[tor-mirrors] Usefullness of providing TOR mirrors?
Traumschule
traumschuleriebau at riseup.net
Wed Oct 17 04:33:58 UTC 2018
Hi,
i like where this is going, let me allow to answer inline.
On Tue, 16 Oct 2018 09:19:08 +0200 (CEST)
Niklas Edmundsson <nikke at acc.umu.se> wrote:
> Hi!
>
> I'm one of the mirror admins for ftp.acc.umu.se.
>
> It's nice that the tor mirroring effort is seeing some attention from
> the project, but I'm still curious on what the plan/purpose/goal with
> the mirroring effort is from an end-user perspective.
>
> Bear in mind that I'm mostly accustomed to "regular" open source
> projects and not fully updated on all the issues with a
> privacy-oriented project such as TOR.
Note that i am not announcing the official position of TPO, instead
just my opinion as a volunteer stepping into the mirror component.
> However, I see issues with the usefulness of providing a TOR mirror.
> One of the prime motivations for us to provide a mirror is the
> benefit for users in our local region, and this is especially true
> for other mirrors in bandwidth-starved regions. If there is more
> bandwidth consumption by mirroring a project than there are downloads
> it's kind of hard to motivate a mirror in the first place.
>
> From what I have gathered it's today almost impossible for an end
> user to find and use a mirror...
>
> 1) https://www.torproject.org/ -> Download brings you to
> https://www.torproject.org/download/download-easy.html.en which seems
> hard-coded to download from dist.torproject.org ... No mirror usage
> there.
This is true for the current website and we are considering a better
option for the coming one:
https://bugs.torproject.org/21222
> 2) There is no list of alternative/mirror download locations. I can
> google my way to
> https://www.torproject.org/getinvolved/mirrors.html.en but that's not
> updated with the latest mirrors nor sorted in a user-friendly manner
> (you want the list by country/region).
This is absolutely true and i'm glad you are pointing out what i
thought myself updating the script. Filed and currently working on:
https://bugs.torproject.org/28083
> 3) The TOR project itself doesn't seem to have much interest in
> actually using its mirrors. For example
> https://trac.torproject.org/projects/tor/ticket/27586 discards using
> mirrorbits with "not needed at the moment", when the exact opposite
> is true. We mirror admins WANT the traffic, and the TOR project NEEDS
> something to enable that together with automatically
> monitoring/disabling broken mirrors for a useful end-user experience.
We need a solution for the following problem: 3rd party mirrors
introduce privacy issues and TPO hesitates to automatically redirect
away from its website. Mirrors not necessarily need to be malicious but
can be out of sync or offline. Currently we have no set up that
periodicaly monitors the state of mirrors and verifies files.
Also what if someone sets up mirrors to investigate who is interested in
Tor? Obviously the answer can't be "use tor" here.
https://bugs.torproject.org/27998
> 4) And finally, if all above is catered for, there is the question on
> how to do download mirror redirect/selection in a clear yet useful
> manner for the end user. Should the user always be presented with a
> list of mirrors to choose from? Should that be generated on the
> server side or in-browser from a list of current mirrors (ie. json
> output from mirrorbits or similar)?
Is https://gettor.torproject.org/api/mirrors.json what you suggest?
I agree that we should make better use of it.
https://bugs.torproject.org/16716
> We are heading into privacy
> concerns here, but it needs to be addressed in a better way than just
> assuming that the three magic hosts serving dist.torproject.org is
> the best choice for a particular end-user...
The GetTor team dried out and needs your help!
https://gettor.torproject.org/
https://trac.torproject.org/projects/tor/query?status=!closed&component=Applications%2FGetTor
>
>
> /Nikke
There's a big potential to think mirrors and gettor together and i'd
like to inspire you to make suggestions how to go into this direction.
My answer could be more elaborate but i prefer to delve into code now :)
--
traumschule.org
gpg fingerprint:
9356 4DED 8546 8D9A C290 3605 12EE 7D70 7111 2056
/otr info
OTR: traumschule at irc.indymedia.org fingerprint:
OTR: 35AACA83 4564616C B6EBEC66 56B6B2FC C8D572F1
OTR: traumschule at irc.oftc.net fingerprint:
OTR: D1CCD207 B60C1866 56A975AE ACE090E9 45E90846
OTR: traumschule at chat.freenode.net fingerprint:
OTR: 51BF8BB9 434840CC 24F264BC 76450C27 A6AADB12
More information about the tor-mirrors
mailing list