6090d0c406df945a3a2595dfd1d860fde45e8588
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

1) ## translation metadata
Roger Dingledine looks like we never set the...

Roger Dingledine authored 14 years ago

2) # Revision: $Revision$
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

3) # Translation-Priority: 4-optional
4) 
5) #include "head.wmi" TITLE="Tor: Volunteer" CHARSET="UTF-8"
6) <div id="content" class="clearfix">
7)   <div id="breadcrumbs">
Andrew Lewman change all of the breadcrum...

Andrew Lewman authored 14 years ago

8)     <a href="<page index>">Home &raquo; </a>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

9)     <a href="<page getinvolved/volunteer>">Volunteer</a>
10)   </div>
11)   <div id="maincol"> 
12)     <!-- PUT CONTENT AFTER THIS TAG -->
13)     <h1>A few things everyone can do now:</h1>
14)     <ol>
15)     <li>Please consider <a href="<page docs/tor-doc-relay>">running
16)     a relay</a> to help the Tor network grow.</li>
17)     <li>Tell your friends! Get them to run relays. Get them to run hidden
18)     services. Get them to tell their friends.</li>
19)     <li>If you like Tor's goals, please <a href="<page donate/donate>">take a moment
20)     to donate to support further Tor development</a>. We're also looking
21)     for more sponsors &mdash; if you know any companies, NGOs, agencies,
22)     or other organizations that want anonymity / privacy / communications
23)     security, let them know about us.</li>
24)     <li>We're looking for more <a href="<page about/torusers>">good examples of Tor
25)     users and Tor use cases</a>. If you use Tor for a scenario or purpose not
26)     yet described on that page, and you're comfortable sharing it with us,
27)     we'd love to hear from you.</li>
28)     </ol>
29)     
30)     <p>Tor has <a href="<page getinvolved/open-positions>">two open positions</a>.
31)     Please <a href="<page about/contact>">contact us</a> if you are qualified!</p>
32)     
33)     <a id="Documentation"></a>
34)     <h2><a class="anchor" href="#Documentation">Documentation</a></h2>
35)     <ol>
36)     <li>Help translate the web page and documentation into other
37)     languages. See the <a href="<page getinvolved/translation>">translation
38)     guidelines</a> if you want to help out. We especially need Arabic or
39)     Farsi translations, for the many Tor users in censored areas.</li>
40)     <li>Evaluate and document
41)     <a href="https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorifyHOWTO">our
42)     list of programs</a> that can be configured to use Tor.</li>
43)     <li>We have a huge list of <a
44)     href="https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/SupportPrograms">potentially useful
45)     programs that interface to Tor</a>. Which ones are useful in which
46)     situations? Please help us test them out and document your results.</li>
47)     </ol>
48)     
49)     <a id="Advocacy"></a>
50)     <h2><a class="anchor" href="#Advocacy">Advocacy</a></h2>
51)     <ol>
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

52)     <li>Create a <a
53) href="https://trac.torproject.org/projects/tor/wiki/CommunityLogos">community
54) logo</a> under a Creative Commons license that all can use and modify.</li>
55)     <li>Create a presentation that can be used for various user group
56) meetings around the world.</li>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

57)     <li>Create a video about the positive uses of Tor, what Tor is,
58)     or how to use it.  Some have already started on <a
59)     href="http://media.torproject.org/video/">Tor's Media server</a>,
60)     <a
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

61)     href="http://www.howcast.com/videos/90601-How-To-Circumvent-an-Internet-Proxy">Howcast</a>,
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

62)     and <a href="http://www.youtube.com/thetorproject">YouTube</a>.</li> 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

63)     <li>Create a poster, or a set of posters, around a theme,
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

64)     such as "Tor for Freedom!".</li>
Andrew Lewman add another advocacy thing.

Andrew Lewman authored 14 years ago

65)     <li>Create a t-shirt design that incorporates "Congratulations!
66)     You are using Tor!" in any language.</li>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

67)     </ol>
68)     
69)     <a id="Coding"></a>
70)     <a id="Summer"></a>
71)     <a id="Projects"></a>
72)     <h2><a class="anchor" href="#Projects">Good Coding Projects</a></h2>
73)     
74)     <p>
75)     You may find some of these projects to be good <a href="<page
Andrew Lewman bump gsoc to 2011.

Andrew Lewman authored 13 years ago

76)     about/gsoc>">Google Summer of Code 2011</a> ideas. We have labelled each idea
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

77)     with how useful it would be to the overall Tor project (priority), how
78)     much work we expect it would be (effort level), how much clue you should
79)     start with (skill level), and which of our <a href="<page
Andrew Lewman remove more dead links.

Andrew Lewman authored 14 years ago

80)     about/corepeople>">core developers</a> would be good mentors.
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

81)     If one or more of these ideas looks promising to you, please <a
82)     href="<page about/contact>">contact us</a> to discuss your plans rather than
83)     sending blind applications. You may also want to propose your own project
84)     idea &mdash; which often results in the best applications.
85)     </p>
86)     
87)     <ol>
88)     
89)     <li>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

90)     <b>Audit Tor Browser Bundles for data leaks</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

91)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

92)     Priority: <i>High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

93)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

94)     Effort Level: <i>High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

95)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

96)     Skill Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

97)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

98)     Likely Mentors: <i>Steven, Erinn, Jacob, Andrew</i>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

99)     <p>The Tor Browser Bundle incorporates Tor, Firefox, Polipo, and the Vidalia
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

100)     user interface (and optionally the <a href="http://pidgin.im/">Pidgin</a>
101)     Instant Messaging client). Components are pre-configured to operate in a
102)     secure way, and it has very few dependencies on the installed operating
103)     system. It has therefore become one of the most easy to use, and popular,
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

104)     ways to use Tor on Windows.</p>
105)     <p>This project is to identify all of the traces left behind by
106)     using a Tor Browser Bundle on Windows, Mac OS X, or Linux.  Developing
107)     ways to stop, counter, or remove these traces is a final step.</p>
108)     <p>Students should be familiar with operating system analysis,
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

109)     application development on one or preferably all of Windows, Linux,
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

110)     and Mac OS X, and be comfortable with C/C++ and shell scripting.</p>
111)     <p>If you would like to help extend or do security auditing for
112)     TBB, please contact Erinn.</p>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

113)     </li>
114)     
115)     <li>
116)     <b>Help track the overall Tor Network status</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

117)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

118)     Priority: <i>Medium to High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

119)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

120)     Effort Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

121)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

122)     Skill Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

123)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

124)     Likely Mentors: <i>Karsten, Roger</i>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

125)     <p>It would be great to set up an automated system for tracking network
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

126)     health over time, graphing it, etc. Part of this project would involve
127)     inventing better metrics for assessing network health and growth. Is the
128)     average uptime of the network increasing? How many relays are qualifying
129)     for Guard status this month compared to last month? What's the turnover
130)     in terms of new relays showing up and relays shutting off? Periodically
131)     people collect brief snapshots, but where it gets really interesting is
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

132)     when we start tracking data points over time.</p>
133)     <p>Data could be collected from the Tor Network Scanners in <a
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

134)     href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>, from
135)     the server descriptors that each relay publishes, and from other
136)     sources. Results over time could be integrated into one of the <a
137)     href="https://torstatus.blutmagie.de/">Tor Status</a> web pages, or be
138)     kept separate. Speaking of the Tor Status pages, take a look at Roger's
139)     <a href="http://archives.seul.org/or/talk/Jan-2008/msg00300.html">Tor
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

140)     Status wish list</a>.</p>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

141)     </li>
142)     
143)     <li>
144)     <b>Improving Tor's ability to resist censorship</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

145)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

146)     Priority: <i>Medium to High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

147)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

148)     Effort Level: <i>Medium to High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

149)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

150)     Skill Level: <i>High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

151)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

152)     Likely Mentors: <i>Roger, Nick, Steven</i>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

153)     <p>The Tor 0.2.1.x series makes <a
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

154)     href="<svnprojects>design-paper/blocking.html">significant
155)     improvements</a> in resisting national and organizational censorship.
156)     But Tor still needs better mechanisms for some parts of its
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

157)     anti-censorship design.</p>
158)     <p>One huge category of work is adding features to our <a
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

159)     href="http://gitweb.torproject.org/bridgedb.git?a=tree">BridgeDB</a>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

160)     service (Python). Tor aims to give out <a href="<page docs/bridges>">bridge
161)     relay addresses</a> to users that can't reach the Tor network
162)     directly, but there's an arms race between algorithms for distributing
163)     addresses and algorithms for gathering and blocking them. See <a
Roger Dingledine fix another 404 from the fr...

Roger Dingledine authored 14 years ago

164)     href="<blog>bridge-distribution-strategies">our
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

165)     blog post on the topic</a> as an overview, and then look at <a
166)     href="http://archives.seul.org/or/dev/Dec-2009/msg00000.html">Roger's
167)     or-dev post</a> from December for more recent thoughts &mdash; lots of
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

168)     design work remains.</p>
169)     <p>If you want to get more into the guts of Tor itself (C), a more minor problem
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

170)     we should address is that current Tors can only listen on a single
171)     address/port combination at a time. There's
172)     <a href="<gitblob>doc/spec/proposals/118-multiple-orports.txt">a
173)     proposal to address this limitation</a> and allow clients to connect
174)     to any given Tor on multiple addresses and ports, but it needs more
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

175)     work.</p>
176)     <p>This project could involve a lot of research and design. One of the big
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

177)     challenges will be identifying and crafting approaches that can still
178)     resist an adversary even after the adversary knows the design, and
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

179)     then trading off censorship resistance with usability and
180)     robustness.</p>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

181)     </li>
182)     
183)     <li>
184)     <b>Tor Controller Status Event Interface for Vidalia</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

185)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

186)     Priority: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

187)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

188)     Effort Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

189)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

190)     Skill Level: <i>Low to Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

191)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

192)     Likely Mentors: <i>Matt</i>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

193)     <p>There are a number of status changes inside Tor of which the user may need
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

194)     to be informed. For example, if the user is trying to set up his Tor as a
195)     relay and Tor decides that its ports are not reachable from outside
196)     the user's network, we should alert the user. Currently, all the user
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

197)     gets is a couple of log messages in Vidalia's 'message log' window, which they
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

198)     likely never see since they don't receive a notification that something
199)     has gone wrong. Even if the user does actually look at the message log,
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

200)     most of the messages make little sense to the novice user.</p>
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

201)     <p>Tor has the ability to inform Vidalia of many such status
202)     changes, and we recently implemented support for a couple of these
203)     events. Still, there are many more status events which the user should
204)     be informed of, and we need a better UI for actually displaying them
205)     to the user.</p>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

206)     <p>The goal of this project then is to design and implement a UI for
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

207)     displaying Tor status events to the user. For example, we might put a
208)     little badge on Vidalia's tray icon that alerts the user to new status
209)     events they should look at. Double-clicking the icon could bring up a
210)     dialog that summarizes recent status events in simple terms and maybe
211)     suggests a remedy for any negative events if they can be corrected by
212)     the user. Of course, this is just an example and one is free to
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

213)     suggest another approach.</p>
214)     <p>A person undertaking this project should have good UI design and layout
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

215)     skills and some C++ development experience. Previous experience with Qt and
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

216)     Qt's Designer will be very helpful, but are not required. Some
217)     English writing ability will also be useful, since this project will
218)     likely involve writing small amounts of help documentation that should
219)     be understandable by non-technical users. Bonus points for some graphic
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

220)     design/Photoshop fu, since we might want/need some shiny new icons too.</p>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

221)     </li>
222)     
Damian Johnson Adding a volunteer project...

Damian Johnson authored 13 years ago

223)     <li>
224)     <b>Client Mode Use Cases for Arm</b>
225)     <br>
226)     Priority: <i>Medium</i>
227)     <br>
228)     Effort Level: <i>High</i>
229)     <br>
230)     Skill Level: <i>Medium</i>
231)     <br>
232)     Likely Mentors: <i>Damian</i>
233)     <p><a href="<page projects/arm>">Arm</a> is a Tor command line status
234)     monitor on *nix environments (Linux, Mac, and BSD). It functions much like
235)     top does, giving a CLI overlay of Tor's bandwidth usage, connections,
236)     configuration, log, etc. Thus far its design has been geared for Tor relay
237)     operators. However, this doesn't need to be the case. This project would be
238)     to expand and simplify arm to make it useful for Tor's client users
239)     too.</p>
240)     
241)     <p>This would include UI design, experimenting, and a lot of python
242)     hacking. Here's some ideas for client functionality arm could provide:</p>
243)     
244)     <ul>
245)       <li>A panel for client connections, showing each hop of the user's
246)       circuits with the ISP, country, and jurisdiction where those relays
247)       reside. Other interesting information would be the circuit's latency, how
248)       long its been around, and its possible exit ports. Some of this will be
249)       pretty tricky and require some experimentation to figure out what
250)       information can be fetched safely (for instance, scraping rdns and whois
251)       lookups could give hints about a relay's ISP, but we'd need to do it on
252)       all Tor relays to avoid leaking our connections to the resolver).</li>
253)       
254)       <li>Options to let the user request new circuits (the &quot;New
255)       Identity&quot; feature in Vidalia), select the exit country, etc.</li>
256)       
257)       <li>A panel showing Internet application and if their connections are
258)       being routed through Tor or not (giving a warning if there's leaks).</li>
259)       
260)       <li>The status of the bridges we're configured to use (ie, are they up?).
261)       This would include adding control port functionality to Tor for <a
262)       href="https://trac.torproject.org/projects/tor/ticket/2068">ticket
263)       2068</a>.</li>
264)       
265)       <li>A one click option to set Tor to be a client, relay, or bridge. The
266)       goal would be to make it trivial for users to voluntarily contribute to
267)       the Tor network.</li>
268)       
269)       <li>Menus as an alternative to hotkeys to make the interface more
270)       intuitive and usable for beginners (<a
271)       href="http://gnosis.cx/publish/programming/charming_python_6.html">example</a>).</li>
272)       
273)       <li>Look at Vidalia and TorK for ideas and solicit input from the Tor community.</li>
274)       
275)       <li>Make it easier for users to install arm by <a
276)       href="https://secure.wikimedia.org/wikipedia/en/wiki/Opkg">packaging for
277)       OpenWrt</a> (as a UI for the <a
278)       href="https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/Torouter">Torouter
279)       project</a>) and Macs.</li>
280)     </ul>
281)     
282)     <p>For more project ideas see arm's <a
283)     href="https://svn.torproject.org/svn/arm/trunk/TODO">TODO</a>.</p>
284)     </li>
285)     
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

286)     <li>
287)     <b>Improve our unit testing process</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

288)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

289)     Priority: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

290)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

291)     Effort Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

292)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

293)     Skill Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

294)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

295)     Likely Mentors: <i>Nick, Erinn</i>
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

296)     <p>Tor needs to be tested far more thoroughly. This is a
297)     multi-part effort. To start with, our unit test coverage should
298)     rise substantially, especially in the areas outside the utility
299)     functions. This will require significant refactoring of some parts
300)     of Tor, in order to dissociate as much logic as possible from
301)     globals.</p>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

302)     <p>Additionally, we need to automate our performance testing. We've got
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

303)     buildbot to automate our regular integration and compile testing already
304)     (though we need somebody to set it up on Windows),
305)     but we need to get our network simulation tests (as built in <a
306)     href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>)
307)     updated for more recent versions of Tor, and designed to launch a test
308)     network either on a single machine, or across several, so we can test
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

309)     changes in performance on machines in different roles automatically.</p>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

310)     </li>
311)     
312)     <li>
313)     <b>Help with independent Tor client implementations</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

314)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

315)     Priority: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

316)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

317)     Effort Level: <i>High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

318)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

319)     Skill Level: <i>Medium to High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

320)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

321)     Likely Mentors: <i>Bruce, Nathan</i>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

322)     <p>Others are currently working on Tor clients for Java, Android, and Maemo
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

323)     environments.  The first step is to get a handle on the current state of
324)     the project in which you are interested in helping; <a
325)     href="http://github.com/brl/JTor">Tor for Java</a>,
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

326)     <a href="https://svn.torproject.org/svn/projects/android/trunk/">Android/Orbot</a>,
327)      or <a href="<page docs/N900>">Tor for Maemo</a>. Check out the
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

328)     repository and familiarize yourself
329)     with the source code.  Further, support for requesting or even providing
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

330)     Tor hidden services would be neat, but not required.</p>
331)     <p>A prospective developer should be able to understand and write new Java
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

332)     code, including a Java cryptography API. Being able to read C code would be helpful,
333)     too. One should be willing to read the existing documentation,
334)     implement code based on it, and refine the documentation
335)     when things are underdocumented. This project is mostly about coding and
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

336)     to a small degree about design.</p>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

337)     </li>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

338) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

339)     <li>
340)     <b>More on Orbot &amp; Android OS-specific development</b>
341)     <br/>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

342)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

343)     Priority: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

344)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

345)     Effort Level: <i>High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

346)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

347)     Skill Level: <i>Medium to High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

348)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

349)     Likely Mentors: <i>Nathan</i>
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

350)     <p><b>Android Java UI work:</b> Improved home screen to show better
351)     statistics about data transferred (up/down), number of circuits
352)     connected, quality of connection and so on. The "Tether Wifi"
353)     Android application is a good model to follow in how it shows
354)     a realtime count of bytes transferred as well as notifications
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

355)     when wifi clients connect. In addition, better display/handling
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

356)     of Tor system/error messages would also be very helpful. Finally,
357)     the addition of a wizard or tutorial walkthrough for novice
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

358)     users to explain to them exactly what is and what is not anonymized
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

359)     or protected would greatly improve the likelihood they will use
360)     Orbot correctly.</p>
361)     
362)     <p><b>Android Java OS/Core app work:</b> Better system-wide
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

363)     indication, either via the notification bar, "Toast" pop-up dialogs
364)     or some other indicator, that an application's traffic is indeed
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

365)     moving through Orbot/Tor. For instance, right now you need to
366)     first go to a torcheck web service to ensure your browser is
367)     routing via Tor. Orbot should be able to notify you that circuits
368)     are being opened, used, etc. The aforementioned data transfer
369)     tracker might provide this type of awareness as well.</p>
370)     
371)     <p><b>Android Java Library/Community Outreach work:</b> We need
372)     to package a simple library for use with third-party application
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

373)     to easily enable them to support "Torification" on non-rooted
374)     devices (i.e. w/o transparent proxying). This library should
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

375)     include a wrapper for the Apache HTTPClient library, a utility
376)     class for detecting the state of Orbot connectivity, and other
377)     relevant/useful things an Android app might need to anonymize
378)     itself. This work would include the creation of the library,
379)     documentation, and sample code. Outreach or effort to implement
380)     the library within other open-source apps would follow.</p>
381)     
382)     <p><b>Android OS/C/Linux work:</b> The port of Tor to Android
383)     is basically a straight cross-compile to Linux ARM. There has
384)     been no work done in looking the optimization of Tor within a
385)     mobile hardware environment, on the ARM processor or other
386)     Android hardware, or on mobile networks. It should be noted,
387)     that even without optimization, Tor is handling the mobile
388)     network environment very well, automatically detecting change
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

389)     in IP addresses, reconnecting circuits, etc. across switching
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

390)     from 2G to 3G to Wifi, and so forth.</p>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

391)     </li>
392)     
393)     <li>
394)     <b>Simulator for slow Internet connections</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

395)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

396)     Priority: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

397)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

398)     Effort Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

399)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

400)     Skill Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

401)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

402)     Likely Mentors: <i>Steven</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

403)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

404)     Many users of Tor have poor-quality Internet connections, giving low
405)     bandwidth, high latency, and high packet loss/re-ordering. User
406)     experience is that Tor reacts badly to these conditions, but it is
407)     difficult to improve the situation without being able to repeat the
408)     problems in the lab.
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

409)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

410)     This project would be to build a simulation environment which
411)     replicates the poor connectivity so that the effect on Tor performance
412)     can be measured. Other components would be a testing utility to
413)     establish what are the properties of connections available, and to
414)     measure the effect of performance-improving modifications to Tor.
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

415)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

416)     The tools used would be up to the student, but dummynet (for FreeBSD)
417)     and nistnet (for Linux) are two potential components on which this
418)     project could be built. Students should be experienced with network
419)     programming/debugging and TCP/IP, and preferably familiar with C and a
420)     scripting language.
421)     </li>
422)     
423)     <li>
424)     <b>An Improved and More Usable Network Map in Vidalia</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

425)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

426)     Priority: <i>Low to Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

427)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

428)     Effort Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

429)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

430)     Skill Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

431)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

432)     Likely Mentors: <i>Matt</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

433)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

434)     One of Vidalia's existing features is a network map that shows the user
435)     the approximate geographic location of relays in the Tor network and
436)     plots the paths the user's traffic takes as it is tunneled through the
437)     Tor network. The map is currently not very interactive and has rather
438)     poor graphics. Instead, we implemented KDE's Marble widget such
439)     that it gives us a better quality map and enables improved interactivity,
440)     such as allowing the user to click on individual relays or circuits to
441)     display additional information. We want to add the ability
442)     for users to click on a particular relay or a country containing one or
443)     more Tor exit relays and say, "I want my connections to exit
444)     from here."
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

445)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

446)     This project will first involve getting familiar with Vidalia
447)     and the Marble widget's API. One will then integrate the widget
448)     into Vidalia and customize Marble to be better suited for our application,
449)     such as making circuits clickable, storing cached map data in Vidalia's
450)     own data directory, and customizing some of the widget's dialogs.
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

451)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

452)     A person undertaking this project should have good C++ development
453)     experience. Previous experience with Qt and CMake is helpful, but not
454)     required.
455)     </li>
456)     
457)     <li>
458)     <b>Torbutton equivalent for Thunderbird</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

459)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

460)     Priority: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

461)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

462)     Effort Level: <i>High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

463)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

464)     Skill Level: <i>High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

465)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

466)     Likely Mentors: <i>Mike</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

467)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

468)     We're hearing from an increasing number of users that they want to use
469)     Thunderbird with Tor. However, there are plenty of application-level
470)     concerns, for example, by default Thunderbird will put your hostname in
471)     the outgoing mail that it sends. At some point we should start a new
472)     push to build a Thunderbird extension similar to Torbutton.
473)     </li>
474)     
475)     <li>
476)     <b>Improvements for Tor+Vidalia interaction on Linux/Unix platforms</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

477)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

478)     Priority: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

479)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

480)     Effort Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

481)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

482)     Skill Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

483)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

484)     Likely Mentors: <i>Erinn, Peter</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

485)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

486)     Vidalia currently doesn't play nicely with Tor on Linux and Unix platforms.
487)     Currently, on Debian and Ubuntu, there is a configuration mechanism which
488)     allows Vidalia to override Tor's ability to start on boot (by sourcing
489)     <code>/etc/default/tor.vidalia</code> which sets <code>RUN_DAEMON=no</code> at the user's
490)     request), but full implementation of <a href="<gitblob>doc/spec/control-spec.txt">ControlPort</a> 
491)     communication is still required.
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

492)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

493)     A better solution on Linux and Unix platforms would be to use Tor's
494)     ControlSocket, which allows Vidalia to talk to Tor via a Unix domain socket,
495)     and could possibly be enabled by default in Tor's distribution packages.
496)     Vidalia can then authenticate to Tor using filesystem-based (cookie)
497)     authentication if the user running Vidalia is also in the distribution-specific
498)     tor group.
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

499)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

500)     This project will first involve adding support for Tor's ControlSocket to
501)     Vidalia. The student will then develop and test this support on various
502)     distributions to make sure it behaves in a predictable and consistent manner on
503)     all of them.
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

504)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

505)     The next challenge would be to find an intuitive and usable way for Vidalia to be
506)     able to change Tor's configuration (torrc) even though it is located in
507)     <code>/etc/tor/torrc</code> and thus immutable. In Debian and Ubuntu we handle
508)     this with the aforementioned <code>/etc/default/tor.vidalia</code> but this
509)     functionality could (or should) be less distribution-specific. 
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

510)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

511)     The best idea we've come up with so far is to feed Tor a new configuration via
512)     the ControlSocket when Vidalia starts, but that's bad because if the user is not
513)     using the latest Debian/Ubuntu packages, they may not have disabled Tor's
514)     ability to run on boot and will end up with a configuration that is different
515)     from what they want. The second best idea we've come up with is for Vidalia to
516)     write out a temporary torrc file and ask the user to manually move it to
517)     <code>/etc/tor/torrc</code>, but that's bad because users shouldn't have to
518)     mess with files directly.
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

519)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

520)     A person undertaking this project should have prior knowledge of various Linux
521)     distributions and their packaging mechanisms as well as some C++ development
522)     experience. Previous experience with Qt is helpful, but not required.
523)     </li>
524)     
525)     
526)     <li>
527)     <b>Usability testing of Tor</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

528)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

529)     Priority: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

530)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

531)     Effort Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

532)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

533)     Skill Level: <i>Low to Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

534)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

535)     Likely Mentors: <i>Andrew</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

536)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

537)     Especially the browser bundle, ideally amongst our target demographic.
538)     That would help a lot in knowing what needs to be done in terms of bug
539)     fixes or new features. We get this informally at the moment, but a more
540)     structured process would be better.
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

541)     </li>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

542)     
543)     <li>
544)     <b>An authenticating IRC proxy</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

545)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

546)     Priority: <i>Low</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

547)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

548)     Effort Level: <i>Medium to High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

549)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

550)     Skill Level: <i>Medium to High</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

551)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

552)     Likely Mentors: <i>Sebastian, Weasel, Roger</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

553)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

554)     The world needs an authenticating irc proxy. As we're periodically
555)     reminded from the Penny Arcade web comic, "Internet user + anonymity =
556)     jerk". With respect to websites we're actually doing ok, since websites
557)     can make their users log in and use other application-level authentication
558)     approaches. But IRC servers are much worse off, because most IRC server
559)     code is poorly written: hard to maintain, and harder to modify. Many
560)     IRC networks now block connections from Tor, and we're basically down to
561)     two holdouts (OFTC and Freenode). This state of affairs means that a lot
562)     of people around the world are thinking "I told you so" about anonymity
563)     online, when in fact the problem is simply lack of technology to make the
564)     problem manageable. We need some way to let the IRC networks distinguish
565)     which users have developed a reputation as not being jerks, so they can
566)     treat the two groups separately. There are some really cool research
567)     designs like <a href="http://www.cs.dartmouth.edu/~nymble/">Nymble</a>,
568)     which aim to let websites blacklist users without needing to learn who
569)     they are.  But Nymble is designed around web interactions. We need to
570)     build the glue around the IRC protocol that would let us plug in a project
571)     like Nymble (or a simpler one to start, as a proof-of-concept). One way
572)     to do that would be to build an IRC proxy that knows how to hear from
573)     IRC clients, knows how to talk to IRC servers, and has an additional
574)     layer that requires the users to authenticate.  Some work on this has
575)     begun by other volunteers, see their progress at <a
576)     href="http://github.com/anonirc/orc">http://github.com/anonirc/orc</a>.
577)     </li>
578)     
579)     <li>
580)     <b>Make torsocks/dsocks work on OS X</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

581)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

582)     Priority: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

583)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

584)     Effort Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

585)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

586)     Skill Level: <i>Medium</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

587)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

588)     Likely Mentors: <i>?</i>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

589)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

590)     <a href="http://code.google.com/p/torsocks/">Torsocks</a> and <a
591)     href="http://code.google.com/p/dsocks/">dsocks</a> are wrappers that will
592)     run applications, intercept their outgoing network connections, and push
593)     those connections through Tor. The goal is to handle applications that
594)     don't support proxies (or don't supporting them well). To get it right,
595)     they need to intercept many system calls. The syscalls you need to
596)     intercept on Linux differ dramatically from those on BSD. So Torsocks
597)     works fine on Linux, dsocks works ok on BSD (though it may be less
598)     maintained and thus might miss more syscalls), and nothing works well
599)     on both. First, we should patch dsocks to use Tor's <i>mapaddress</i>
600)     commands from the controller interface, so we don't waste a whole
601)     round-trip inside Tor doing the resolve before connecting. Second,
602)     we should make our <i>torify</i> script detect which of torsocks or
603)     dsocks is installed, and call them appropriately. This probably means
604)     unifying their interfaces, and might involve sharing code between them
605)     or discarding one entirely.
606)     </li>
607)     
608)     <li>
609)     <b>Bring up new ideas!</b>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

610)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

611)     Don't like any of these? Look at the <a
612)     href="<gitblob>doc/roadmaps/2008-12-19-roadmap-full.pdf">Tor development
613)     roadmap</a> for more ideas, or just try out Tor, Vidalia, and Torbutton,
614)     and find out what you think needs fixing.
615)     Some of the <a href="<gittree>doc/spec/proposals">current proposals</a>
616)     might also be short on developers.
617)     </li>
618)     
619)     </ol>
620)     
621)     <a id="OtherCoding"></a>
622)     <h2><a class="anchor" href="#OtherCoding">Other Coding and Design related ideas</a></h2>
623)     <ol>
624)     <li>Tor relays don't work well on Windows XP. On
625)     Windows, Tor uses the standard <tt>select()</tt> system
626)     call, which uses space in the non-page pool. This means
627)     that a medium sized Tor relay will empty the non-page pool, <a
628)     href="https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/WindowsBufferProblems">causing
629)     havoc and system crashes</a>. We should probably be using overlapped IO
630)     instead. One solution would be to teach <a
631)     href="http://www.monkey.org/~provos/libevent/">libevent</a> how to use
632)     overlapped IO rather than select() on Windows, and then adapt Tor to
633)     the new libevent interface. Christian King made a
634)     <a href="https://svn.torproject.org/svn/libevent-urz/trunk/">good
635)     start</a> on this in the summer of 2007.</li>
636)     
637)     <li>We need to actually start building our <a href="<page
638)     docs/documentation>#DesignDoc">blocking-resistance design</a>. This involves
639)     fleshing out the design, modifying many different pieces of Tor, adapting
640)     <a href="<page projects/vidalia>">Vidalia</a> so it supports the
641)     new features, and planning for deployment.</li>
642)     
643)     <li>We need a flexible simulator framework for studying end-to-end
644)     traffic confirmation attacks. Many researchers have whipped up ad hoc
645)     simulators to support their intuition either that the attacks work
646)     really well or that some defense works great. Can we build a simulator
647)     that's clearly documented and open enough that everybody knows it's
648)     giving a reasonable answer? This will spur a lot of new research.
649)     See the entry <a href="#Research">below</a> on confirmation attacks for
650)     details on the research side of this task &mdash; who knows, when it's
651)     done maybe you can help write a paper or three also.</li>
652)     
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

653)     <li>Tor 0.1.1.x and later include support for hardware crypto
654)     accelerators via OpenSSL. It has been lightly tested and is
655)     possibly very buggy.  We're looking for more rigorous testing,
Andrew Lewman apply fixes from rransom.

Andrew Lewman authored 14 years ago

656)     performance analysis, and optimally, code fixes to OpenSSL and
Andrew Lewman format the paragraphs corre...

Andrew Lewman authored 14 years ago

657)     Tor if needed.</li>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

658)     
659)     <li>Perform a security analysis of Tor with <a
660)     href="http://en.wikipedia.org/wiki/Fuzz_testing">"fuzz"</a>. Determine
661)     if there are good fuzzing libraries out there for what we want. Win fame by
662)     getting credit when we put out a new release because of you!</li>
663)     
664)     <li>Tor uses TCP for transport and TLS for link
665)     encryption. This is nice and simple, but it means all cells
666)     on a link are delayed when a single packet gets dropped, and
667)     it means we can only reasonably support TCP streams. We have a <a
Roger Dingledine revise TransportIPnotTCP an...

Roger Dingledine authored 13 years ago

668)     href="<page docs/faq>#TransportIPnotTCP">list
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

669)     of reasons why we haven't shifted to UDP transport</a>, but it would
670)     be great to see that list get shorter. We also have a proposed <a
671)     href="<gitblob>doc/spec/proposals/100-tor-spec-udp.txt">specification
672)     for Tor and
673)     UDP</a> &mdash; please let us know what's wrong with it.</li>
674)     
675)     <li>We're not that far from having IPv6 support for destination addresses
676)     (at exit nodes). If you care strongly about IPv6, that's probably the
677)     first place to start.</li>
678)     
679)     <li>We need a way to generate the website diagrams (for example, the "How
680)     Tor Works" pictures on the <a href="<page about/overview>">overview page</a>
681)     from source, so we can translate them as UTF-8 text rather than edit
682)     them by hand with Gimp. We might want to
683)     integrate this as an wml file so translations are easy and images are
684)     generated in multiple languages whenever we build the website.</li>
685)     
686)     <li>How can we make the various LiveCD/USB systems easier
687)     to maintain, improve, and document?  One example is <a
688)     href="https://amnesia.boum.org/">The (Amnesic) Incognito Live
689)     System</a>.
690)     </li>
691)     
692)     <li>
693)     Another anti-censorship project is to try to make Tor
694)     more scanning-resistant.  Right now, an adversary can identify <a
695)     href="<gitblob>doc/spec/proposals/125-bridges.txt">Tor bridges</a>
696)     just by trying to connect to them, following the Tor protocol,
697)     and seeing if they respond.  To solve this, bridges could <a
698)     href="<svnprojects>design-paper/blocking.html#tth_sEc9.3">act like
699)     webservers</a> (HTTP or HTTPS) when contacted by port-scanning tools,
700)     and not act like bridges until the user provides a bridge-specific key.
701)     To start, check out Shane Pope's <a
702)     href="http://dl.dropbox.com/u/37735/index.html">thesis and prototype</a>.
703)     </li>
704)     
705)     </ol>
706)     
707)     <a id="Research"></a>
708)     <h2><a class="anchor" href="#Research">Research</a></h2>
709)     <ol>
710)     <li>The "end-to-end traffic confirmation attack":
711)     by watching traffic at Alice and at Bob, we can <a
712)     href="http://freehaven.net/anonbib/#danezis:pet2004">compare
713)     traffic signatures and become convinced that we're watching the same
714)     stream</a>. So far Tor accepts this as a fact of life and assumes this
715)     attack is trivial in all cases. First of all, is that actually true? How
716)     much traffic of what sort of distribution is needed before the adversary
717)     is confident he has won? Are there scenarios (e.g. not transmitting much)
718)     that slow down the attack? Do some traffic padding or traffic shaping
719)     schemes work better than others?</li>
720)     <li>A related question is: Does running a relay/bridge provide additional
721)     protection against these timing attacks? Can an external adversary that can't
722)     see inside TLS links still recognize individual streams reliably?
723)     Does the amount of traffic carried degrade this ability any? What if the
724)     client-relay deliberately delayed upstream relayed traffic to create a queue
725)     that could be used to mimic timings of client downstream traffic to make it
726)     look like it was also relayed? This same queue could also be used for masking
727)     timings in client upstream traffic with the techniques from <a
728)     href="http://www.freehaven.net/anonbib/#ShWa-Timing06">adaptive padding</a>,
729)     but without the need for additional traffic. Would such an interleaving of
730)     client upstream traffic obscure timings for external adversaries? Would the
731)     strategies need to be adjusted for asymmetric links? For example, on
732)     asymmetric links, is it actually possible to differentiate client traffic from
733)     natural bursts due to their asymmetric capacity? Or is it easier than
734)     symmetric links for some other reason?</li>
735)     <li>Repeat Murdoch and Danezis's <a
736)     href="http://www.cl.cam.ac.uk/~sjm217/projects/anon/#torta">attack from
737)     Oakland 05</a> on the current Tor network. See if you can learn why it
738)     works well on some nodes and not well on others. (My theory is that the
739)     fast nodes with spare capacity resist the attack better.) If that's true,
740)     then experiment with the RelayBandwidthRate and RelayBandwidthBurst
741)     options to run a relay that is used as a client while relaying the
742)     attacker's traffic: as we crank down the RelayBandwidthRate, does the
743)     attack get harder? What's the right ratio of RelayBandwidthRate to
744)     actually capacity? Or is it a ratio at all? While we're at it, does a
745)     much larger set of candidate relays increase the false positive rate
746)     or other complexity for the attack? (The Tor network is now almost two
747)     orders of magnitude larger than it was when they wrote their paper.) Be
748)     sure to read <a href="http://freehaven.net/anonbib/#clog-the-queue">Don't
749)     Clog the Queue</a> too.</li>
750)     <li>The "routing zones attack": most of the literature thinks of
751)     the network path between Alice and her entry node (and between the
752)     exit node and Bob) as a single link on some graph. In practice,
753)     though, the path traverses many autonomous systems (ASes), and <a
754)     href="http://freehaven.net/anonbib/#feamster:wpes2004">it's not uncommon
755)     that the same AS appears on both the entry path and the exit path</a>.
756)     Unfortunately, to accurately predict whether a given Alice, entry,
757)     exit, Bob quad will be dangerous, we need to download an entire Internet
758)     routing zone and perform expensive operations on it. Are there practical
759)     approximations, such as avoiding IP addresses in the same /8 network?</li>
760)     <li>Other research questions regarding geographic diversity consider
761)     the tradeoff between choosing an efficient circuit and choosing a random
762)     circuit. Look at Stephen Rollyson's <a
763)     href="http://swiki.cc.gatech.edu:8080/ugResearch/uploads/7/ImprovingTor.pdf">position
764)     paper</a> on how to discard particularly slow choices without hurting
765)     anonymity "too much". This line of reasoning needs more work and more
766)     thinking, but it looks very promising.</li>
767)     <li>Tor doesn't work very well when relays have asymmetric bandwidth
768)     (e.g. cable or DSL). Because Tor has separate TCP connections between
769)     each hop, if the incoming bytes are arriving just fine and the outgoing
770)     bytes are all getting dropped on the floor, the TCP push-back mechanisms
771)     don't really transmit this information back to the incoming streams.
772)     Perhaps Tor should detect when it's dropping a lot of outgoing packets,
773)     and rate-limit incoming streams to regulate this itself? I can imagine
774)     a build-up and drop-off scheme where we pick a conservative rate-limit,
775)     slowly increase it until we get lost packets, back off, repeat. We
776)     need somebody who's good with networks to simulate this and help design
777)     solutions; and/or we need to understand the extent of the performance
778)     degradation, and use this as motivation to reconsider UDP transport.</li>
779)     <li>A related topic is congestion control. Is our
780)     current design sufficient once we have heavy use? Maybe
781)     we should experiment with variable-sized windows rather
782)     than fixed-size windows? That seemed to go well in an <a
783)     href="http://www.psc.edu/networking/projects/hpn-ssh/theory.php">ssh
784)     throughput experiment</a>. We'll need to measure and tweak, and maybe
785)     overhaul if the results are good.</li>
786)     <li>Our censorship-resistance goals include preventing
787)     an attacker who's looking at Tor traffic on the wire from <a
788)     href="<svnprojects>design-paper/blocking.html#sec:network-fingerprint">distinguishing
789)     it from normal SSL traffic</a>. Obviously we can't achieve perfect
790)     steganography and still remain usable, but for a first step we'd like to
791)     block any attacks that can win by observing only a few packets. One of
792)     the remaining attacks we haven't examined much is that Tor cells are 512
793)     bytes, so the traffic on the wire may well be a multiple of 512 bytes.
794)     How much does the batching and overhead in TLS records blur this on the
795)     wire? Do different buffer flushing strategies in Tor affect this? Could
796)     a bit of padding help a lot, or is this an attack we must accept?</li>
797)     <li>Tor circuits are built one hop at a time, so in theory we have the
798)     ability to make some streams exit from the second hop, some from the
799)     third, and so on. This seems nice because it breaks up the set of exiting
800)     streams that a given relay can see. But if we want each stream to be safe,
801)     the "shortest" path should be at least 3 hops long by our current logic, so
802)     the rest will be even longer. We need to examine this performance / security
803)     tradeoff.</li>
804)     <li>It's not that hard to DoS Tor relays or directory authorities. Are client
805)     puzzles the right answer? What other practical approaches are there? Bonus
806)     if they're backward-compatible with the current Tor protocol.</li>
807)     <li>Programs like <a
Andrew Lewman get the website to build cl...

Andrew Lewman authored 14 years ago

808)     href="<page torbutton/index>">Torbutton</a> aim to hide