link to a 
.onion/.onion.to/.tor2web.org URL, and feed those URL's to a Tor YaCy 
client for indexing.  I've been a YaCy enthusiast for a couple years, 
and I'm actually using YaCy in a grad-level CS project this semester 
(the course is on Artificial Neural Networks and Evolution), so while I 
haven't touched the YaCy source code, I think I'm a good match for this 
project.

Do either of these sound like good proposals?  Is one significantly more 
likely to be approved than the other, so that I know which to submit?

Thanks,
-Jeremy Rand