getinvolved/en/volunteer.wml
2a9aaa80
 ## translation metadata
40e07e2e
 # Revision: $Revision$
2a9aaa80
 # Translation-Priority: 4-optional
 
 #include "head.wmi" TITLE="Tor: Volunteer" CHARSET="UTF-8"
 <div id="content" class="clearfix">
   <div id="breadcrumbs">
b289ef06
     <a href="<page index>">Home &raquo; </a>
2a9aaa80
     <a href="<page getinvolved/volunteer>">Volunteer</a>
   </div>
d9e2550d
   <div id="maincol">
2a9aaa80
     <!-- PUT CONTENT AFTER THIS TAG -->
     <h1>A few things everyone can do now:</h1>
     <ol>
     <li>Please consider <a href="<page docs/tor-doc-relay>">running
     a relay</a> to help the Tor network grow.</li>
f45158e2
     <li>Do you have an Amazon account? Are you willing to spend up to $3 a
45b9451e
     month? Then spin up your own Tor <a href="<page
     docs/bridges>">bridge</a> in less than 10 minutes with <a
f45158e2
     href="https://cloud.torproject.org/">tor cloud</a>!</li>
2a9aaa80
     <li>Tell your friends! Get them to run relays. Get them to run hidden
     services. Get them to tell their friends.</li>
     <li>If you like Tor's goals, please <a href="<page donate/donate>">take a moment
     to donate to support further Tor development</a>. We're also looking
     for more sponsors &mdash; if you know any companies, NGOs, agencies,
     or other organizations that want anonymity / privacy / communications
     security, let them know about us.</li>
     <li>We're looking for more <a href="<page about/torusers>">good examples of Tor
     users and Tor use cases</a>. If you use Tor for a scenario or purpose not
     yet described on that page, and you're comfortable sharing it with us,
     we'd love to hear from you.</li>
     </ol>
d9e2550d
 
2a9aaa80
     <a id="Documentation"></a>
     <h2><a class="anchor" href="#Documentation">Documentation</a></h2>
     <ol>
1075af87
     <li>Help translate the
 <!-- web page and -->
     documentation into other
2a9aaa80
     languages. See the <a href="<page getinvolved/translation>">translation
     guidelines</a> if you want to help out. We especially need Arabic or
     Farsi translations, for the many Tor users in censored areas.</li>
     <li>Evaluate and document
81720f6d
     <a href="<wiki>doc/TorifyHOWTO">our
2a9aaa80
     list of programs</a> that can be configured to use Tor.</li>
     <li>We have a huge list of <a
81720f6d
     href="<wiki>doc/SupportPrograms">potentially useful
2a9aaa80
     programs that interface to Tor</a>. Which ones are useful in which
     situations? Please help us test them out and document your results.</li>
     </ol>
d9e2550d
 
2a9aaa80
     <a id="Advocacy"></a>
     <h2><a class="anchor" href="#Advocacy">Advocacy</a></h2>
     <ol>
8a891203
     <li>Create a presentation that can be used for various user group
 meetings around the world.</li>
f9530dd4
     <li>Create a video about the positive uses of Tor, what Tor is,
     or how to use it.  Some have already started on <a
d4044378
     href="https://media.torproject.org/video/">Tor's Media server</a>,
f9530dd4
     <a
2a9aaa80
     href="http://www.howcast.com/videos/90601-How-To-Circumvent-an-Internet-Proxy">Howcast</a>,
d9e2550d
     and <a href="http://www.youtube.com/thetorproject">YouTube</a>.</li>
2a9aaa80
     <li>Create a poster, or a set of posters, around a theme,
1075af87
     such as "Tor for Freedom!"</li>
     <li>Create a t-shirt design that incorporates "<a
     href="https://check.torproject.org/">Congratulations! You are using
     Tor!</a>" in any language.</li>
2a9aaa80
     </ol>
d9e2550d
 
29202d35
 <!--
1b852e01
     <a id="gsoc"></a>
     <h2><a class="anchor" href="#gsoc">Google Summer of Code</a></h2>
 
     <p>
     Tor is also taking part in this year's <a
     href="https://www.google-melange.com/gsoc/homepage/google/gsoc2013">Google
     Summer of Code</a>! The criteria for this is a little different - either
     gender can apply but you need to be either <a
     href="https://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2013/help_page#2._Whos_eligible_to_participate_as_a">a
     present student or just graduated</a>.
     </p>
 
     <p>
     As mentioned above if you're eligible for either program then please apply
     for both! Google Summer of Code is a far, far larger program for us than
     OPW so your chances of being applied that way are considerably better.
     </p>
 
     <p>
     <b>See our page for <a href="<page about/gsoc>">Google Summer of Code</a>
     for more information.</b>
     </p>
29202d35
 -->
1b852e01
 
0cca7a2e
     <a id="Projects"></a>
     <h2><a class="anchor" href="#Projects">Projects</a></h2>
d9e2550d
 
0cca7a2e
     <p>
     Below are a list of Tor related projects we're developing and/or
     maintaining. Most discussions happen on IRC so if you're interested in any
     of these (or you have a project idea of your own), then please <a
4d396480
     href="<page about/contact>#irc">join us in #tor-dev</a>. Don't be shy
     to ask questions, and don't hesitate to ask even if the main contributors
     aren't active at that moment.
0cca7a2e
     </p>
d9e2550d
 
75bbead3
     <p>
     For a presentation summarizing many of these projects see...
     </p>
 
     <div id="ecosystem_presentation">
       <a href="https://media.torproject.org/video/2013-11-t3am-damian-johnson.mp4">Tor Ecosystem</a> (<a href="https://svn.torproject.org/svn/projects/presentations/2013-11-t3am-tor-ecosystem.pdf">slides</a>)
     </div>
 
     <br /></br />
 
0cca7a2e
     <table id="projects">
       <tr>
         <th>Name</th>
         <th>Category</th>
         <th>Language</th>
         <th>Activity</th>
         <th>Contributors</th>
       </tr>
d9e2550d
 
0cca7a2e
       <tr>
         <td><a href="#project-tor">Tor</a></td>
         <td>Core</td>
         <td>C</td>
         <td>Heavy</td>
d9e2550d
         <td>nickm, athena, arma</td>
0cca7a2e
       </tr>
d9e2550d
 
1b5756a8
       <tr>
856265e1
         <td>*<a href="#project-orchid">Orchid</a></td>
e78aec99
         <td>Core</td>
         <td>Java</td>
d10adb19
         <td>Moderate</td>
e78aec99
         <td>bleidl</td>
       </tr>
 
       <tr>
d9e2550d
         <td><a href="#project-torbrowser">Tor Browser</a></td>
1cf9207c
         <td>Bundle</td>
bdad97a9
         <td>C, Scripting</td>
d9e2550d
         <td>Moderate</td>
1cf9207c
         <td>mikeperry, Erinn</td>
de447fb7
       </tr>
d9e2550d
 
1b5756a8
       <tr>
d9e2550d
         <td><a href="#project-torbutton">Torbutton</a></td>
         <td>Browser Add-on</td>
         <td>Javascript</td>
         <td>Moderate</td>
         <td>mikeperry</td>
0cca7a2e
       </tr>
d9e2550d
 
e78aec99
       <tr>
d9e2550d
         <td><a href="#project-httpseverywhere">HTTPS Everywhere</a></td>
         <td>Browser Add-on</td>
         <td>Javascript</td>
a97c32be
         <td>Heavy</td>
d9e2550d
         <td>pde, mikeperry</td>
0cca7a2e
       </tr>
d9e2550d
 
1b5756a8
       <tr>
0cca7a2e
         <td><a href="#project-vidalia">Vidalia</a></td>
         <td>User Interface</td>
         <td>C++, Qt</td>
bdf1b694
         <td>None</td>
0cca7a2e
         <td>chiiph</td>
       </tr>
d9e2550d
 
e78aec99
       <tr>
0cca7a2e
         <td><a href="#project-arm">Arm</a></td>
         <td>User Interface</td>
         <td>Python, Curses</td>
3b66fb2b
         <td>Light</td>
0cca7a2e
         <td>atagar</td>
       </tr>
d9e2550d
 
1b5756a8
       <tr>
0cca7a2e
         <td><a href="#project-orbot">Orbot</a></td>
         <td>User Interface</td>
         <td>Java</td>
bdf1b694
         <td>Light</td>
85bd93bf
         <td>n8fr8</td>
0cca7a2e
       </tr>
d9e2550d
 
e78aec99
       <tr>
d9e2550d
         <td><a href="#project-tails">Tails</a></td>
         <td>OS image</td>
         <td>Sys Admin</td>
         <td>Heavy</td>
         <td><a href="https://tails.boum.org/">#tails</a></td>
0cca7a2e
       </tr>
d9e2550d
 
1b5756a8
       <tr>
06b58579
         <td><a href="#project-torramdisk">tor-ramdisk</a></td>
         <td>OS image</td>
         <td>Sys Admin</td>
a97c32be
         <td>None</td>
06b58579
         <td>blueness</td>
       </tr>
 
e78aec99
       <tr>
d9e2550d
         <td>*<a href="#project-torouter">Torouter</a></td>
         <td>OS image</td>
         <td>Sys Admin</td>
bdf1b694
         <td>None</td>
d9e2550d
         <td>ioerror</td>
       </tr>
 
1b5756a8
       <tr>
d9e2550d
         <td><a href="#project-torsocks">Torsocks</a></td>
         <td>Usability</td>
         <td>C</td>
85bd93bf
         <td>Light</td>
d9e2550d
         <td>ioerror, nickm</td>
       </tr>
 
e78aec99
       <tr>
32114fbf
         <td><a href="#project-torbirdy">TorBirdy</a></td>
         <td>Browser Add-on</td>
         <td>JavaScript</td>
         <td>Heavy</td>
a97c32be
         <td>Sukhbir (sukhe)</td>
32114fbf
       </tr>
d9e2550d
 
1b5756a8
       <tr>
88e46aa1
         <td><a href="#project-obfsproxy">Obfsproxy</a></td>
         <td>Client Add-on</td>
a97c32be
         <td>Python</td>
bdf1b694
         <td>Moderate</td>
a97c32be
         <td>asn</td>
d9e2550d
       </tr>
 
e78aec99
       <tr>
324ea3b4
         <td><a href="#project-flash-proxy">Flash Proxy</a></td>
         <td>Client Add-on</td>
         <td>Python, JavaScript, Go</td>
bdf1b694
         <td>Heavy</td>
324ea3b4
         <td>dcf, aallai, jct</td>
       </tr>
d9e2550d
 
1b5756a8
       <tr>
f5cdb594
         <td><a href="#project-shadow">Shadow</a></td>
d9e2550d
         <td>Simulator</td>
f5cdb594
         <td>C, Python</td>
bdf1b694
         <td>Heavy</td>
f5cdb594
         <td>robgjansen</td>
       </tr>
d9e2550d
 
c470ac1e
       <tr>
fc897f61
         <td><a href="#project-stem">Stem</a></td>
babe1edd
         <td>Library</td>
         <td>Python</td>
         <td>Heavy</td>
85bd93bf
         <td>atagar</td>
babe1edd
       </tr>
d9e2550d
 
1b5756a8
       <tr>
70767ed2
         <td><a href="#project-txtorcon">Txtorcon</a></td>
         <td>Library</td>
         <td>Python, Twisted</td>
a97c32be
         <td>Moderate</td>
70767ed2
         <td>meejah</td>
       </tr>
d9e2550d
 
c470ac1e
       <tr>
3d38438b
         <td><a href="#project-tlsdate">Tlsdate</a></td>
         <td>Utility</td>
         <td>C</td>
85bd93bf
         <td>Moderate</td>
3d38438b
         <td>ioerror</td>
       </tr>
d9e2550d
 
1b5756a8
       <tr>
0cca7a2e
         <td><a href="#project-metrics">Metrics</a></td>
         <td>Client Service</td>
         <td>Java</td>
a97c32be
         <td>Moderate</td>
0cca7a2e
         <td>karsten</td>
       </tr>
d9e2550d
 
c470ac1e
       <tr>
c594fc88
         <td><a href="#project-atlas">Atlas</a></td>
         <td>Client Service</td>
         <td>JavaScript</td>
bdf1b694
         <td>Light</td>
85bd93bf
         <td>hellais, karsten</td>
c594fc88
       </tr>
d9e2550d
 
e6f83240
       <tr>
         <td><a href="#project-globe">Globe</a></td>
         <td>Client Service</td>
         <td>JavaScript</td>
         <td>Heavy</td>
         <td>Christian</td>
       </tr>
 
c470ac1e
       <tr>
6797fb18
         <td><a href="#project-compass">Compass</a></td>
         <td>Client Service</td>
         <td>Python</td>
bdf1b694
         <td>Light</td>
85bd93bf
         <td>gsathya, karsten, cwacek</td>
6797fb18
       </tr>
d9e2550d
 
1b5756a8
       <tr>
d9e2550d
         <td><a href="#project-onionoo">Onionoo</a></td>
         <td>Backend Service</td>
         <td>Java, Python</td>
a97c32be
         <td>Moderate</td>
d9e2550d
         <td>karsten, gsathya</td>
       </tr>
 
598f211a
       <tr>
         <td><a href="#project-doctor">DocTor</a></td>
         <td>Backend Service</td>
         <td>Python</td>
         <td>Light</td>
         <td>atagar</td>
       </tr>
 
c470ac1e
       <tr>
0cca7a2e
         <td><a href="#project-weather">Weather</a></td>
         <td>Client Service</td>
         <td>Python</td>
babe1edd
         <td>None</td>
0cca7a2e
         <td>kaner</td>
       </tr>
d9e2550d
 
1b5756a8
       <tr>
0cca7a2e
         <td><a href="#project-gettor">GetTor</a></td>
         <td>Client Service</td>
         <td>Python</td>
babe1edd
         <td>None</td>
316d538a
         <td>kaner</td>
0cca7a2e
       </tr>
d9e2550d
 
c470ac1e
       <tr>
0cca7a2e
         <td><a href="#project-torcheck">TorCheck</a></td>
         <td>Client Service</td>
2091e2fb
         <td>Go</td>
         <td>Moderate</td>
         <td>Arlo</td>
0cca7a2e
       </tr>
d9e2550d
 
1b5756a8
       <tr>
0cca7a2e
         <td><a href="#project-bridgedb">BridgeDB</a></td>
         <td>Backend Service</td>
         <td>Python</td>
a97c32be
         <td>Light</td>
316d538a
         <td>kaner, nickm</td>
0cca7a2e
       </tr>
d9e2550d
 
c470ac1e
       <tr>
bdf1b694
         <td><a href="#project-ooni-probe">Ooni Probe</a></td>
d9e2550d
         <td>Scanner</td>
         <td>Python</td>
a97c32be
         <td>Moderate</td>
d9e2550d
         <td>hellais, isis, ioerror</td>
       </tr>
 
b5832ab9
       <tr>
         <td><a href="#project-torps">TorPS</a></td>
         <td>Backend Service</td>
         <td>Python</td>
         <td>Light</td>
         <td>Aaron Johnson</td>
       </tr>
 
1b5756a8
       <tr>
0cca7a2e
         <td><a href="#project-torflow">TorFlow</a></td>
         <td>Backend Service</td>
         <td>Python</td>
7376223f
         <td>None</td>
d9e2550d
         <td>aagbsn, mikeperry</td>
0cca7a2e
       </tr>
d9e2550d
 
c470ac1e
       <tr>
0cca7a2e
         <td>*<a href="#project-torbel">TorBEL</a></td>
         <td>Backend Service</td>
         <td>Python</td>
         <td>None</td>
         <td>Sebastian</td>
       </tr>
d9e2550d
 
1b5756a8
       <tr>
d9e2550d
         <td><a href="#project-tor2web">Tor2web</a></td>
         <td>Client Service</td>
adc528c2
         <td>Python</td>
85bd93bf
         <td>Moderate</td>
c1aeaeb9
         <td>evilaliv3, hellais</td>
d9e2550d
       </tr>
06b58579
 
c470ac1e
       <tr>
06b58579
         <td><a href="#project-anonbib">Anonbib</a></td>
         <td>Website</td>
adc528c2
         <td>Python</td>
06b58579
         <td>Light</td>
         <td>arma, nickm</td>
       </tr>
 
0cca7a2e
     </table>
d9e2550d
 
0cca7a2e
     <sub>
     * Project is still in an alpha state.
     </sub>
d9e2550d
 
0cca7a2e
     <br /><br />
d9e2550d
 
0cca7a2e
     <a id="project-tor"></a>
     <h3>Tor (<a href="https://gitweb.torproject.org/tor.git">code</a>, <a
d9e2550d
     href="https://trac.torproject.org/projects/tor/report/12">bug
0cca7a2e
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
     Central project, providing the core software for using and participating in
     the Tor network. Numerous people contribute to the project to varying
     extents, but the chief architects are Nick Mathewson and Roger Dingledine.
     </p>
d9e2550d
 
0cca7a2e
     <p>
     <b>Project Ideas:</b><br />
8beb5672
     <i><a href="#torCleanup">Tor Codebase Cleanup</a></i><br />
d9e2550d
     <i><a href="#httpsImpersonation">HTTPS Server Impersonation</a></i><br />
8beb5672
     <i><a href="#chutneyExpansion">Make Chutney Do More, More Reliably</a></i>
0cca7a2e
     </p>
d9e2550d
 
856265e1
     <a id="project-orchid"></a>
     <h3><a href="https://github.com/subgraph/Orchid">Orchid</a> (<a
     href="https://github.com/subgraph/Orchid">code</a>, <a
     href="https://github.com/subgraph/Orchid/issues">bug
316d538a
     tracker</a>)</h3>
d9e2550d
 
316d538a
     <p>
856265e1
     Java implementation of Tor and successor to <a href="http://onioncoffee.sourceforge.net/">OnionCoffee</a>.
316d538a
     </p>
d9e2550d
 
1cf9207c
     <a id="project-torbrowser"></a>
0cca7a2e
     <h3><a href="<page projects/torbrowser>">Tor Browser Bundle</a> (<a
     href="https://gitweb.torproject.org/torbrowser.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Tor+bundles/installation&order=priority">bug
d9e2550d
     tracker</a>, <a href="https://www.torproject.org/projects/torbrowser/design/">design doc</a>)</h3>
 
0cca7a2e
     <p>
     The Tor Browser Bundle is an easy-to-use portable package of Tor, Vidalia,
d9e2550d
     Torbutton, and a Firefox fork preconfigured to work together out of
1cf9207c
     the box. It contains a modified copy of Firefox that aims to resolve the
     privacy and security issues in mainline version.
0cca7a2e
     </p>
d9e2550d
 
     <a id="project-torbutton"></a>
     <h3><a href="<page torbutton/index>">Torbutton</a> (<a
     href="https://gitweb.torproject.org/torbutton.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Torbutton&order=priority">bug
0cca7a2e
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
d9e2550d
     Firefox addon that addresses many of the client-side threats to browsing
     the Internet anonymously. Mike has since continued to adapt it to new
     threats, updated versions of Firefox, and possibly <a
     href="https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting">Chrome
     as well</a>.
0cca7a2e
     </p>
d9e2550d
 
     <a id="project-httpseverywhere"></a>
     <h3><a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> (<a
     href="https://gitweb.torproject.org/https-everywhere.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/report/19">bug
0cca7a2e
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
d9e2550d
     HTTPS Everywhere is a Firefox and Chrome extension that encrypts
     your communications with many major websites, making your browsing
     more secure.
0cca7a2e
     </p>
d9e2550d
 
0cca7a2e
     <a id="project-vidalia"></a>
     <h3><a href="<page projects/vidalia>">Vidalia</a> (<a
88bc181d
     href="https://gitweb.torproject.org/vidalia.git">code</a>, <a
0cca7a2e
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Vidalia&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
     The most commonly used user interface for Tor. Matt Edman started the
     project in 2006 and brought it to its current stable state. Development
d9e2550d
     slowed for several years, though Tomás Touceda has since taken the
     lead with pushing the project forward.
0cca7a2e
     </p>
d9e2550d
 
0cca7a2e
     <a id="project-arm"></a>
93307f13
     <h3><a href="https://www.atagar.com/arm/">Arm</a> (<a
88bc181d
     href="https://gitweb.torproject.org/arm.git">code</a>, <a
0cca7a2e
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=arm&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
d0fdb761
     The anonymizing relay monitor (arm) is a terminal status monitor for Tor,
     intended for command-line aficionados, ssh connections, and anyone with a
     tty terminal. This works much like top does for system usage, providing
     real time statistics for bandwidth, resource usage, connections, and quite
     a bit more.
0cca7a2e
     </p>
d9e2550d
 
0cca7a2e
     <a id="project-orbot"></a>
     <h3><a href="https://guardianproject.info/apps/orbot/">Orbot</a> (<a
88bc181d
     href="https://gitweb.torproject.org/orbot.git">code</a>, <a
0cca7a2e
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Orbot&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
     <p>
     Provides Tor on the Android platform. This was under very active
     development up through Fall 2010, after which things have been quiet.
     </p>
 
     <a id="project-tails"></a>
     <h3><a href="https://tails.boum.org/">The Amnesic Incognito Live System</a> (<a
a97c32be
     href="https://git-tails.immerda.ch/tails/">code</a>, <a
     href="https://labs.riseup.net/code/projects/tails">bug
d9e2550d
     tracker</a>)</h3>
 
     <p>
     The Amnesic Incognito Live System is a live CD/USB distribution
     preconfigured so that everything is safely routed through Tor and leaves no
     trace on the local system. This is a merger of the Amnesia and <a
     href="http://www.anonymityanywhere.com/incognito/">Incognito</a> projects,
     and still under very active development.
     </p>
 
06b58579
     <a id="project-torramdisk"></a>
     <h3><a href="http://opensource.dyc.edu/tor-ramdisk">Tor-ramdisk</a> (<a
a97c32be
     href="https://gitweb.torproject.org/tor-ramdisk.git">code</a>, <a
ab7bd07f
     href="http://opensource.dyc.edu/tor-ramdisk-documentation">documentation</a>)</h3>
06b58579
 
     <p>
ab7bd07f
     Tor-ramdisk is a uClibc-based micro Linux distribution whose sole
     purpose is to securely host a Tor server purely in RAM.
06b58579
     </p>
 
d9e2550d
     <a id="project-torouter"></a>
     <h3><a
     href="<wiki>doc/Torouter">Torouter</a> (<a
bdf1b694
     href="https://gitweb.torproject.org/torouter.git">code</a>, <a
d9e2550d
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Torouter&order=priority">bug
     tracker</a>)</h3>
 
     <p>
     Project to provide an easy-to-use, embedded Tor instance for routers. This
     had high activity in late 2010, but has since been rather quiet.
     </p>
 
     <a id="project-torsocks"></a>
3ec08697
     <h3>Torsocks (<a
d9e2550d
     href="https://gitweb.torproject.org/torsocks.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Torify&order=priority">bug
     tracker</a>)</h3>
 
0cca7a2e
     <p>
d9e2550d
     Utility for adapting other applications to work with Tor. Development has
     slowed and compatibility issues remain with some platforms, but it's
     otherwise feature complete.
0cca7a2e
     </p>
d9e2550d
 
32114fbf
     <a id="project-torbirdy"></a>
     <h3>TorBirdy (<a
     href="https://github.com/ioerror/torbirdy">code</a>, <a
     href="https://trac.torproject.org/projects/tor/wiki/torbirdy/dev">bug
     tracker</a>)</h3>
d9e2550d
 
32114fbf
     <p>
     TorBirdy is Torbutton for Thunderbird and related Mozilla mail clients.
     </p>
d9e2550d
 
88e46aa1
     <a id="project-obfsproxy"></a>
1075af87
     <h3><a href="<page projects/obfsproxy>">Obfsproxy</a> (<a
a97c32be
     href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git">code</a>,
     <a href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Pluggable+transport&order=priority">bug
88e46aa1
     tracker</a>)</h3>
d9e2550d
 
88e46aa1
     <p>
     A proxy that shapes Tor traffic, making it harder for censors to detect and
bdf1b694
     block Tor. This has both a C and python implementation.
88e46aa1
     </p>
d9e2550d
 
7ffe50e7
     <p>
     <b>Project Ideas:</b><br />
     <i><a href="#betterPluggableTransports">Build Better Pluggable Transports</a></i>
     </p>
 
324ea3b4
     <a id="project-flash-proxy"></a>
     <h3><a href="https://crypto.stanford.edu/flashproxy/">Flash Proxy</a> (<a
     href="https://gitweb.torproject.org/flashproxy.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_information&status=needs_review&status=needs_revision&status=new&status=reopened&component=Flashproxy">bug
     tracker</a>)</h3>
d9e2550d
 
324ea3b4
     <p>
     Pluggable transport using proxies running in web browsers to defeat
     address-based blocking.
     </p>
d9e2550d
 
f5cdb594
     <a id="project-shadow"></a>
     <h3><a href="https://shadow.cs.umn.edu/">Shadow</a> (<a
     href="https://github.com/shadow">code</a>, <a
     href="https://github.com/shadow/shadow/issues">bug
     tracker</a>)</h3>
d9e2550d
 
f5cdb594
     <p>
     Shadow is a discrete-event network simulator that runs the real
     Tor software as a plug-in. Shadow is open-source software that enables
     accurate, efficient, controlled, and repeatable Tor experimentation.
3511b399
     For another simulator, see <a
     href="http://crysp.uwaterloo.ca/software/exptor/">ExperimenTor</a>.
f5cdb594
     </p>
d9e2550d
 
babe1edd
     <a id="project-stem"></a>
70959956
     <h3><a href="https://stem.torproject.org/">Stem</a> (<a
babe1edd
     href="https://gitweb.torproject.org/stem.git">code</a>, <a
0bf7cddc
     href="https://trac.torproject.org/projects/tor/wiki/doc/stem/bugs">bug
babe1edd
     tracker</a>)</h3>
d9e2550d
 
babe1edd
     <p>
3f60d6e0
     Python controller library for scripts and controller applications using
     Tor.
babe1edd
     </p>
d9e2550d
 
c8b5ab11
     <p>
     <b>Project Ideas:</b><br />
2b32413e
     <i><a href="#txtorcon-stemIntegration">Txtorcon/Stem Integration</a></i><br />
c8b5ab11
     </p>
d9e2550d
 
70767ed2
     <a id="project-txtorcon"></a>
a97c32be
     <h3><a href="https://txtorcon.readthedocs.org">Txtorcon</a> (<a
70767ed2
     href="https://github.com/meejah/txtorcon">code</a>, <a
a97c32be
     href="https://github.com/meejah/txtorcon/issues">bug tracker</a>)</h3>
d9e2550d
 
70767ed2
     <p>
     Twisted-based asynchronous Tor control protocol implementation. Includes
     unit-tests, examples, state-tracking code and configuration abstraction.
     Used by OONI and APAF.
     </p>
d9e2550d
 
2b32413e
     <p>
     <b>Project Ideas:</b><br />
     <i><a href="#txtorcon-stemIntegration">Txtorcon/Stem Integration</a></i>
     </p>
 
3d38438b
     <a id="project-tlsdate"></a>
     <h3>Tlsdate (<a href="https://github.com/ioerror/tlsdate">code</a>)</h3>
d9e2550d
 
3d38438b
     <p>
     tlsdate: secure parasitic rdate replacement
     </p>
d9e2550d
 
3d38438b
     <p>
     tlsdate sets the local clock by securely connecting with TLS to remote
     servers and extracting the remote time out of the secure handshake. Unlike
     ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS
     enabled service, and provides some protection against adversaries that try
     to feed you malicious time information.
     </p>
d9e2550d
 
0cca7a2e
     <a id="project-metrics"></a>
     <h3><a href="https://metrics.torproject.org/">Metrics</a> (code: <a
     href="https://gitweb.torproject.org/metrics-db.git">db</a>, <a
     href="https://gitweb.torproject.org/metrics-utils.git">utils</a>, <a
a97c32be
     href="https://gitweb.torproject.org/metrics-web.git">web</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
     Processing and analytics of consensus data, provided to users via the
     metrics portal. This has been under active development for several years by
3511b399
     Karsten Loesing. See also <a
     href="https://gitweb.torproject.org/torperf.git">TorPerf</a>.
0cca7a2e
     </p>
d9e2550d
 
c594fc88
     <a id="project-atlas"></a>
     <h3><a href="https://atlas.torproject.org/">Atlas</a> (<a
     href="https://gitweb.torproject.org/atlas.git">code</a>)</h3>
d9e2550d
 
c594fc88
     <p>
     Atlas is a web application to discover Tor relays and bridges. It provides
     useful information on how relays are configured along with graphics about
a574c275
     their past usage.
c594fc88
     </p>
d9e2550d
 
0cca7a2e
     <p>
a574c275
     This is the spiritual successor to <a
     href="https://gitweb.torproject.org/torstatus.git">TorStatus</a>, the <a
8df8dd03
     href="https://svn.torproject.org/svn/torstatus/trunk/">original
a574c275
     codebase</a> for which was written in PHP, and rewritten by students from
     Wesleyan as Django.
0cca7a2e
     </p>
d9e2550d
 
e6f83240
     <a id="project-globe"></a>
     <h3><a href="http://globe.rndm.de/">Globe</a> (<a
     href="https://github.com/makepanic/globe">code</a>, <a
     href="https://github.com/makepanic/globe/issues">bug tracker</a>)</h3>
 
     <p>
     Globe is a web application that allows you to search for Tor relays and
     bridges. It gives you a detailed overview of properties and configurations
     of a relay or bridge.
     </p>
 
6797fb18
     <a id="project-compass"></a>
     <h3><a href="https://compass.torproject.org/">Compass</a> (<a
     href="https://gitweb.torproject.org/compass.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Compass&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
6797fb18
     <p>
     Compass is a web and command line application that filters and
     aggregates the Tor relays based on various attributes.
     </p>
d9e2550d
 
     <a id="project-onionoo"></a>
     <h3><a href="<page projects/onionoo>">Onionoo</a> (<a
     href="https://gitweb.torproject.org/onionoo.git">java codebase</a>, <a
     href="https://gitweb.torproject.org/pyonionoo.git">python
bdf1b694
     codebase</a>, <a href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Onionoo&order=priority">bug tracker</a>)</h3>
d9e2550d
 
     <p>
     Onionoo is a JSON based protocol to learn information about currently
     running Tor relays and bridges.
     </p>
 
598f211a
     <a id="project-doctor"></a>
     <h3>DocTor (<a
     href="https://gitweb.torproject.org/doctor.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=DocTor&order=priority">bug
     tracker</a>)</h3>
 
     <p>
     DocTor is a notification service that monitors newly published descriptor
     information for issues. This is primarily a service to help the tor
     directory authority operators, but it also checks for a handful of other
     issues like sybil attacks.
     </p>
 
0cca7a2e
     <a id="project-weather"></a>
23357369
     <h3><a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Weather">Weather</a> (<a
0cca7a2e
     href="https://gitweb.torproject.org/weather.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Tor+Weather&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
     Provides automatic notification to subscribed relay operators when their
     relay's unreachable. This underwent a rewrite by the <a
     href="http://hfoss.wesleyan.edu/">Wesleyan HFOSS team</a>, which went live
     in early 2011.
     </p>
d9e2550d
 
0cca7a2e
     <a id="project-gettor"></a>
23357369
     <h3><a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/GetTor">GetTor</a> (<a
88bc181d
     href="https://gitweb.torproject.org/gettor.git">code</a>, <a
0cca7a2e
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=GetTor&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
     E-mail autoresponder providing Tor's packages over SMTP. This has been
     relatively unchanged for quite a while.
     </p>
d9e2550d
 
0cca7a2e
     <a id="project-torcheck"></a>
23357369
     <h3><a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorCheck">TorCheck</a> (<a
2091e2fb
     href="https://gitweb.torproject.org/check.git">code</a>, <a
0cca7a2e
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Tor+Check&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
2091e2fb
     Site for determining if the visitor is using Tor or not.
0cca7a2e
     </p>
d9e2550d
 
0cca7a2e
     <a id="project-bridgedb"></a>
23357369
     <h3><a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/BridgeDB">BridgeDB</a> (<a
0cca7a2e
     href="https://gitweb.torproject.org/bridgedb.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=BridgeDB&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
     Backend bridge distributor, handling the various pools they're distributed
     in. This was actively developed until Fall of 2010.
     </p>
d9e2550d
 
     <a id="project-ooni-probe"></a>
2c7af862
     <h3><a href="https://ooni.torproject.org/">Ooni Probe</a> (<a
d9e2550d
     href="https://gitweb.torproject.org/ooni-probe.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Ooni&order=priority">bug
     tracker</a>)</h3>
 
     <p>
     Censorship scanner, checking your local connection for blocked or modified
     content.
     </p>
 
2aa9e22e
     <p>
     <b>Project Ideas:</b><br />
b29528d0
     <i><a href="#censorshipAnalyzer">Develop a Censorship Analyzer</a></i>
2aa9e22e
     </p>
 
b5832ab9
     <a id="project-torps"></a>
     <h3>TorPS</a> (<a href="https://github.com/torps/torps">code</a>)</h3>
 
     <p>
     The Tor Path Simulator (TorPS) is a tool for efficiently simulating
     path selection in Tor. It chooses circuits and assigns user streams to
     those circuits in the same way that Tor does. TorPS is fast enough to
     perform thousands of simulations over periods of months.
     </p>
 
0cca7a2e
     <a id="project-torflow"></a>
23357369
     <h3><a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorFlow">TorFlow</a> (<a
0cca7a2e
     href="https://gitweb.torproject.org/torflow.git">code</a>, <a
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Torflow&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
     Library and collection of services for actively monitoring the Tor network.
     These include the Bandwidth Scanners (measuring throughput of relays) and
     SoaT (scans for malicious or misconfigured exit nodes). SoaT was last
     actively developed in the Summer of 2010, and the Bandwidth Scanners a few
     months later. Both have been under active use since then, but development
     has stopped.
     </p>
d9e2550d
 
0cca7a2e
     <a id="project-torbel"></a>
     <h3><a
65daad30
     href="https://blog.torproject.org/blog/torbel-tor-bulk-exit-list-tools">TorBEL</a> (<a
     href="https://gitweb.torproject.org/torbel.git">code</a>, <a
0cca7a2e
     href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=TorDNSEL/TorBEL&order=priority">bug
     tracker</a>)</h3>
d9e2550d
 
0cca7a2e
     <p>
     The Tor Bulk Exitlist provides a method of identifying if IPs belong to
     exit nodes or not. This is a replacement for TorDNSEL which is a stable
     (though unmaintained) Haskell application for this purpose. The initial
     version of TorBEL was started in GSOC 2010 but since then the project has
     been inactive.
     </p>
d9e2550d
 
     <a id="project-tor2web"></a>
     <h3><a
     href="http://wiki.tor2web.org/index.php/Main_Page">Tor2web</a> (<a
     href="https://github.com/globaleaks/tor2web-3.0/wiki">code</a>)</h3>
 
     <p>
     Tor2web allows Internet users to browse websites running in <a
     href="<page docs/hidden-services>">Tor hidden services</a>. It trades
     user anonymity for usability by allowing anonymous content to be
     distributed to non-anonymous users.
     </p>
 
06b58579
     <a id="project-anonbib"></a>
     <h3><a
     href="http://freehaven.net/anonbib/">Anonymity Bibliography</a> (<a
     href="https://gitweb.torproject.org/anonbib.git">code</a>)</h3>
 
     <p>
adc528c2
     Anonbib is a list of important papers in the field of anonymity. It's
     also a set of scripts to generate the website from Latex (bibtex). If
     we're missing any important papers, please let us know!
06b58579
     </p>
 
2a9aaa80
     <a id="Coding"></a>
     <a id="Summer"></a>
0cca7a2e
     <h2><a class="anchor" href="#Coding">Project Ideas</a></h2>
d9e2550d
 
2a9aaa80
     <p>
6459aca3
     You may find some of these projects to be good ideas for <a href="<page
     about/gsoc>">Google Summer of Code</a> and the <a
     href="https://live.gnome.org/OutreachProgramForWomen">Outreach Program for
cc7043a7
     Women</a>. We have labelled each idea with how much work we expect it would
     be (effort level), how much clue you should start with (skill level),
     and which of our <a href="<page about/corepeople>">core developers</a>
     would be good mentors. If one or more of these ideas looks promising to
     you, please <a href="<page about/contact>">contact us</a> to discuss your
     plans rather than sending blind applications. You may also want to propose
     your own project idea &mdash; which often results in the best applications.
2a9aaa80
     </p>
d9e2550d
 
2a9aaa80
     <ol>
d9e2550d
 
2b32413e
     <a id="txtorcon-stemIntegration"></a>
     <li>
     <b>Txtorcon/Stem Integration</b>
     <br>
     Effort Level: <i>Medium</i>
     <br>
     Skill Level: <i>Medium</i>
     <br>
     Likely Mentors: <i>meejah, Damian (atagar)</i>
     <p>Txtorcon is a Twisted-based Python controller library, and Stem is a
     synchronous (threaded) one, also in Python. There is no need to have
     two implementations of (at least) the protocol parsing code. This
     project would entail eliminating duplication by leveraging Stem's
     parsing in txtorcon while keeping txtorcon's API the same (or at least
     close).</p>
ad68be46
     <p>Besides this you should identify some additional tasks to improve our
     controller space across these two libraries. Some ideas are...</p>
     <ul>
       <li>Write a tutorial for <a
       href="https://stem.torproject.org/tutorials.html">stem's tutorial
       page</a> demonstrating cross txtorcon/stem usage.</li>
       <li>Expand the txtorcon API to include functionality of <a
       href="https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/control.py">stem's
       controller</a> that would be of interest to twisted users. All additions
       should include tests!</li>
       <li>Come up with some ideas of your own! We'd love to discuss them with
       you.</li>
     </ul>
2b32413e
     <p>This would very likely involve changes to both libraries, although
     most would be expected to be in txtorcon. meejah is available to
     mentor txtorcon changes, and Damian (atagar) can help with Stem.</p>
     <p>It would help if you're already familiar with event-based programming,
     bonus points if it's Twisted.</p>
     </li>
 
d9e2550d
     <a id="httpsImpersonation"></a>
aaca0320
     <li>
     <b>HTTPS Server Impersonation</b>
     <br>
     Effort Level: <i>Medium to High</i>
     <br>
     Skill Level: <i>Medium to High</i>
     <br>
     Likely Mentors: <i>Nick (nickm)</i>
8beb5672
     <p>
aaca0320
     We have an open proposal for a way to make Tor bridges avoid censorship by
     impersonating an HTTPS server.  Specifically, we need to hack some popular
     SSL "reverse proxy" (your choice) so that it relays regular web connections
     to an HTTP server, but certain connections to a local Tor process.  <a
     href="https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/203-https-frontend.txt">Proposal
     203</a> has a general design sketch.
8beb5672
     </p>
b45372fe
 
     <p>
     <b>This project is likely trickier than it looks. You should avoid applying
     for this if you're uncertain about being able to complete it.</b>
     </p>
     </li>
8beb5672
     </li>
d9e2550d
 
aaca0320
     <a id="chutneyExpansion"></a>
     <li>
     <b>Make Chutney Do More, More Reliably</b>
     <br>
     Effort Level: <i>Medium to High, depending on scope of project</i>
     <br>
     Skill Level: <i>Medium</i>
     <br>
8beb5672
     Likely Mentors: <i>Nick (nickm)</i>
     <p>
aaca0320
     We have a little Python tool called <a
     href="https://gitweb.torproject.org/nickm/chutney.git">Chutney</a> for
     making small local test networks.  It's small, not widely used, and not as
     automated as it could be.
8beb5672
     </p>
d9e2550d
 
8beb5672
     <p>
aaca0320
     It would be great to see chutney extended and a set of supporting tests
     built to the point where we could use Chutney to exercise various Tor
     features as an automated integration test.
8beb5672
     </p>
b45372fe
 
     <p>
     <b>As part of your application for this project please submit a patch that
     expands Chutney.</b>
     </p>
 
aaca0320
     </li>
d9e2550d
 
aaca0320
     <a id="torCleanup"></a>
2a9aaa80
     <li>
aaca0320
     <b>Tor Codebase Cleanup</b>
ed5ac546
     <br>
aaca0320
     Effort Level: <i>Low to High, depending on subproject chosen</i>
ed5ac546
     <br>
aaca0320
     Skill Level: <i>Medium to High</i>
ed5ac546
     <br>
aaca0320
     Likely Mentors: <i>Nick (nickm)</i>
81907ee0
     <p>
aaca0320
     The Tor code is almost 10 years old in places, and we haven't always had
     enough time or wisdom to write things as well as we could have.  Our unit
     test coverage is shamefully low, and the dependency graph of our modules is
     shamefully convoluted . We could use refactoring and unit tests!  Please
     look through the Tor source code and look for ugly or tricky code or
     dependencies -- the uglier and trickier the better -- and think about how
     you could make the code look better, read better, and (subject to testing)
     work better.
81907ee0
     </p>
d9e2550d
 
0cca7a2e
     <p>
aaca0320
     If this is for a fun side-project, it would be great for you to work on
     anything that can be made better and more tested.  For an internship-level
     position, we'd hope that you could find a number of particularly tricky or
     knotty piece of the code to clean up, and aim for resolving the ugliest
     problems, not necessarily the easiest.
0cca7a2e
     </p>
d9e2550d
 
81907ee0
     <p>
aaca0320
     For a big project here, it would be great to pick one of the major
     "submodules" of Tor -- path selection, node discovery, directory authority
     operations, directory service -- and refactor its interface completely, to
     minify and codify its points of contact with the rest of Tor.
81907ee0
     </p>
b45372fe
 
     <p>
     <b>As part of your application for this project please identify one of the
     thorniest Tor functions and submit a patch refactoring it to be better. If
     you find this to be difficult then this likely isn't the project for
     you.</b>
     </p>
81907ee0
     </li>
d9e2550d
 
7ffe50e7
     <a id="betterPluggableTransports"></a>
     <li>
     <b>Build Better Pluggable Transports</b>
     <br>
     Effort Level: <i>Medium to High</i>
     <br>
     Skill Level: <i>Medium</i>
     <br>
1be4da51
     Likely Mentors: <i>Steven (sjmurdoch), George (asn)</i>
7ffe50e7
     <p>
     For Tor users in censored countries, we currently offer <a
     href="https://www.torproject.org/projects/obfsproxy.html.en">obfsproxy</a>
     bridges, which disguise Tor traffic by making it look random. This works
     for many users, but it has disadvantages: firstly it does not disguise
     packet size and secondly it looks like no real protocol. These weaknesses
     may result in obfsproxy being blocked.
     </p>
 
     <p>
     The goal for this project will be to implement new pluggable transports,
     which resolve these weaknesses and so can be deployed if/when obfsproxy is
     blocked. Ideas for doing so include:
       <ul>
         <li>Impersonate a voice-over-IP protocol</li>
         <li>Impersonate HTTP sufficiently well that traffic will go through a HTTP-only proxy</li>
         <li>Implement <a href="http://cacr.uwaterloo.ca/techreports/2011/cacr2011-21.pdf">scanning resistance</a></a>
       </ul>
     </p>
 
     <a id="profileUDPTransport"></a>
     <li>
     <b>Profile UDP transport protocols</b>
     <br>
     Effort Level: <i>Medium to High</i>
     <br>
     Skill Level: <i>High</i>
     <br>
     Likely Mentors: <i>Steven (sjmurdoch)</i>
     <p>
     There are <a
     href="https://research.torproject.org/techreports/datagram-comparison-2011-11-07.pdf">lots
     of options</a> as to how Tor could send its data over UDP rather than TCP,
     and some will likely perform significantly better than others. This project
     will evaluate these options, so as to decide which should be used in future
     versions of Tor. A first step will be to benchmark the various transport
     protocols being considered, in terms of performance and also code quality,
     including userspace TCP, <a
     href="https://github.com/bittorrent/libutp">&mu;TP</a>, <a
     href="http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol">SCTP</a>
     and <a href="http://curvecp.org/">CurveCP</a>. Initially these transport
     protocols will be examined in isolation, but if the project progresses well
     one or more could be integrated in Tor.
     </p>
     </li>
 
bfd0aee2
     <a id="httpsEverywhereRulesetTesting"></a>
     <li>
     <b>Incorporate Ruleset Testing into the HTTPS Everywhere release process</b>
     <br>
     Effort Level: <i>Medium</i>
     <br>
     Skill Level: <i>Medium</i>
     <br>
9991227d
     Likely Mentors: <i>Peter Eckersley (pde), Micah Lee</i>
bfd0aee2
     <p>
 Ondrej Mikle has implemented a codebase for testing HTTPS Everywhere rulesets
 by crawling pages that are affected by the ruleset (<a href="https://github.com/hiviah/https-everywhere-checker">repository</a>).
     </p>
 
     <p>
 This codebase still has some rough edges that need to be smoothed over, but
 once those are done it should be incorporated into the HTTPS Everywhere build
 process, in order to improve the quality of our releases.
     </p>
     </li>
 
b29528d0
     <a id="censorshipAnalyzer"></a>
     <li>
     <b>Develop a Censorship Analyzer</b>
     <br>
     Effort Level: <i>Medium</i>
     <br>
     Skill Level: <i>Medium to High (depends on the implemented tests)</i>
     <br>
     Likely Mentors: <i>Philipp (phw)</i>
     <p>
 Tor is documented to be blocked in <a
 href="https://censorshipwiki.torproject.org">several countries</a>. Analyzing
 these censorship incidents can be a tedious task; especially without access to
 machines inside the censoring networks. To make analysis easier, it would be
 great to have a lightweight analysis tool which can be run by censored users.
 This tool would conduct a number of networking tests and figure out if and how
 Tor could be blocked. The tool's final report should then somehow make it back
 to the Tor project.
     </p>
 
     <p>
 The theory behind this tool is already <a
aa986fa9
 href="http://www.cs.kau.se/philwint/pdf/foci2013.pdf">documented
b29528d0
 in a research paper</a>. What we now need is code! Implementing it would first
 mean getting familiar with <a href="https://ooni.torproject.org">OONI</a> and
 <a href="http://twistedmatrix.com/trac/">Twisted</a>. After that, the tool
 should be implemented as a number of OONI-specific networking tests.
     </p>
     </li>
 
2a9aaa80
     <li>
     <b>Bring up new ideas!</b>
ed5ac546
     <br>
2a9aaa80
     Don't like any of these? Look at the <a
42bf9f69
     href="/press/presskit/2008-12-19-roadmap-full.pdf">Tor development
2a9aaa80
     roadmap</a> for more ideas, or just try out Tor, Vidalia, and Torbutton,
     and find out what you think needs fixing.
365df400
     Some of the <a href="<spectree>proposals">current proposals</a>
2a9aaa80
     might also be short on developers.
     </li>
d9e2550d
 
2a9aaa80
     </ol>
d9e2550d
 
2a9aaa80
     <a id="OtherCoding"></a>
     <h2><a class="anchor" href="#OtherCoding">Other Coding and Design related ideas</a></h2>
     <ol>
     <li>Tor relays don't work well on Windows XP. On
     Windows, Tor uses the standard <tt>select()</tt> system
     call, which uses space in the non-page pool. This means
     that a medium sized Tor relay will empty the non-page pool, <a
81720f6d
     href="<wiki>doc/WindowsBufferProblems">causing
2a9aaa80
     havoc and system crashes</a>. We should probably be using overlapped IO
     instead. One solution would be to teach <a
     href="http://www.monkey.org/~provos/libevent/">libevent</a> how to use
     overlapped IO rather than select() on Windows, and then adapt Tor to
     the new libevent interface. Christian King made a
     <a href="https://svn.torproject.org/svn/libevent-urz/trunk/">good
     start</a> on this in the summer of 2007.</li>
d9e2550d
 
2a9aaa80
     <li>We need to actually start building our <a href="<page
     docs/documentation>#DesignDoc">blocking-resistance design</a>. This involves
     fleshing out the design, modifying many different pieces of Tor, adapting
     <a href="<page projects/vidalia>">Vidalia</a> so it supports the
     new features, and planning for deployment.</li>
d9e2550d
 
2a9aaa80
     <li>We need a flexible simulator framework for studying end-to-end
     traffic confirmation attacks. Many researchers have whipped up ad hoc
     simulators to support their intuition either that the attacks work
     really well or that some defense works great. Can we build a simulator
     that's clearly documented and open enough that everybody knows it's
     giving a reasonable answer? This will spur a lot of new research.
     See the entry <a href="#Research">below</a> on confirmation attacks for
     details on the research side of this task &mdash; who knows, when it's
     done maybe you can help write a paper or three also.</li>
d9e2550d
 
f9530dd4
     <li>Tor 0.1.1.x and later include support for hardware crypto
     accelerators via OpenSSL. It has been lightly tested and is
     possibly very buggy.  We're looking for more rigorous testing,
8a891203
     performance analysis, and optimally, code fixes to OpenSSL and
f9530dd4
     Tor if needed.</li>
d9e2550d
 
8cb6a52f
     <li>Write a <a
     href="https://secure.wikimedia.org/wikipedia/en/wiki/Fuzz_testing">fuzzer</a>
     for Tor to discover security vulnerabilities. Determine if there
     are good fuzzing frameworks out there for what we want. Win fame by
2a9aaa80
     getting credit when we put out a new release because of you!</li>
d9e2550d
 
2a9aaa80
     <li>Tor uses TCP for transport and TLS for link
     encryption. This is nice and simple, but it means all cells
     on a link are delayed when a single packet gets dropped, and
     it means we can only reasonably support TCP streams. We have a <a
6090d0c4
     href="<page docs/faq>#TransportIPnotTCP">list
2a9aaa80
     of reasons why we haven't shifted to UDP transport</a>, but it would
     be great to see that list get shorter. We also have a proposed <a
365df400
     href="<specblob>proposals/100-tor-spec-udp.txt">specification
2a9aaa80
     for Tor and
     UDP</a> &mdash; please let us know what's wrong with it.</li>
d9e2550d
 
2a9aaa80
     <li>We're not that far from having IPv6 support for destination addresses
     (at exit nodes). If you care strongly about IPv6, that's probably the
     first place to start.</li>
d9e2550d
 
2a9aaa80
     <li>We need a way to generate the website diagrams (for example, the "How
     Tor Works" pictures on the <a href="<page about/overview>">overview page</a>
     from source, so we can translate them as UTF-8 text rather than edit
     them by hand with Gimp. We might want to
     integrate this as an wml file so translations are easy and images are
     generated in multiple languages whenever we build the website.</li>
d9e2550d
 
2a9aaa80
     <li>How can we make the various LiveCD/USB systems easier
     to maintain, improve, and document?  One example is <a
c34cd538
     href="https://tails.boum.org/">The Amnesic Incognito Live
2a9aaa80
     System</a>.
     </li>
d9e2550d
 
2a9aaa80
     <li>
     Another anti-censorship project is to try to make Tor
     more scanning-resistant.  Right now, an adversary can identify <a
365df400
     href="<specblob>proposals/125-bridges.txt">Tor bridges</a>
2a9aaa80
     just by trying to connect to them, following the Tor protocol,
     and seeing if they respond.  To solve this, bridges could <a
     href="<svnprojects>design-paper/blocking.html#tth_sEc9.3">act like
     webservers</a> (HTTP or HTTPS) when contacted by port-scanning tools,
     and not act like bridges until the user provides a bridge-specific key.
     To start, check out Shane Pope's <a
     href="http://dl.dropbox.com/u/37735/index.html">thesis and prototype</a>.
     </li>
d9e2550d
 
2a9aaa80
     </ol>
d9e2550d
 
2a9aaa80
     <a id="Research"></a>
     <h2><a class="anchor" href="#Research">Research</a></h2>
     <ol>
     <li>The "end-to-end traffic confirmation attack":
     by watching traffic at Alice and at Bob, we can <a
     href="http://freehaven.net/anonbib/#danezis:pet2004">compare
     traffic signatures and become convinced that we're watching the same
     stream</a>. So far Tor accepts this as a fact of life and assumes this
     attack is trivial in all cases. First of all, is that actually true? How
     much traffic of what sort of distribution is needed before the adversary
     is confident he has won? Are there scenarios (e.g. not transmitting much)
     that slow down the attack? Do some traffic padding or traffic shaping
     schemes work better than others?</li>
     <li>A related question is: Does running a relay/bridge provide additional
     protection against these timing attacks? Can an external adversary that can't
     see inside TLS links still recognize individual streams reliably?
     Does the amount of traffic carried degrade this ability any? What if the
     client-relay deliberately delayed upstream relayed traffic to create a queue
     that could be used to mimic timings of client downstream traffic to make it
     look like it was also relayed? This same queue could also be used for masking
     timings in client upstream traffic with the techniques from <a
     href="http://www.freehaven.net/anonbib/#ShWa-Timing06">adaptive padding</a>,
     but without the need for additional traffic. Would such an interleaving of
     client upstream traffic obscure timings for external adversaries? Would the
     strategies need to be adjusted for asymmetric links? For example, on
     asymmetric links, is it actually possible to differentiate client traffic from
     natural bursts due to their asymmetric capacity? Or is it easier than
     symmetric links for some other reason?</li>
     <li>Repeat Murdoch and Danezis's <a
     href="http://www.cl.cam.ac.uk/~sjm217/projects/anon/#torta">attack from
     Oakland 05</a> on the current Tor network. See if you can learn why it
     works well on some nodes and not well on others. (My theory is that the
     fast nodes with spare capacity resist the attack better.) If that's true,
     then experiment with the RelayBandwidthRate and RelayBandwidthBurst
     options to run a relay that is used as a client while relaying the
     attacker's traffic: as we crank down the RelayBandwidthRate, does the
     attack get harder? What's the right ratio of RelayBandwidthRate to
     actually capacity? Or is it a ratio at all? While we're at it, does a
     much larger set of candidate relays increase the false positive rate
     or other complexity for the attack? (The Tor network is now almost two
     orders of magnitude larger than it was when they wrote their paper.) Be
     sure to read <a href="http://freehaven.net/anonbib/#clog-the-queue">Don't
     Clog the Queue</a> too.</li>
     <li>The "routing zones attack": most of the literature thinks of
     the network path between Alice and her entry node (and between the
     exit node and Bob) as a single link on some graph. In practice,
     though, the path traverses many autonomous systems (ASes), and <a
     href="http://freehaven.net/anonbib/#feamster:wpes2004">it's not uncommon
     that the same AS appears on both the entry path and the exit path</a>.
     Unfortunately, to accurately predict whether a given Alice, entry,
     exit, Bob quad will be dangerous, we need to download an entire Internet
     routing zone and perform expensive operations on it. Are there practical
     approximations, such as avoiding IP addresses in the same /8 network?</li>
     <li>Other research questions regarding geographic diversity consider
     the tradeoff between choosing an efficient circuit and choosing a random
     circuit. Look at Stephen Rollyson's <a
     href="http://swiki.cc.gatech.edu:8080/ugResearch/uploads/7/ImprovingTor.pdf">position
     paper</a> on how to discard particularly slow choices without hurting
     anonymity "too much". This line of reasoning needs more work and more
     thinking, but it looks very promising.</li>
     <li>Tor doesn't work very well when relays have asymmetric bandwidth
     (e.g. cable or DSL). Because Tor has separate TCP connections between
     each hop, if the incoming bytes are arriving just fine and the outgoing
     bytes are all getting dropped on the floor, the TCP push-back mechanisms
     don't really transmit this information back to the incoming streams.
     Perhaps Tor should detect when it's dropping a lot of outgoing packets,
     and rate-limit incoming streams to regulate this itself? I can imagine
     a build-up and drop-off scheme where we pick a conservative rate-limit,
     slowly increase it until we get lost packets, back off, repeat. We
     need somebody who's good with networks to simulate this and help design
     solutions; and/or we need to understand the extent of the performance
     degradation, and use this as motivation to reconsider UDP transport.</li>
     <li>A related topic is congestion control. Is our
     current design sufficient once we have heavy use? Maybe
     we should experiment with variable-sized windows rather
     than fixed-size windows? That seemed to go well in an <a
5e39bb9c
     href="http://www.psc.edu/index.php/hpn-ssh/638">ssh
2a9aaa80
     throughput experiment</a>. We'll need to measure and tweak, and maybe
     overhaul if the results are good.</li>
     <li>Our censorship-resistance goals include preventing
     an attacker who's looking at Tor traffic on the wire from <a
     href="<svnprojects>design-paper/blocking.html#sec:network-fingerprint">distinguishing
     it from normal SSL traffic</a>. Obviously we can't achieve perfect
     steganography and still remain usable, but for a first step we'd like to
     block any attacks that can win by observing only a few packets. One of
     the remaining attacks we haven't examined much is that Tor cells are 512
     bytes, so the traffic on the wire may well be a multiple of 512 bytes.
     How much does the batching and overhead in TLS records blur this on the
     wire? Do different buffer flushing strategies in Tor affect this? Could
     a bit of padding help a lot, or is this an attack we must accept?</li>
     <li>Tor circuits are built one hop at a time, so in theory we have the
     ability to make some streams exit from the second hop, some from the
     third, and so on. This seems nice because it breaks up the set of exiting
     streams that a given relay can see. But if we want each stream to be safe,
     the "shortest" path should be at least 3 hops long by our current logic, so
     the rest will be even longer. We need to examine this performance / security
     tradeoff.</li>
     <li>It's not that hard to DoS Tor relays or directory authorities. Are client
     puzzles the right answer? What other practical approaches are there? Bonus
     if they're backward-compatible with the current Tor protocol.</li>
     <li>Programs like <a
092e1ed5
     href="<page torbutton/index>">Torbutton</a> aim to hide
2a9aaa80
     your browser's UserAgent string by replacing it with a uniform answer for
     every Tor user. That way the attacker can't splinter Tor's anonymity set
     by looking at that header. It tries to pick a string that is commonly used
     by non-Tor users too, so it doesn't stand out. Question one: how badly
     do we hurt ourselves by periodically updating the version of Firefox
     that Torbutton claims to be? If we update it too often, we splinter the
     anonymity sets ourselves. If we don't update it often enough, then all the
     Tor users stand out because they claim to be running a quite old version
     of Firefox. The answer here probably depends on the Firefox versions seen
     in the wild. Question two: periodically people ask us to cycle through N
     UserAgent strings rather than stick with one. Does this approach help,
     hurt, or not matter? Consider: cookies and recognizing Torbutton users
     by their rotating UserAgents; malicious websites who only attack certain
     browsers; and whether the answers to question one impact this answer.
     </li>
     <li>How many bridge relays do you need to know to maintain
     reachability? We should measure the churn in our bridges. If there is
     lots of churn, are there ways to keep bridge users more likely to stay
     connected?
     </li>
     </ol>
d9e2550d
 
2a9aaa80
     <p>
     <a href="<page about/contact>">Let us know</a> if you've made progress on any
     of these!
     </p>
   </div>
   <!-- END MAINCOL -->
   <div id = "sidecol">
 #include "side.wmi"
 #include "info.wmi"
   </div>
   <!-- END SIDECOL -->
 </div>
 <!-- END CONTENT -->
d9e2550d
 #include <foot.wmi>