[tor-dev] GSOC- Revamp GetTor
Kiran Mathew Koshy
kiranmathewkoshy at gmail.com
Fri Mar 21 08:41:15 UTC 2014
Hi everyone,
My name is Kiran Mathew Koshy and I'm a student of IIT Patna, India. I''m
interested in participating in Google Summer of Code 2014 under Tor
project. GetTor is a service that I had tried a couple of months ago when
tor was blocked by our sysadmin, and I believe revamping getTor will have
huge impact on avoiding censorship.
*TL;DR version*:
1. A system by which a user has multiple routes of obtaining the tor
browser- dropbox , mega, google drive, and a couple of other file sharing
sites
2. If the user provides their pgp key, an encrypted reply can be sent
3. If the user requests so, the file sent should be password-protected ,
plus some random data(in a single file) should be added along with the tor
browser in order to have variable file sizes.
4. Some file sharing sites(most) allow you to transfer a file between
accounts. This is a bit unnecessary, but can be implemented if there is
time left.
5. NLP: A very simple natural language processor to process the email
and to scavenge for the requested configuration- language, os, file sharing
site, etc. Example mail: "please send me a tor browser bundle ( English)
that works on Windows. Could you send it through Mega ?" .
6. An email proxy- To counter the small chance that the mail server
doesn't allow emails to gettor at gettor.torproject.org.
Chances of this are low in my opinion, since gmail/ any other mail
service is
usually available.
*Details and explanation*:
1. In most cases, a sysadmin or an ISP can block known bridges,
torproject sites, and tor nodes. In this case, *the only way to ensure
that a user can access the tor browser software is by allowing multiple
sources to download it from. *
The practice of blocking File sharing sites is also common, so sites
like dropbox, google drive, box, etc are also important. The code will be
written in a modular format such that addinga new file sharing site would
be equal to adding a couple of urls of their REST API, or at most, writing
a new module consisting of 10-15 lines of code. I have worked with the
APIs of file sharing sites before, and most are quite similar.
2. If PGP keys are sent, an encrypted reply follows. No brainer.
3. Bundling the software with a file of random size into a password
protected tar would prevent snooping based on size of the https request. A
little bit far fetched, yes, but good if you are up against your government.
This would prove to be cpu intensive and network intensive, since the
server will have to encrypt the file and upload it to a file sharing site
every time someone requests it. Therefore, this will be limited to one or
two instances at any given time. It is also possible to upload multiple
instances of encrypted tor browser software, and store the keys in the
server.
4. Self Explanatory
5. An NLP would be very simple to implement in this case, in order to
fish out the keywords and choose the correct configuration.
Example mail: "please send me a tor browser bundle ( English) that works
on Windows. Could you send it through Mega ?" . The keywords in this case
would be: 1. tor browser bundle. 2. English. 3.Windows 4.Mega. A list of
such keywords will be stored on the server.
I believe an NLP would be better than the current arrangement.
6. Self Explanatory.
Since the current getTor doesn't come close to this, I believe it is best
to *rewrite it, reusing select parts*. I havce a good experience in C++ and
Python. I completed Google Summer of Code 2013 under Wikimedia Foundation,
so this is my second year for GSOC.
Since I'm a bit late to apply, I will be submitting this as a proposal
right away. Please comment on any changes you would like to incorporate in
this.
--
Kiran Mathew Koshy
Electrical Engineering,
IIT Patna,
Patna,
India
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140321/ed18d444/attachment-0001.html>
More information about the tor-dev
mailing list