tor-webwml.git

en/volunteer.wml   1) ## translation metadata

en/volunteer.wml   2) # Revision: $Revision$

volunteer.html     3) 

en/volunteer.wml   4) #include "head.wmi" TITLE="Volunteer"

volunteer.html     5) 
volunteer.html     6) <div class="main-column">
volunteer.html     7) 
volunteer.html     8) <!-- PUT CONTENT AFTER THIS TAG -->

en/volunteer.wml   9) <h2>Six things everyone can do now:</h2>

volunteer.html    10) <ol>

volunteer.html    11) <li> We need users like you to try Tor out, and let the Tor developers
volunteer.html    12) know about bugs you find or features you don't find.</li>

en/volunteer.wml  13) <li> Please consider <a href="<cvssandbox>tor/doc/tor-doc-server.html">running

volunteer.html    14) a server</a> to help the Tor network grow.</li>

en/volunteer.wml  15) <li> Run a <a href="<cvssandbox>tor/doc/tor-hidden-service.html">Tor hidden

volunteer.html    16) service</a> and put interesting content on it.</li>

en/volunteer.wml  17) <li> Take a look at the <a href="gui/">Tor GUI Competition</a>, and

volunteer.html    18) come up with ideas or designs to contribute to making Tor's interface
volunteer.html    19) and usability better. Free T-shirt for each submission!</li>
volunteer.html    20) <li> Tell your friends! Get them to run servers. Get them to run hidden
volunteer.html    21) services. Get them to tell their friends.</li>

en/volunteer.wml  22) <li> We are looking for funding and sponsors. If you like Tor, please
en/volunteer.wml  23)   <a href="<page donate>">take a moment to donate to support further
en/volunteer.wml  24)   Tor development</a>. Also, if you know any

en/volunteer.wml  25)   companies, NGOs, or other organizations that want communications
en/volunteer.wml  26)   security, let them know about us.</li>

volunteer.html    27) </ol>
volunteer.html    28) 

en/volunteer.wml  29) <a id="Installers"></a>
en/volunteer.wml  30) <h2><a class="anchor" href="#Installers">Installers</a></h2>

volunteer.html    31) <ol>

volunteer.html    32) <li>Extend our NSIS-based Windows installer to include Privoxy. Include
volunteer.html    33) a preconfigured config file to work well with Tor. We might also want
volunteer.html    34) to include FreeCap -- is it stable enough and useful enough to be
volunteer.html    35) worthwhile?</li>
volunteer.html    36) <li>Develop a way to handle OS X uninstallation

en/volunteer.wml  37) that is more automated than telling people to
en/volunteer.wml  38) <a href="<cvssandbox>tor/doc/tor-doc-osx.html#uninstall">manually remove

volunteer.html    39) each file</a>.</li>

en/volunteer.wml  40) <li>Our <a href="<cvssandbox>tor/tor.spec.in">RPM spec file</a>

volunteer.html    41) needs a maintainer, so we can get back to the business of writing Tor. If
volunteer.html    42) you have RPM fu, please help out.</li>
volunteer.html    43) </ol>
volunteer.html    44) 

en/volunteer.wml  45) <a id="Usability"></a>
en/volunteer.wml  46) <h2><a class="anchor" href="#Usability">Usability and Interface</a></h2>

volunteer.html    47) <ol>
volunteer.html    48) <li>We need a way to intercept DNS requests so they don't "leak" while
volunteer.html    49) we're trying to be anonymous. (This happens because the application does
volunteer.html    50) the DNS resolve before going to the SOCKS proxy.) One option is to use
volunteer.html    51) Tor's built-in support for doing DNS resolves; but you need to ask via
volunteer.html    52) our new socks extension for that, and no applications do this yet. A
volunteer.html    53) nicer option is to use Tor's controller interface: you intercept the
volunteer.html    54) DNS resolve, tell Tor about the resolve, and Tor replies with a dummy IP
volunteer.html    55) address. Then the application makes a connection through Tor to that dummy
volunteer.html    56) IP address, and Tor automatically maps it back to the original query.</li>
volunteer.html    57) <li>People running servers tell us they want to have one BandwidthRate
volunteer.html    58) during some part of the day, and a different BandwidthRate at other parts
volunteer.html    59) of the day. Rather than coding this inside Tor, we should have a little

en/volunteer.wml  60) script that speaks via the <a href="gui/">Tor Controller Interface</a>,

volunteer.html    61) and does a setconf to change the bandwidth rate. Perhaps it would run out
volunteer.html    62) of cron, or perhaps it would sleep until appropriate times and then do
volunteer.html    63) its tweak (that's probably more portable). Can somebody write one for us

en/volunteer.wml  64) and we'll put it into <a href="<cvssandbox>tor/contrib/">tor/contrib/</a>?</li>

volunteer.html    65) <li>We have a variety of ways to <a
volunteer.html    66) href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChooseEntryExit">exit
volunteer.html    67) the Tor network from a particular country</a>, but they all
volunteer.html    68) require specifying the nickname of a particular Tor server. It
volunteer.html    69) would be nice to be able to specify just a country, and
volunteer.html    70) have something automatically pick. This requires having some
volunteer.html    71) component that knows what country each Tor node is in. The <a

en/volunteer.wml  72) href="http://serifos.eecs.harvard.edu/cgi-bin/exit.pl">script on

volunteer.html    73) serifos</a> manually parses whois entries for this. Maybe geolocation
volunteer.html    74) data will also work?</li>
volunteer.html    75) <li>Speaking of geolocation data, somebody should draw a map of the Earth
volunteer.html    76) with a pin-point for each Tor server. Bonus points if it updates as the
volunteer.html    77) network grows and changes.</li>
volunteer.html    78) <li>Tor provides anonymous connections, but we don't support
volunteer.html    79) keeping multiple pseudonyms in practice (say, in case you
volunteer.html    80) frequently go to two websites and if anybody knew about both of
volunteer.html    81) them they would conclude it's you). We should find a good approach
volunteer.html    82) and interface for handling pseudonymous profiles in Tor. See <a

volunteer.html    83) href="http://archives.seul.org/or/talk/Dec-2004/msg00086.html">this

volunteer.html    84) post</a> and <a
volunteer.html    85) href="http://archives.seul.org/or/talk/Jan-2005/msg00007.html">followup</a>
volunteer.html    86) for details.</li>

volunteer.html    87) </ol>
volunteer.html    88) 

en/volunteer.wml  89) <a id="Documentation"></a>
en/volunteer.wml  90) <h2><a class="anchor" href="#Documentation">Documentation</a></h2>

volunteer.html    91) <ol>

volunteer.html    92) <li>Please volunteer to help maintain this website: code, content,

volunteer.html    93) css, layout. Step one is to hang out on the IRC channel until we
volunteer.html    94) get to know you.</li>

volunteer.html    95) <li>We have too much documentation --- it's spread out too much and
volunteer.html    96) duplicates itself in places. Please send us patches, pointers, and
volunteer.html    97) confusions about the documentation so we can clean it up.</li>
volunteer.html    98) <li>Help translate the web page and documentation into other

en/volunteer.wml  99) languages. See the <a href="<page translation>">translation

volunteer.html   100) guidelines</a> if you want to help out. We also need people to help
volunteer.html   101) maintain the existing (Italian and German) translations.</li>
volunteer.html   102) <li>Investigate privoxy vs. freecap vs. sockscap for win32 clients. Are
volunteer.html   103) there usability or stability issues that we can track down and
volunteer.html   104) resolve, or at least inform people about?</li>

volunteer.html   105) <li>Can somebody help Matt Edman with the documentation and how-tos
volunteer.html   106) for his <a href="http://freehaven.net/~edmanm/torcp/">Windows Tor

volunteer.html   107) Controller</a>?</li>

volunteer.html   108) <li>Evaluate, create, and <a
volunteer.html   109) href="http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO">document
volunteer.html   110) a list of programs</a> that can be routed through Tor.</li>
volunteer.html   111) <li>We need better documentation for dynamically intercepting

volunteer.html   112) connections and sending them through Tor. tsocks (Linux) and freecap

volunteer.html   113) (Windows) seem to be good candidates.</li>

en/volunteer.wml 114) <li>We have a huge list of <a href="<page support>">potentially useful

volunteer.html   115) programs that interface to Tor</a>. Which ones are useful in which
volunteer.html   116) situations? Please help us test them out and document your results.</li>
volunteer.html   117) </ol>
volunteer.html   118) 

en/volunteer.wml 119) <a id="Coding"></a>
en/volunteer.wml 120) <h2><a class="anchor" href="#Coding">Coding and Design</a></h2>

volunteer.html   121) <ol>
volunteer.html   122) <li>We recommend Privoxy as a good scrubbing web proxy, but it's
volunteer.html   123) unmaintained and still has bugs, especially on Windows. While we're at
volunteer.html   124) it, what sensitive information is not kept safe by Privoxy? Are there
volunteer.html   125) other scrubbing web proxies that are more secure?</li>
volunteer.html   126) <li>tsocks appears to be unmaintained: we have submitted several patches
volunteer.html   127) with no response. Can somebody volunteer to start maintaining a new
volunteer.html   128) tsocks branch? We'll help.</li>

volunteer.html   129) <li>Some popular clients that people use with Tor
volunteer.html   130) include <a href="http://gaim.sourceforge.net/">Gaim</a>
volunteer.html   131) and <a href="http://www.xchat.org/">xchat</a>. These
volunteer.html   132) programs support socks, but they don't support <a
volunteer.html   133) href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS">socks4a
volunteer.html   134) or socks5-with-remote-dns</a>. Please write a patch for them and submit
volunteer.html   135) it to the appropriate people. Let us know if you've written the patch
volunteer.html   136) but you're having trouble getting it accepted.</li>

volunteer.html   137) <li>Right now the hidden service descriptors are being stored on just a few
volunteer.html   138) directory servers. This is bad for privacy and bad for robustness. To get
volunteer.html   139) more robustness, we're going to need to make hidden service descriptors
volunteer.html   140) even less private because we're going to have to mirror them onto many
volunteer.html   141) places. Ideally we'd like to separate the storage/lookup system from the
volunteer.html   142) Tor directory servers entirely. Any reliable distributed storage system
volunteer.html   143) will do, as long as it allows authenticated updates. As far as we know,
volunteer.html   144) no implemented DHT code supports authenticated updates. What's the right
volunteer.html   145) next step?</li>
volunteer.html   146) <li>Tor exit servers need to do many DNS resolves in parallel. But
volunteer.html   147) gethostbyname() is poorly designed --- it blocks until it has finished

volunteer.html   148) resolving a query --- so it requires its own thread or process. So Tor
volunteer.html   149) is forced to spawn many separate DNS "worker" threads. There are some
volunteer.html   150) asynchronous DNS libraries out there, but historically they are buggy and

volunteer.html   151) abandoned. Are any of them stable, fast, clean, and free software? (Remember,
volunteer.html   152) Tor uses OpenSSL, and OpenSSL is (probably) not compatible with the GPL, so
volunteer.html   153) any GPL libraries are out of the running.) If so

volunteer.html   154) (or if we can make that so), we should integrate them into Tor. See <a

volunteer.html   155) href="http://archives.seul.org/or/talk/Sep-2005/msg00001.html">Agl's

volunteer.html   156) post</a> for one potential approach. Also see
volunteer.html   157) <a href="http://daniel.haxx.se/projects/c-ares/">c-ares</a> and
volunteer.html   158) <a href="http://www.monkey.org/~provos/libdnsres/">libdnsres</a>.
volunteer.html   159) </li>

volunteer.html   160) <li>Tor 0.1.1.x includes support for hardware crypto accelerators via
volunteer.html   161) OpenSSL. Nobody has ever tested it, though. Does somebody want to get
volunteer.html   162) a card and let us know how it goes?</li>

volunteer.html   163) <li>Long ago, we added dmalloc support to Tor, to track leaks. But we
volunteer.html   164) never quite got it working. Is dmalloc unfit for the job? Look at the
volunteer.html   165) --with-dmalloc configure option and go from there.</li>

volunteer.html   166) <li>Because Tor servers need to store-and-forward each cell they handle,
volunteer.html   167) high-bandwidth Tor servers end up using dozens of megabytes of memory
volunteer.html   168) just for buffers. We need better heuristics for when to shrink/expand
volunteer.html   169) buffers. Maybe this should be modelled after the Linux kernel buffer
volunteer.html   170) design, where you have many smaller buffers that link to each other,
volunteer.html   171) rather than monolithic buffers?</li>

volunteer.html   172) <li>How do ulimits work on Win32, anyway? We're having problems,

volunteer.html   173) especially on older Windowses with people running out of file
volunteer.html   174) descriptors, connection buffer space, etc. (We should handle
volunteer.html   175) WSAENOBUFS as needed, look at the MaxConnections registry entry,
volunteer.html   176) look at the MaxUserPort entry, and look at the TcpTimedWaitDelay
volunteer.html   177) entry. We may also want to provide a way to set them as needed. See <a

volunteer.html   178) href="http://bugs.noreply.org/flyspray/index.php?do=details&id=98">bug

volunteer.html   179) 98</a>.)</li>
volunteer.html   180) <li>Encrypt identity keys on disk, and implement passphrase protection
volunteer.html   181) for them. Right now they're just stored in plaintext.</li>

volunteer.html   182) <li>Patches to Tor's autoconf scripts. First, we'd like our configure.in
volunteer.html   183) to handle cross-compilation, e.g. so we can build Tor for obscure

volunteer.html   184) platforms like the Linksys WRTG54. Second, we'd like the with-ssl-dir
volunteer.html   185) option to disable the search for ssl's libraries.</li>

volunteer.html   186) <li>Implement reverse DNS requests inside Tor (already specified in

en/volunteer.wml 187) Section 5.4 of <a href="<cvssandbox>tor/doc/tor-spec.txt">tor-spec.txt</a>).</li>

volunteer.html   188) <li>Perform a security analysis of Tor with <a
volunteer.html   189) href="http://en.wikipedia.org/wiki/Fuzz_testing">"fuzz"</a>. Determine

en/volunteer.wml 190) if there are good fuzzing libraries out there for what we want. Win fame by

volunteer.html   191) getting credit when we put out a new release because of you!</li>
volunteer.html   192) <li>How hard is it to patch bind or a DNS proxy to redirect requests to

volunteer.html   193) Tor via our <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CompatibleApplications">tor-resolve socks extension</a>? What about to convert UDP DNS

volunteer.html   194) requests to TCP requests and send them through Tor?</li>

volunteer.html   195) <li>Tor uses TCP for transport and TLS for link
volunteer.html   196) encryption. This is nice and simple, but it means all cells
volunteer.html   197) on a link are delayed when a single packet gets dropped, and
volunteer.html   198) it means we can only reasonably support TCP streams. We have a <a
volunteer.html   199) href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP">list
volunteer.html   200) of reasons why we haven't shifted to UDP transport</a>, but it would be

volunteer.html   201) great to see that list get shorter.</li>

volunteer.html   202) <li>We're not that far from having IPv6 support for destination addresses
volunteer.html   203) (at exit nodes). If you care strongly about IPv6, that's probably the
volunteer.html   204) first place to start.</li>

volunteer.html   205) </ol>
volunteer.html   206) 

en/volunteer.wml 207) <a id="Research"></a>
en/volunteer.wml 208) <h2><a class="anchor" href="#Research">Research</a></h2>

volunteer.html   209) <ol>

volunteer.html   210) <li>The "website fingerprinting attack": make a list of a few
volunteer.html   211) hundred popular websites, download their pages, and make a set of
volunteer.html   212) "signatures" for each site. Then observe a Tor client's traffic. As
volunteer.html   213) you watch him receive data, you quickly approach a guess about which
volunteer.html   214) (if any) of those sites he is visiting. First, how effective is
volunteer.html   215) this attack on the deployed Tor codebase? Then start exploring
volunteer.html   216) defenses: for example, we could change Tor's cell size from 512
volunteer.html   217) bytes to 1024 bytes, we could employ padding techniques like <a
volunteer.html   218) href="http://freehaven.net/anonbib/#timing-fc2004">defensive dropping</a>,
volunteer.html   219) or we could add traffic delays. How much of an impact do these have,
volunteer.html   220) and how much usability impact (using some suitable metric) is there from
volunteer.html   221) a successful defense in each case?</li>

volunteer.html   222) <li>The "end-to-end traffic confirmation attack":
volunteer.html   223) by watching traffic at Alice and at Bob, we can <a
volunteer.html   224) href="http://freehaven.net/anonbib/#danezis:pet2004">compare
volunteer.html   225) traffic signatures and become convinced that we're watching the same
volunteer.html   226) stream</a>. So far Tor accepts this as a fact of life and assumes this
volunteer.html   227) attack is trivial in all cases. First of all, is that actually true? How
volunteer.html   228) much traffic of what sort of distribution is needed before the adversary
volunteer.html   229) is confident he has won? Are there scenarios (e.g. not transmitting much)
volunteer.html   230) that slow down the attack? Do some traffic padding or traffic shaping
volunteer.html   231) schemes work better than others?</li>

volunteer.html   232) <li>The "run two servers and wait attack": Tor clients pick a new path
volunteer.html   233) periodically. If the adversary runs an entry and an exit, eventually some
volunteer.html   234) Alice will build a circuit that begins and ends with his nodes. The
volunteer.html   235) current Tor threat model assumes the end-to-end traffic confirmation attack
volunteer.html   236) is trivial, and instead aims to limit the chance that the adversary will
volunteer.html   237) be able to see both sides of a circuit. One way to help this is 
volunteer.html   238) <a href="http://freehaven.net/anonbib/#wright03">helper
volunteer.html   239) nodes</a> -- Alice picks a small set of entry nodes and uses them always.
volunteer.html   240) But in reality, Tor nodes disappear sometimes. So it would seem that the
volunteer.html   241) attack continues, albeit slower than before. How much slower?</li>

volunteer.html   242) <li>The "routing zones attack": most of the literature thinks of
volunteer.html   243) the network path between Alice and her entry node (and between the
volunteer.html   244) exit node and Bob) as a single link on some graph. In practice,
volunteer.html   245) though, the path traverses many autonomous systems (ASes), and <a
volunteer.html   246) href="http://freehaven.net/anonbib/#feamster:wpes2004">it's not uncommon
volunteer.html   247) that the same AS appears on both the entry path and the exit path</a>.
volunteer.html   248) Unfortunately, to accurately predict whether a given Alice, entry,
volunteer.html   249) exit, Bob quad will be dangerous, we need to download an entire Internet
volunteer.html   250) routing zone and perform expensive operations on it. Are there practical
volunteer.html   251) approximations, such as avoiding IP addresses in the same /8 network?</li>

volunteer.html   252) <li>Tor doesn't work very well when servers have asymmetric bandwidth
volunteer.html   253) (e.g. cable or DSL). Because Tor has separate TCP connections between
volunteer.html   254) each hop, if the incoming bytes are arriving just fine and the outgoing
volunteer.html   255) bytes are all getting dropped on the floor, the TCP push-back mechanisms
volunteer.html   256) don't really transmit this information back to the incoming streams.
volunteer.html   257) Perhaps Tor should detect when it's dropping a lot of outgoing packets,
volunteer.html   258) and rate-limit incoming streams to regulate this itself? I can imagine
volunteer.html   259) a build-up and drop-off scheme where we pick a conservative rate-limit,
volunteer.html   260) slowly increase it until we get lost packets, back off, repeat. We
volunteer.html   261) need somebody who's good with networks to simulate this and help design
volunteer.html   262) solutions; and/or we need to understand the extent of the performance
volunteer.html   263) degradation, and use this as motivation to reconsider UDP transport.</li>
volunteer.html   264) <li>A related topic is congestion control. Is our
volunteer.html   265) current design sufficient once we have heavy use? Maybe
volunteer.html   266) we should experiment with variable-sized windows rather
volunteer.html   267) than fixed-size windows? That seemed to go well in an <a
volunteer.html   268) href="http://www.psc.edu/networking/projects/hpn-ssh/theory.php">ssh
volunteer.html   269) throughput experiment</a>. We'll need to measure and tweak, and maybe
volunteer.html   270) overhaul if the results are good.</li>

volunteer.html   271) <li>To let dissidents in remote countries use Tor without being blocked
volunteer.html   272) at their country's firewall, we need a way to get tens of thousands of
volunteer.html   273) relays, not just a few hundred. We can imagine a Tor client GUI that
volunteer.html   274) has a "help China" button at the top that opens a port and relays a
volunteer.html   275) few KB/s of traffic into the Tor network. (A few KB/s shouldn't be too
volunteer.html   276) much hassle, and there are few abuse issues since they're not being exit
volunteer.html   277) nodes.) But how do we distribute a list of these volunteer clients to the
volunteer.html   278) good dissidents in an automated way that doesn't let the country-level
volunteer.html   279) firewalls intercept and enumerate them? Probably needs to work on a

en/volunteer.wml 280) human-trust level. See our <a
en/volunteer.wml 281) href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#China">FAQ
en/volunteer.wml 282) entry</a> on this, and then read the <a
en/volunteer.wml 283) href="http://freehaven.net/anonbib/topic.html#Communications_20Censorship">censorship
en/volunteer.wml 284) resistance section of anonbib</a>.</li>

volunteer.html   285) <li>Tor circuits are built one hop at a time, so in theory we have the
volunteer.html   286) ability to make some streams exit from the second hop, some from the
volunteer.html   287) third, and so on. This seems nice because it breaks up the set of exiting
volunteer.html   288) streams that a given server can see. But if we want each stream to be safe,
volunteer.html   289) the "shortest" path should be at least 3 hops long by our current logic, so
volunteer.html   290) the rest will be even longer. We need to examine this performance / security
volunteer.html   291) tradeoff.</li>
volunteer.html   292) <li>It's not that hard to DoS Tor servers or dirservers. Are client
volunteer.html   293) puzzles the right answer? What other practical approaches are there? Bonus
volunteer.html   294) if they're backward-compatible with the current Tor protocol.</li>

volunteer.html   295) </ol>
volunteer.html   296) 
volunteer.html   297) Drop by the #tor IRC channel at irc.oftc.net or email tor-volunteer@freehaven.net if you want to help out!
volunteer.html   298) 

en/volunteer.wml 299)   </div><!-- #main -->

volunteer.html   300)