## translation metadata
# Revision: $Revision$
# Translation-Priority: 4-optional

#include "head.wmi" TITLE="Tor: Volunteer" CHARSET="UTF-8"
<div id="content" class="clearfix">
  <div id="breadcrumbs">
    <a href="<page index>">Home &raquo; </a>
    <a href="<page getinvolved/volunteer>">Volunteer</a>
  </div>
  <div id="maincol"> 
    <!-- PUT CONTENT AFTER THIS TAG -->
    <h1>A few things everyone can do now:</h1>
    <ol>
    <li>Please consider <a href="<page docs/tor-doc-relay>">running
    a relay</a> to help the Tor network grow.</li>
    <li>Tell your friends! Get them to run relays. Get them to run hidden
    services. Get them to tell their friends.</li>
    <li>If you like Tor's goals, please <a href="<page donate/donate>">take a moment
    to donate to support further Tor development</a>. We're also looking
    for more sponsors &mdash; if you know any companies, NGOs, agencies,
    or other organizations that want anonymity / privacy / communications
    security, let them know about us.</li>
    <li>We're looking for more <a href="<page about/torusers>">good examples of Tor
    users and Tor use cases</a>. If you use Tor for a scenario or purpose not
    yet described on that page, and you're comfortable sharing it with us,
    we'd love to hear from you.</li>
    </ol>
    
    <a id="Documentation"></a>
    <h2><a class="anchor" href="#Documentation">Documentation</a></h2>
    <ol>
    <li>Help translate the web page and documentation into other
    languages. See the <a href="<page getinvolved/translation>">translation
    guidelines</a> if you want to help out. We especially need Arabic or
    Farsi translations, for the many Tor users in censored areas.</li>
    <li>Evaluate and document
    <a href="<wiki>doc/TorifyHOWTO">our
    list of programs</a> that can be configured to use Tor.</li>
    <li>We have a huge list of <a
    href="<wiki>doc/SupportPrograms">potentially useful
    programs that interface to Tor</a>. Which ones are useful in which
    situations? Please help us test them out and document your results.</li>
    </ol>
    
    <a id="Advocacy"></a>
    <h2><a class="anchor" href="#Advocacy">Advocacy</a></h2>
    <ol>
    <li>Create a presentation that can be used for various user group
meetings around the world.</li>
    <li>Create a video about the positive uses of Tor, what Tor is,
    or how to use it.  Some have already started on <a
    href="https://media.torproject.org/video/">Tor's Media server</a>,
    <a
    href="http://www.howcast.com/videos/90601-How-To-Circumvent-an-Internet-Proxy">Howcast</a>,
    and <a href="http://www.youtube.com/thetorproject">YouTube</a>.</li> 
    <li>Create a poster, or a set of posters, around a theme,
    such as "Tor for Freedom!".</li>
    <li>Create a t-shirt design that incorporates "Congratulations!
    You are using Tor!" in any language.</li>
    </ol>
    
    <a id="Projects"></a>
    <h2><a class="anchor" href="#Projects">Projects</a></h2>
    
    <p>
    Below are a list of Tor related projects we're developing and/or
    maintaining. Most discussions happen on IRC so if you're interested in any
    of these (or you have a project idea of your own), then please <a
    href="<page about/contact>#irc">join us in #tor-dev</a>. Don't be shy
    to ask questions, and don't hesitate to ask even if the main contributors
    aren't active at that moment.
    </p>
    
    <table id="projects">
      <tr>
        <th>Name</th>
        <th>Category</th>
        <th>Language</th>
        <th>Activity</th>
        <th>Contributors</th>
      </tr>
      
      <tr>
        <td><a href="#project-tor">Tor</a></td>
        <td>Core</td>
        <td>C</td>
        <td>Heavy</td>
        <td>nickm, arma, Sebastian</td>
      </tr>
      
      <tr class="alt">
        <td>*<a href="#project-jtor">JTor</a></td>
        <td>Core</td>
        <td>Java</td>
        <td>None</td>
        <td></td>
      </tr>
      
      <tr>
        <td><a href="#project-tbb">TBB</a></td>
        <td>Usability</td>
        <td>Sys Admin</td>
        <td>Moderate</td>
        <td>Erinn</td>
      </tr>
      
      <tr class="alt">
        <td><a href="#project-tails">Tails</a></td>
        <td>Usability</td>
        <td>Sys Admin</td>
        <td>Heavy</td>
        <td><a href="https://tails.boum.org/chat/">#tails</a></td>
      </tr>
      
      <tr>
        <td><a href="#project-torsocks">Torsocks</a></td>
        <td>Usability</td>
        <td>C</td>
        <td>Light</td>
        <td>mwenge</td>
      </tr>
      
      <tr class="alt">
        <td>*<a href="#project-torouter">Torouter</a></td>
        <td>Usability</td>
        <td>Sys Admin</td>
        <td>Light</td>
        <td>ioerror, Runa</td>
      </tr>
      
      <tr>
        <td><a href="#project-vidalia">Vidalia</a></td>
        <td>User Interface</td>
        <td>C++, Qt</td>
        <td>Light</td>
        <td>chiiph</td>
      </tr>
      
      <tr class="alt">
        <td><a href="#project-arm">Arm</a></td>
        <td>User Interface</td>
        <td>Python, Curses</td>
        <td>Light</td>
        <td>atagar</td>
      </tr>
      
      <tr>
        <td><a href="#project-orbot">Orbot</a></td>
        <td>User Interface</td>
        <td>Java</td>
        <td>Moderate</td>
        <td>n8fr8</td>
      </tr>
      
      <tr class="alt">
        <td><a href="#project-torbutton">Torbutton</a></td>
        <td>Browser Add-on</td>
        <td>Javascript</td>
        <td>Moderate</td>
        <td>mikeperry</td>
      </tr>
      
      <tr>
        <td>*<a href="#project-thandy">Thandy</a></td>
        <td>Updater</td>
        <td>Python</td>
        <td>Light</td>
        <td>chiiph, Erinn, nickm</td>
      </tr>
      
      <tr class="alt">
        <td><a href="#project-torctl">TorCtl</a></td>
        <td>Library</td>
        <td>Python</td>
        <td>Light</td>
        <td>mikeperry</td>
      </tr>
      
      <tr>
        <td><a href="#project-metrics">Metrics</a></td>
        <td>Client Service</td>
        <td>Java</td>
        <td>Heavy</td>
        <td>karsten</td>
      </tr>
      
      <tr class="alt">
        <td><a href="#project-torstatus">TorStatus</a></td>
        <td>Client Service</td>
        <td>PHP</td>
        <td>None</td>
        <td></td>
      </tr>
      
      <tr>
        <td><a href="#project-weather">Weather</a></td>
        <td>Client Service</td>
        <td>Python</td>
        <td>Light</td>
        <td>kaner</td>
      </tr>
      
      <tr class="alt">
        <td><a href="#project-gettor">GetTor</a></td>
        <td>Client Service</td>
        <td>Python</td>
        <td>Light</td>
        <td>kaner</td>
      </tr>
      
      <tr>
        <td><a href="#project-torcheck">TorCheck</a></td>
        <td>Client Service</td>
        <td>Python, Perl</td>
        <td>None</td>
        <td></td>
      </tr>
      
      <tr class="alt">
        <td><a href="#project-bridgedb">BridgeDB</a></td>
        <td>Backend Service</td>
        <td>Python</td>
        <td>Moderate</td>
        <td>kaner, nickm</td>
      </tr>
      
      <tr>
        <td><a href="#project-torflow">TorFlow</a></td>
        <td>Backend Service</td>
        <td>Python</td>
        <td>Light</td>
        <td>mikeperry</td>
      </tr>
      
      <tr class="alt">
        <td>*<a href="#project-torbel">TorBEL</a></td>
        <td>Backend Service</td>
        <td>Python</td>
        <td>None</td>
        <td>Sebastian</td>
      </tr>
    </table>
    
    <sub>
    * Project is still in an alpha state.
    </sub>
    
    <br /><br />
    
    <a id="project-tor"></a>
    <h3>Tor (<a href="https://gitweb.torproject.org/tor.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Tor+Client&component=Tor+Relay&component=vidalia&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Central project, providing the core software for using and participating in
    the Tor network. Numerous people contribute to the project to varying
    extents, but the chief architects are Nick Mathewson and Roger Dingledine.
    </p>
    
    <p>
    <b>Project Ideas:</b><br />
    <i><a href="#resistCensorship">Improving Tor's ability to resist
    censorship</a></i><br />
    <i><a href="#unitTesting">Improve our unit testing process</a></i><br />
    <i><a href="#simulateSlowConnections">Simulator for slow Internet connections</a></i>
    </p>
    
    <a id="project-jtor"></a>
    <h3><a href="https://github.com/brl/JTor/wiki">JTor</a> (<a
    href="https://github.com/brl/JTor">code</a>, <a
    href="https://github.com/brl/JTor/issues">bug
    tracker</a>)</h3>
    
    <p>
    Java implementation of Tor and successor to <a
    href="http://onioncoffee.sourceforge.net/">OnionCoffee</a>. This project
    isn't yet complete, and has been inactive since Fall 2010.
    </p>
    
    <a id="project-tbb"></a>
    <h3><a href="<page projects/torbrowser>">Tor Browser Bundle</a> (<a
    href="https://gitweb.torproject.org/torbrowser.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Tor+bundles/installation&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    The Tor Browser Bundle is an easy-to-use portable package of Tor, Vidalia,
    and Firefox preconfigured to work together out of the box. This is actively
    being worked on by Erinn Clark.
    </p>
    
    <p>
    <b>Project Ideas:</b><br />
    <i><a href="#auditTBB">Audit Tor Browser Bundles for data leaks</a></i><br />
    <i><a href="#usabilityTesting">Usability testing of Tor</a></i>
    </p>
    
    <a id="project-tails"></a>
    <h3><a href="https://tails.boum.org/">The Amnesic Incognito Live System</a> (<a
    href="http://git.immerda.ch/?p=amnesia.git;a=summary">code</a>, <a
    href="https://tails.boum.org/bugs/">bug
    tracker</a>)</h3>
    
    <p>
    The Amnesic Incognito Live System is a live CD/USB distribution
    preconfigured so that everything is safely routed through Tor and leaves no
    trace on the local system. This is a merger of the Amnesia and <a
    href="http://www.anonymityanywhere.com/incognito/">Incognito</a> projects,
    and still under very active development.
    </p>
    
    <p>
    <b>Project Ideas:</b><br />
    <i><a href="#tailsStartMenu">Custom GDM3 startup menu, aka.
    tails-greeter</a></i><br />
    <i><a href="#tailsMetadataAnonymizing">Meta-data anonymizing toolkit for
    file publication</a></i><br />
    <i><a href="#tailsDebianLive">Improve Debian Live support for
    persistence</a></i>
    </p>
    
    <a id="project-torsocks"></a>
    <h3><a href="http://code.google.com/p/torsocks/">Torsocks</a> (<a
    href="https://gitweb.torproject.org/torsocks.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Torify&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Utility for adapting other applications to work with Tor. Development has
    slowed and compatibility issues remain with some platforms, but it's
    otherwise feature complete.
    </p>
    
    <p>
    <b>Project Ideas:</b><br />
    <i><a href="#torsocksForOSX">Make torsocks/dsocks work on OS X</a></i>
    </p>
    
    <a id="project-torouter"></a>
    <h3><a
    href="<wiki>doc/Torouter">Torouter</a> (<a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Torouter&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Project to provide an easy-to-use, embedded Tor instance for routers. This
    had high activity in late 2010, but has since been rather quiet.
    </p>
    
    <a id="project-vidalia"></a>
    <h3><a href="<page projects/vidalia>">Vidalia</a> (<a
    href="https://gitweb.torproject.org/vidalia.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Vidalia&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    The most commonly used user interface for Tor. Matt Edman started the
    project in 2006 and brought it to its current stable state. Development
    slowed for several years, though Tomás Touceda has since taken a lead with
    pushing the project forward.
    </p>
    
    <p>
    <b>Project Ideas:</b><br />
    <i><a href="#vidaliaStatusEventInterface">Tor Controller Status Event Interface for Vidalia</a></i><br />
    <i><a href="#vidaliaNetworkMap">An Improved and More Usable Network Map in Vidalia</a></i>
    </p>
    
    <a id="project-arm"></a>
    <h3><a href="http://www.atagar.com/arm/">Arm</a> (<a
    href="https://gitweb.torproject.org/arm.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=arm&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Command-line monitor for Tor. This has been under very active development
    by its author, Damian Johnson, since early 2009 to make it a better
    general-purpose controller for *nix environments.
    </p>
    
    <p>
    <b>Project Ideas:</b><br />
    <i><a href="#armClientMode">Client Mode Use Cases for Arm</a></i><br />
    <i><a href="#armGui">GUI for Arm</a></i>
    </p>
    
    <a id="project-orbot"></a>
    <h3><a href="https://guardianproject.info/apps/orbot/">Orbot</a> (<a
    href="https://gitweb.torproject.org/orbot.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Orbot&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Provides Tor on the Android platform. This was under very active
    development up through Fall 2010, after which things have been quiet.
    </p>
    
    <p>
    <b>Project Ideas:</b><br />
    <i><a href="#orbot-torbutton">TorButton for Mobile Firefox 4 or Custom Browser on Android</a></i><br />
    <i><a href="#orbot-userInterface">Build a better user interface for Orbot</a></i><br />
    <i><a href="#orbot-optimisation">Core Tor mobile optimisation</a></i><br />
    <i><a href="#orbot-orlibAndOutreach">Orbot integration library and community outreach</a></i>
    </p>
    
    <a id="project-torbutton"></a>
    <h3><a href="<page torbutton/index>">Torbutton</a> (<a
    href="https://gitweb.torproject.org/torbutton.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Torbutton&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Firefox addon that addresses many of the client-side threats to browsing
    the Internet anonymously. Mike has since continued to adapt it to new
    threats, updated versions of Firefox, and possibly <a
    href="https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting">Chrome
    as well</a>.
    </p>
    
    <p>
    <b>Project Ideas:</b><br />
    <i><a href="#torbuttonForThunderbird">Torbutton equivalent for Thunderbird</a></i>
    </p>
    
    <a id="project-thandy"></a>
    <h3>Thandy (<a
    href="https://gitweb.torproject.org/thandy.git">code</a>)</h3>
    
    <p>
    Updater for Tor. The project began in the Summer of 2008 but wasn't
    completed. Recently interest in it has been rekindled and many aspects of
    its design (including the language it'll be in) are currently in flux.
    </p>
    
    <a id="project-torctl"></a>
    <h3>TorCtl (<a
    href="https://gitweb.torproject.org/pytorctl.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Torctl&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Python bindings and utilities for using the Tor control port. It has been
    stable for several years, with only minor revisions.
    </p>
    
    <a id="project-metrics"></a>
    <h3><a href="https://metrics.torproject.org/">Metrics</a> (code: <a
    href="https://gitweb.torproject.org/metrics-db.git">db</a>, <a
    href="https://gitweb.torproject.org/metrics-utils.git">utils</a>, <a
    href="https://gitweb.torproject.org/metrics-web.git">web</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Metrics&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Processing and analytics of consensus data, provided to users via the
    metrics portal. This has been under active development for several years by
    Karsten Loesing.
    </p>
    
    <a id="project-torstatus"></a>
    <h3><a href="https://trac.torproject.org/projects/tor/wiki/projects/TorStatus">TorStatus</a> (<a
    href="https://svn.torproject.org/svn/torstatus/trunk/">code</a>)</h3>
    
    <p>
    Portal providing an overview of the Tor network, and details on any of its
    current relays. Though very actively used, this project has been
    unmaintained for a long while.
    </p>
    
    <a id="project-weather"></a>
    <h3><a href="https://trac.torproject.org/projects/tor/wiki/projects/Weather">Weather</a> (<a
    href="https://gitweb.torproject.org/weather.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Tor+Weather&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Provides automatic notification to subscribed relay operators when their
    relay's unreachable. This underwent a rewrite by the <a
    href="http://hfoss.wesleyan.edu/">Wesleyan HFOSS team</a>, which went live
    in early 2011.
    </p>
    
    <a id="project-gettor"></a>
    <h3><a href="https://trac.torproject.org/projects/tor/wiki/projects/EmailAutoResponder">GetTor</a> (<a
    href="https://gitweb.torproject.org/gettor.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=GetTor&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    E-mail autoresponder providing Tor's packages over SMTP. This has been
    relatively unchanged for quite a while.
    </p>
    
    <a id="project-torcheck"></a>
    <h3><a href="https://trac.torproject.org/projects/tor/wiki/projects/TorCheck">TorCheck</a> (<a
    href="https://svn.torproject.org/svn/check/trunk/">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Tor+Check&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Provides a simple site for determining if the visitor is using Tor or not.
    This has been relatively unchanged for quite a while.
    </p>
    
    <a id="project-bridgedb"></a>
    <h3><a href="https://trac.torproject.org/projects/tor/wiki/projects/BridgeDB">BridgeDB</a> (<a
    href="https://gitweb.torproject.org/bridgedb.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=BridgeDB&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Backend bridge distributor, handling the various pools they're distributed
    in. This was actively developed until Fall of 2010.
    </p>
    
    <a id="project-torflow"></a>
    <h3><a href="https://trac.torproject.org/projects/tor/wiki/projects/TorFlow">TorFlow</a> (<a
    href="https://gitweb.torproject.org/torflow.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Torflow&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    Library and collection of services for actively monitoring the Tor network.
    These include the Bandwidth Scanners (measuring throughput of relays) and
    SoaT (scans for malicious or misconfigured exit nodes). SoaT was last
    actively developed in the Summer of 2010, and the Bandwidth Scanners a few
    months later. Both have been under active use since then, but development
    has stopped.
    </p>
    
    <a id="project-torbel"></a>
    <h3><a
    href="https://trac.torproject.org/projects/tor/wiki/projects/TorBulkExitlist">TorBEL</a> (<a
    href="https://gitweb.torproject.org/tordnsel.git">code</a>, <a
    href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=TorDNSEL/TorBEL&order=priority">bug
    tracker</a>)</h3>
    
    <p>
    The Tor Bulk Exitlist provides a method of identifying if IPs belong to
    exit nodes or not. This is a replacement for TorDNSEL which is a stable
    (though unmaintained) Haskell application for this purpose. The initial
    version of TorBEL was started in GSOC 2010 but since then the project has
    been inactive.
    </p>
    
    <a id="Coding"></a>
    <a id="Summer"></a>
    <h2><a class="anchor" href="#Coding">Project Ideas</a></h2>
    
    <p>
    You may find some of these projects to be good <a href="<page
    about/gsoc>">Google Summer of Code 2011</a> ideas. We have labelled each idea
    with how useful it would be to the overall Tor project (priority), how
    much work we expect it would be (effort level), how much clue you should
    start with (skill level), and which of our <a href="<page
    about/corepeople>">core developers</a> would be good mentors.
    If one or more of these ideas looks promising to you, please <a
    href="<page about/contact>">contact us</a> to discuss your plans rather than
    sending blind applications. You may also want to propose your own project
    idea &mdash; which often results in the best applications.
    </p>
    
    <ol>
    
    <a id="auditTBB"></a>
    <li>
    <b>Audit Tor Browser Bundles for data leaks</b>
    <br>
    Priority: <i>High</i>
    <br>
    Effort Level: <i>High</i>
    <br>
    Skill Level: <i>Medium</i>
    <br>
    Likely Mentors: <i>Erinn, Jacob, Andrew</i>
    <p>The Tor Browser Bundle incorporates Tor, Firefox, Polipo, and the Vidalia
    user interface (and optionally the <a href="http://pidgin.im/">Pidgin</a>
    Instant Messaging client). Components are pre-configured to operate in a
    secure way, and it has very few dependencies on the installed operating
    system. It has therefore become one of the most easy to use, and popular,
    ways to use Tor on Windows.</p>
    <p>This project is to identify all of the traces left behind by
    using a Tor Browser Bundle on Windows, Mac OS X, or Linux.  Developing
    ways to stop, counter, or remove these traces is a final step.</p>
    <p>Students should be familiar with operating system analysis,
    application development on one or preferably all of Windows, Linux,
    and Mac OS X, and be comfortable with C/C++ and shell scripting.</p>
    <p>If you would like to help extend or do security auditing for
    TBB, please contact Erinn.</p>
    </li>
    
    <a id="firewallProbeTool"></a>
    <li>
    <b>Develop a fully automatic firewall-probing system</b>
    <br>
    Priority: <i>High</i>
    <br>
    Effort Level: <i>Medium to High</i>
    <br>
    Skill Level: <i>High</i>
    <br>
    Likely Mentors: <i>Robert Ransom, Nick, Jacob</i>
    <p>We would like to have a fully automatic firewall-probing system for
    blocking systems with no long-term state (i.e. firewalls that can
    examine each connection, but do not change their behaviour for future
    connections based on the traffic they have seen).</p>
    <p>Ideally, volunteers would only need to set up one or more test servers,
    and run the probe client program on a publicly accessible computer
    behind the firewall.</p>
    <p>The test tool should:</p>
    <ul>
    <li>generate packet captures on both ends (and send them out to the
        extent possible),</li>
    <li>cycle through all the SSL configurations we might want to test
        through a censorship device, and</li>
    <li>also test some other protocols to see whether they are allowed
        through the firewall (IMAP and other mail protocols, BitTorrent,
        DTLS, etc.).</li>
    </ul>
    </li>
    
    <a id="tailsStartMenu"></a>
    <li>
    <b>Custom GDM3 startup menu, aka. tails-greeter</b>
    <br>
    Priority: <i>High</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Medium to High</i>
    <br>
    Likely Mentors: <i>intrigeri, anonym</i>
    <p>Several major upcoming Tails features need to gather user input at
    startup time: bridges support, persistence, MAC address anonymization,
    etc.</p>
    <p>Existing boot menus lack the graphical widgets and generally
    user-friendliness needed. Hence it was decided to implement Tails startup
    menu in GDM3: GDM3's default login/password prompt needs to be replaced
    with a custom GTK+ application hereby named tails-greeter that allows the
    user to provide any input necessary.</p>
    <p>Anyone undertaking this project should be familiar with GNU/Linux and
    application development; no other skill is required, apart of the ability
    to quickly find practical answers in APIs and documentation for many
    technologies she knows nothing about: this challenging coding project will
    indeed involve getting familiar with some modern GNU/Linux Desktop
    technologies such as D-Bus, GNOME and GConf. Python/GTK+ is probably the
    best suited language for the task.</p>
    <p>For more information see <a href="https://tails.boum.org/todo/boot_menu/">https://tails.boum.org/todo/boot_menu/</a></p>
    </li>

    <a id="orbot-torbutton"></a>
    <li>
    <b>TorButton for Mobile Firefox 4 or Custom Browser on Android</b>
    <br>
    Priority: <i>High</i>
    <br>
    Effort Level: <i>High</i>
    <br>
    Skill Level: <i>High</i>
    <br>
    Likely Mentors: <i>Nathan (n8fr8), Jake, Mike Perry</i>
    <p>Initial work has been done on implementing a proxy-setting add-on for
    Firefox on Android (see <a
    href="https://github.com/guardianproject/ProxyMob">ProxyMob</a>), but a
    full port of TorButton needs to be done (dependent upon Firefox 4 port of
    TorButton). The other approach is to implement a custom &quot;Tor
    Browser&quot; based on Firefox or Webkit browser. See <a
    href="http://code.google.com/p/torora/wiki/Android">Torora</a> for progress
    on this so far.</p>
    </li>
    
    <a id="orbot-userInterface"></a>
    <li>
    <b>Build a better user interface for Orbot</b>
    <br>
    Priority: <i>High</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Medium</i>
    <br>
    Likely Mentors: <i>Nathan (n8fr8), Jake</i>
    <p>Improved home screen to show confirmation of connection (via a TorCheck
    API call), better statistics about data transferred (up/down), number of
    circuits connected, quality of connection and so on. The &quot;Tether
    Wifi&quot; Android application is a good model to follow in how it shows a
    realtime count of bytes transferred as well as notifications when wifi
    clients connect. In addition, better handling of Tor system and error
    messages would also be very helpful, include use of standard Android
    operating systems notifications. The addition of a wizard or tutorial
    walkthrough for novice users to explain to them exactly what is and what is
    not anonymized or protected would greatly improve the likelihood they will
    use Orbot correctly. All of this should work on the range of screens and
    device types now offered for Android, from 2&quot; phone to 10&quot;
    Tablet.</p>
    </li>
    
    <a id="resistCensorship"></a>
    <li>
    <b>Improving Tor's ability to resist censorship</b>
    <br>
    Priority: <i>Medium to High</i>
    <br>
    Effort Level: <i>Medium to High</i>
    <br>
    Skill Level: <i>High</i>
    <br>
    Likely Mentors: <i>Roger, Nick, Jake, Thomas</i>
    <p>The Tor 0.2.1.x series makes <a
    href="<svnprojects>design-paper/blocking.html">significant
    improvements</a> in resisting national and organizational censorship.
    But Tor still needs better mechanisms for some parts of its
    anti-censorship design.</p>
    <p>One huge category of work is adding features to our <a
    href="https://gitweb.torproject.org/bridgedb.git?a=tree">BridgeDB</a>
    service (Python). Tor aims to give out <a href="<page docs/bridges>">bridge
    relay addresses</a> to users that can't reach the Tor network
    directly, but there's an arms race between algorithms for distributing
    addresses and algorithms for gathering and blocking them. See <a
    href="<blog>bridge-distribution-strategies">our
    blog post on the topic</a> as an overview, and then look at <a
    href="https://lists.torproject.org/pipermail/tor-dev/2009-December/000666.html">Roger's
    or-dev post</a> from December 2009 for more recent thoughts &mdash; lots of
    design work remains.</p>
    <p>If you want to get more into the guts of Tor itself (C), a more minor problem
    we should address is that current Tors can only listen on a single
    address/port combination at a time. There's
    <a href="<specblob>proposals/118-multiple-orports.txt">a
    proposal to address this limitation</a> and allow clients to connect
    to any given Tor on multiple addresses and ports, but it needs more
    work.</p>
    <p>This project could involve a lot of research and design. One of the big
    challenges will be identifying and crafting approaches that can still
    resist an adversary even after the adversary knows the design, and
    then trading off censorship resistance with usability and
    robustness.</p>
    </li>
    
    <a id="geoIPUpgrade"></a>
    <li>
    <b>Improve our GeoIP file format</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Medium to High</i>
    <br>
    Likely Mentors: <i>Robert Ransom</i>
    <p>Currently, Tor bridges and relays read an entire IP->country database
    into memory from a text file during startup.  We would like to
    distribute this database and store it on disk in a much more compact
    form, and perform IP->country lookups on it in its on-disk format if
    possible.</p>
    <p>We have <a href='https://trac.torproject.org/projects/tor/ticket/2506'>a
    sketch of a design</a> for a moderately optimized format for IPv4 GeoIP
    data; this project will involve both implementing the IPv4 format and
    designing and implementing a format for IPv6 GeoIP data.</p>
    <!--<p>Since the core of this project is researching IPv6 GeoIP data and
    designing the IPv6 format, this is not likely to be a good GSoC
    project.</p>-->
    </li>
    
    <a id="armClientMode"></a>
    <li>
    <b>Client Mode Use Cases for Arm</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>High</i>
    <br>
    Skill Level: <i>Medium</i>
    <br>
    Likely Mentors: <i>Damian (atagar)</i>
    <p><a href="<page projects/arm>">Arm</a> is a Tor command line status
    monitor on *nix environments (Linux, Mac, and BSD). It functions much like
    top does, giving a CLI overlay of Tor's bandwidth usage, connections,
    configuration, log, etc. Thus far its design has been geared for Tor relay
    operators. However, this doesn't need to be the case. This project would be
    to expand and simplify arm to make it useful for Tor's client users
    too.</p>
    
    <p>This would include UI design, experimenting, and a lot of python
    hacking. Here's some ideas for client functionality arm could provide:</p>
    
    <ul>
      <li>A panel for client connections, showing each hop of the user's
      circuits with the ISP, country, and jurisdiction where those relays
      reside. Other interesting information would be the circuit's latency, how
      long its been around, and its possible exit ports. Some of this will be
      pretty tricky and require some experimentation to figure out what
      information can be fetched safely (for instance, scraping rdns and whois
      lookups could give hints about a relay's ISP, but we'd need to do it on
      all Tor relays to avoid leaking our connections to the resolver).</li>
      
      <li>Options to let the user request new circuits (the &quot;New
      Identity&quot; feature in Vidalia), select the exit country, etc.</li>
      
      <li>A panel showing Internet application and if their connections are
      being routed through Tor or not (giving a warning if there's leaks).</li>
      
      <li>The status of the bridges we're configured to use (ie, are they up?).
      This would include adding control port functionality to Tor for <a
      href="https://trac.torproject.org/projects/tor/ticket/2068">ticket
      2068</a>.</li>
      
      <li>A one click option to set Tor to be a client, relay, or bridge. The
      goal would be to make it trivial for users to voluntarily contribute to
      the Tor network.</li>
      
      <li>Menus as an alternative to hotkeys to make the interface more
      intuitive and usable for beginners (<a
      href="http://gnosis.cx/publish/programming/charming_python_6.html">example</a>).</li>
      
      <li>Look at Vidalia and TorK for ideas and solicit input from the Tor community.</li>
    </ul>
    
    <p>
    More information is available in the following sections of arm's dev notes: <a href="https://trac.torproject.org/projects/tor/wiki/projects/arm#ConnectionListingExpansion">Connection Listing Expansion</a>, <a href="https://trac.torproject.org/projects/tor/wiki/projects/arm#CircuitDetails">Circuit Details</a>, and <a href="https://trac.torproject.org/projects/tor/wiki/projects/arm#ClientModeUseCases">Client Mode Use Cases</a>
    </p>
    </li>
    
    <a id="unitTesting"></a>
    <li>
    <b>Improve our unit testing process</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Medium</i>
    <br>
    Likely Mentors: <i>Nick, Erinn</i>
    <p>Tor needs to be tested far more thoroughly. This is a
    multi-part effort. To start with, our unit test coverage should
    rise substantially, especially in the areas outside the utility
    functions. This will require significant refactoring of some parts
    of Tor, in order to dissociate as much logic as possible from
    globals.</p>
    <p>Additionally, we need to automate our performance testing. We've got
    buildbot to automate our regular integration and compile testing already
    (though we need somebody to set it up on Windows),
    but we need to get our network simulation tests (as built in <a
    href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>)
    updated for more recent versions of Tor, and designed to launch a test
    network either on a single machine, or across several, so we can test
    changes in performance on machines in different roles automatically.</p>
    </li>
    
    <a id="simulateSlowConnections"></a>
    <li>
    <b>Simulator for slow Internet connections</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Medium</i>
    <br>
    Likely Mentors: <i>Nick</i>
    <p>
    Many users of Tor have poor-quality Internet connections, giving low
    bandwidth, high latency, and high packet loss/re-ordering. User
    experience is that Tor reacts badly to these conditions, but it is
    difficult to improve the situation without being able to repeat the
    problems in the lab.
    </p>
    
    <p>
    This project would be to build a simulation environment which
    replicates the poor connectivity so that the effect on Tor performance
    can be measured. Other components would be a testing utility to
    establish what are the properties of connections available, and to
    measure the effect of performance-improving modifications to Tor.
    </p>
    
    <p>
    The tools used would be up to the student, but dummynet (for FreeBSD)
    and nistnet (for Linux) are two potential components on which this
    project could be built. Students should be experienced with network
    programming/debugging and TCP/IP, and preferably familiar with C and a
    scripting language.
    </p>
    </li>
    
    <a id="torbuttonForThunderbird"></a>
    <li>
    <b>Torbutton equivalent for Thunderbird</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>High</i>
    <br>
    Skill Level: <i>High</i>
    <br>
    Likely Mentors: <i>Mike</i>
    <p>
    We're hearing from an increasing number of users that they want to use
    Thunderbird with Tor. However, there are plenty of application-level
    concerns, for example, by default Thunderbird will put your hostname in
    the outgoing mail that it sends. At some point we should start a new
    push to build a Thunderbird extension similar to Torbutton.
    </p>
    </li>
    
    <a id="usabilityTesting"></a>
    <li>
    <b>Usability testing of Tor</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Low to Medium</i>
    <br>
    Likely Mentors: <i>Andrew</i>
    <p>
    Especially the browser bundle, ideally amongst our target demographic.
    That would help a lot in knowing what needs to be done in terms of bug
    fixes or new features. We get this informally at the moment, but a more
    structured process would be better.
    </p>
    
    <p>
    Please note that since this isn't a coding project, it isn't suitable for
    Google Summer of Code.
    </p>
    </li>
    
    <a id="tailsMetadataAnonymizing"></a>
    <li>
    <b>Meta-data anonymizing toolkit for file publication</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Low to Medium</i>
    <br>
    Skill Level: <i>Low to Medium</i>
    <br>
    Likely Mentors: <i>intrigeri, anonym</i>
    <p>Tor helps greatly in publishing files anonymously. However, much personal
    information can be enclosed *inside* such published files' meta-data: GPS
    coordinates, author's name and so on. Anyone who wants to anonymously
    publish a file can thus far too easily de-anonymize herself.</p>
    <p>A set of tools allowing users to easily inspect and clean up meta-data in files
    would benefit Tor users, and would e.g. be shipped in Tails.</p>
    <p>A graphical user interface is a must, but library and command-line
    interfaces are most welcome so that future work can add support for
    cleaning published files to various publishing tools, such as desktop
    social networking clients and Web content management systems.</p>
    <p>This project mostly consists of writing glue between the many existing
    tools and libraries that provide read/write access to files' meta-data. An
    extensible program design would probably be the best bet, so that support
    for other kinds of files can easily be added later.</p>
    <p>The meta-data cleaning toolkit would run at least on GNU/Linux;
    additional Windows and/or Mac OS X support would be welcome. The tools used
    would be up to the students. The detailed specification is ready and will
    be published soon.</p>
    </li>   
 
    <a id="tailsDebianLive"></a>
    <li>
    <b>Improve Debian Live support for persistence</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Low to Medium</i>
    <br>
    Likely Mentors: <i>intrigeri, anonym</i>
    <p>Data persistence is a somewhat tricky topic in a Live system context,
    especially one such as Tails, which is explicitly designed to avoid
    leaving any trace of its use.</p>
    <p>Some real-life use cases, however, require some kind of data
    persistence. To start with, Tails should (carefully) support persistence of
    application-specific configurations (e.g. GnuPG keyring) and of a user
    arbitrary data store. Note that persistence in Tails will always be opt-in
    and require encrypted storage.</p>
    <p>The backend work consists of improving Debian Live's existing
    persistence features to make them suit the specific context of Tails. A trust
    relationship is already established with upstream who is happy to merge our
    changes. The codebase is not that small and much refactoring is needed, so
    this really is a programming project rather than a fire'n'forget shell
    script hack contest.</p>
    <p>Anyone undertaking this project must be familiar with GNU/Linux, and
    preferably with Debian. Being able to (quickly learn to) write clean and
    safe programs in shell is also needed.</p>
    <p>For more information, see <a href="https://tails.boum.org/todo/persistence/">https://tails.boum.org/todo/persistence/</a>.</p>
    </li>
    
    <a id="torsocksForOSX"></a>
    <li>
    <b>Make torsocks/dsocks work on OS X</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Medium</i>
    <br>
    Likely Mentors: <i>Robert Hogan</i>
    <p>
    <a href="https://code.google.com/p/torsocks/">Torsocks</a> and <a
    href="https://code.google.com/p/dsocks/">dsocks</a> are wrappers that will
    run applications, intercept their outgoing network connections, and push
    those connections through Tor. The goal is to handle applications that
    don't support proxies (or don't supporting them well). To get it right,
    they need to intercept many system calls. The syscalls you need to
    intercept on Linux differ dramatically from those on BSD. So Torsocks
    works fine on Linux, dsocks works ok on BSD (though it may be less
    maintained and thus might miss more syscalls), and nothing works well
    on both. First, we should patch dsocks to use Tor's <i>mapaddress</i>
    commands from the controller interface, so we don't waste a whole
    round-trip inside Tor doing the resolve before connecting. Second,
    we should make our <i>torify</i> script detect which of torsocks or
    dsocks is installed, and call them appropriately. This probably means
    unifying their interfaces, and might involve sharing code between them
    or discarding one entirely.
    </p>
    </li>
    
    <a id="vidaliaStatusEventInterface"></a>
    <li>
    <b>Tor Controller Status Event Interface for Vidalia</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Low to Medium</i>
    <br>
    Likely Mentors: <i>Tomás</i>
    <p>There are a number of status changes inside Tor of which the user may need
    to be informed. For example, if the user is trying to set up his Tor as a
    relay and Tor decides that its ports are not reachable from outside
    the user's network, we should alert the user. Currently, all the user
    gets is a couple of log messages in Vidalia's 'message log' window, which they
    likely never see since they don't receive a notification that something
    has gone wrong. Even if the user does actually look at the message log,
    most of the messages make little sense to the novice user.</p>
    <p>Tor has the ability to inform Vidalia of many such status
    changes, and we recently implemented support for a couple of these
    events. Still, there are many more status events which the user should
    be informed of, and we need a better UI for actually displaying them
    to the user.</p>
    <p>The goal of this project then is to design and implement a UI for
    displaying Tor status events to the user. For example, we might put a
    little badge on Vidalia's tray icon that alerts the user to new status
    events they should look at. Double-clicking the icon could bring up a
    dialog that summarizes recent status events in simple terms and maybe
    suggests a remedy for any negative events if they can be corrected by
    the user. Of course, this is just an example and one is free to
    suggest another approach.</p>
    <p>A person undertaking this project should have good UI design and layout
    skills and some C++ development experience. Previous experience with Qt and
    Qt's Designer will be very helpful, but are not required. Some
    English writing ability will also be useful, since this project will
    likely involve writing small amounts of help documentation that should
    be understandable by non-technical users. Bonus points for some graphic
    design/Photoshop fu, since we might want/need some shiny new icons too.</p>
    </li>
    
    <a id="orbot-optimisation"></a>
    <li>
    <b>Core Tor mobile optimisation</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>High</i>
    <br>
    Likely Mentors: <i>Nathan (n8fr8), Jake</i>
    <p>
    The existing port of Tor to Android is basically a straight
    cross-compile to Linux ARM. There has been no work done in looking at
    possible optimizations of Tor within a mobile hardware environment or on
    mobile networks. In addition, a number of additional Android OS APIs are
    available (such as wireless network status) that could be taken
    advantage of.
    </p>
    
    <p>
    It should be noted, that even without optimisation, Tor is handling the
    mobile network environment very well, automatically detecting change in
    IP addresses, opening circuits, etc, as the device switches from no
    coverage to 2G, 3G or Wifi constantly as it changes position. However,
    this observation of &quot;very well&quot;, is just based on user
    experience, and not any detailed study of what exactly is happening, and
    what threats might exist because of this constantly changing network state.
    </p>
    
    <p>
    Finally, the build process needs to be moved to the Android NDK from the
    custom GCC toolchain we are now using, and compatibility with Android
    2.3 and 3.x Honeycomb OS need to be verified.
    </p>
    
    <p>
    For more information see the <a
    href="https://svn.torproject.org/svn/projects/android/trunk/Orbot/BUILD">Orbot
    build documentation</a>.
    </p>
    </li>
    
    <a id="orbot-orlibAndOutreach"></a>
    <li>
    <b>Orbot integration library and community outreach</b>
    <br>
    Priority: <i>Medium</i>
    <br>
    Effort Level: <i>Low</i>
    <br>
    Skill Level: <i>Medium</i>
    <br>
    Likely Mentors: <i>Nathan (n8fr8)</i>
    <p>
    We need additional work on <a
    href="https://github.com/guardianproject/orlib">ORLib</a>, our library for
    use with third-party application to easily enable them to support
    &quot;Torification&quot; on non-rooted devices (i.e. w/o transparent
    proxying). This library includes a SOCKS client, a wrapper for the Apache
    HTTPClient library, a utility class for detecting the state of Orbot
    connectivity, and other relevant/useful things an Android app might need to
    anonymize itself. This work would includes direct development of the
    library, documentation, and sample code. Outreach or effort to implement
    the library within other open-source apps is also needed.
    </p>
    </li>
    
    <a id="vidaliaNetworkMap"></a>
    <li>
    <b>An Improved and More Usable Network Map in Vidalia</b>
    <br>
    Priority: <i>Low to Medium</i>
    <br>
    Effort Level: <i>Medium</i>
    <br>
    Skill Level: <i>Medium</i>
    <br>
    Likely Mentors: <i>Tomás</i>
    <p>
    One of Vidalia's existing features is a network map that shows the user
    the approximate geographic location of relays in the Tor network and
    plots the paths the user's traffic takes as it is tunneled through the
    Tor network. The map is currently not very interactive and has rather
    poor graphics. Instead, we implemented KDE's Marble widget such
    that it gives us a better quality map and enables improved interactivity,
    such as allowing the user to click on individual relays or circuits to
    display additional information. We want to add the ability
    for users to click on a particular relay or a country containing one or
    more Tor exit relays and say, "I want my connections to exit
    from here."
    </p>
    
    <p>
    This project will first involve getting familiar with Vidalia
    and the Marble widget's API. One will then integrate the widget
    into Vidalia and customize Marble to be better suited for our application,
    such as making circuits clickable, storing cached map data in Vidalia's
    own data directory, and customizing some of the widget's dialogs.
    </p>
    
    <p>
    A person undertaking this project should have good C++ development
    experience. Previous experience with Qt and CMake is helpful, but not
    required.
    </p>
    </li>
    
    <a id="armGui"></a>
    <li>
    <b>GUI for Arm</b>
    <br>
    Priority: <i>Low</i>
    <br>
    Effort Level: <i>High</i>
    <br>
    Skill Level: <i>Medium</i>
    <br>
    Likely Mentors: <i>Damian (atagar)</i>
    <p>
    Arm has several unique features, some of the most interesting being its
    connection listing (correlating netstat results against the Tor consensus)
    and configuration editor (a quick method for editing Tor's config, with
    information pulled from the control port and man page). However, since arm
    is a command line controller it's of limited appeal to certain sets of
    users. This project would be to build a GTK or Qt frontend for the
    controller, providing similar features set but with a windowed interface.
    </p>
    
    <p>
    The vast majority of arm's more interesting functionality lies in its
    backend <a href="https://gitweb.torproject.org/arm.git/tree/HEAD:/src/util">utilities</a>, so
    there should be little to no work decoupling the CLI from its backend.
    Instead, this project would mostly be UI hacking and experimentation,
    trying different interfaces to find something that's elegant and simple,
    but matches the information found in the current terminal application.
    </p>
    </li>
    
    <li>
    <b>Bring up new ideas!</b>
    <br>
    Don't like any of these? Look at the <a
    href="/press/presskit/2008-12-19-roadmap-full.pdf">Tor development
    roadmap</a> for more ideas, or just try out Tor, Vidalia, and Torbutton,
    and find out what you think needs fixing.
    Some of the <a href="<spectree>proposals">current proposals</a>
    might also be short on developers.
    </li>
    
    </ol>
    
    <a id="OtherCoding"></a>
    <h2><a class="anchor" href="#OtherCoding">Other Coding and Design related ideas</a></h2>
    <ol>
    <li>Tor relays don't work well on Windows XP. On
    Windows, Tor uses the standard <tt>select()</tt> system
    call, which uses space in the non-page pool. This means
    that a medium sized Tor relay will empty the non-page pool, <a
    href="<wiki>doc/WindowsBufferProblems">causing
    havoc and system crashes</a>. We should probably be using overlapped IO
    instead. One solution would be to teach <a
    href="http://www.monkey.org/~provos/libevent/">libevent</a> how to use
    overlapped IO rather than select() on Windows, and then adapt Tor to
    the new libevent interface. Christian King made a
    <a href="https://svn.torproject.org/svn/libevent-urz/trunk/">good
    start</a> on this in the summer of 2007.</li>
    
    <li>We need to actually start building our <a href="<page
    docs/documentation>#DesignDoc">blocking-resistance design</a>. This involves
    fleshing out the design, modifying many different pieces of Tor, adapting
    <a href="<page projects/vidalia>">Vidalia</a> so it supports the
    new features, and planning for deployment.</li>
    
    <li>We need a flexible simulator framework for studying end-to-end
    traffic confirmation attacks. Many researchers have whipped up ad hoc
    simulators to support their intuition either that the attacks work
    really well or that some defense works great. Can we build a simulator
    that's clearly documented and open enough that everybody knows it's
    giving a reasonable answer? This will spur a lot of new research.
    See the entry <a href="#Research">below</a> on confirmation attacks for
    details on the research side of this task &mdash; who knows, when it's
    done maybe you can help write a paper or three also.</li>
    
    <li>Tor 0.1.1.x and later include support for hardware crypto
    accelerators via OpenSSL. It has been lightly tested and is
    possibly very buggy.  We're looking for more rigorous testing,
    performance analysis, and optimally, code fixes to OpenSSL and
    Tor if needed.</li>
    
    <li>Perform a security analysis of Tor with <a
    href="https://secure.wikimedia.org/wikipedia/en/wiki/Fuzz_testing">"fuzz"</a>. Determine
    if there are good fuzzing libraries out there for what we want. Win fame by
    getting credit when we put out a new release because of you!</li>
    
    <li>Tor uses TCP for transport and TLS for link
    encryption. This is nice and simple, but it means all cells
    on a link are delayed when a single packet gets dropped, and
    it means we can only reasonably support TCP streams. We have a <a
    href="<page docs/faq>#TransportIPnotTCP">list
    of reasons why we haven't shifted to UDP transport</a>, but it would
    be great to see that list get shorter. We also have a proposed <a
    href="<specblob>proposals/100-tor-spec-udp.txt">specification
    for Tor and
    UDP</a> &mdash; please let us know what's wrong with it.</li>
    
    <li>We're not that far from having IPv6 support for destination addresses
    (at exit nodes). If you care strongly about IPv6, that's probably the
    first place to start.</li>
    
    <li>We need a way to generate the website diagrams (for example, the "How
    Tor Works" pictures on the <a href="<page about/overview>">overview page</a>
    from source, so we can translate them as UTF-8 text rather than edit
    them by hand with Gimp. We might want to
    integrate this as an wml file so translations are easy and images are
    generated in multiple languages whenever we build the website.</li>
    
    <li>How can we make the various LiveCD/USB systems easier
    to maintain, improve, and document?  One example is <a
    href="https://tails.boum.org/">The Amnesic Incognito Live
    System</a>.
    </li>
    
    <li>
    Another anti-censorship project is to try to make Tor
    more scanning-resistant.  Right now, an adversary can identify <a
    href="<specblob>proposals/125-bridges.txt">Tor bridges</a>
    just by trying to connect to them, following the Tor protocol,
    and seeing if they respond.  To solve this, bridges could <a
    href="<svnprojects>design-paper/blocking.html#tth_sEc9.3">act like
    webservers</a> (HTTP or HTTPS) when contacted by port-scanning tools,
    and not act like bridges until the user provides a bridge-specific key.
    To start, check out Shane Pope's <a
    href="http://dl.dropbox.com/u/37735/index.html">thesis and prototype</a>.
    </li>
    
    </ol>
    
    <a id="Research"></a>
    <h2><a class="anchor" href="#Research">Research</a></h2>
    <ol>
    <li>The "end-to-end traffic confirmation attack":
    by watching traffic at Alice and at Bob, we can <a
    href="http://freehaven.net/anonbib/#danezis:pet2004">compare
    traffic signatures and become convinced that we're watching the same
    stream</a>. So far Tor accepts this as a fact of life and assumes this
    attack is trivial in all cases. First of all, is that actually true? How
    much traffic of what sort of distribution is needed before the adversary
    is confident he has won? Are there scenarios (e.g. not transmitting much)
    that slow down the attack? Do some traffic padding or traffic shaping
    schemes work better than others?</li>
    <li>A related question is: Does running a relay/bridge provide additional
    protection against these timing attacks? Can an external adversary that can't
    see inside TLS links still recognize individual streams reliably?
    Does the amount of traffic carried degrade this ability any? What if the
    client-relay deliberately delayed upstream relayed traffic to create a queue
    that could be used to mimic timings of client downstream traffic to make it
    look like it was also relayed? This same queue could also be used for masking
    timings in client upstream traffic with the techniques from <a
    href="http://www.freehaven.net/anonbib/#ShWa-Timing06">adaptive padding</a>,
    but without the need for additional traffic. Would such an interleaving of
    client upstream traffic obscure timings for external adversaries? Would the
    strategies need to be adjusted for asymmetric links? For example, on
    asymmetric links, is it actually possible to differentiate client traffic from
    natural bursts due to their asymmetric capacity? Or is it easier than
    symmetric links for some other reason?</li>
    <li>Repeat Murdoch and Danezis's <a
    href="http://www.cl.cam.ac.uk/~sjm217/projects/anon/#torta">attack from
    Oakland 05</a> on the current Tor network. See if you can learn why it
    works well on some nodes and not well on others. (My theory is that the
    fast nodes with spare capacity resist the attack better.) If that's true,
    then experiment with the RelayBandwidthRate and RelayBandwidthBurst
    options to run a relay that is used as a client while relaying the
    attacker's traffic: as we crank down the RelayBandwidthRate, does the
    attack get harder? What's the right ratio of RelayBandwidthRate to
    actually capacity? Or is it a ratio at all? While we're at it, does a
    much larger set of candidate relays increase the false positive rate
    or other complexity for the attack? (The Tor network is now almost two
    orders of magnitude larger than it was when they wrote their paper.) Be
    sure to read <a href="http://freehaven.net/anonbib/#clog-the-queue">Don't
    Clog the Queue</a> too.</li>
    <li>The "routing zones attack": most of the literature thinks of
    the network path between Alice and her entry node (and between the
    exit node and Bob) as a single link on some graph. In practice,
    though, the path traverses many autonomous systems (ASes), and <a
    href="http://freehaven.net/anonbib/#feamster:wpes2004">it's not uncommon
    that the same AS appears on both the entry path and the exit path</a>.
    Unfortunately, to accurately predict whether a given Alice, entry,
    exit, Bob quad will be dangerous, we need to download an entire Internet
    routing zone and perform expensive operations on it. Are there practical
    approximations, such as avoiding IP addresses in the same /8 network?</li>
    <li>Other research questions regarding geographic diversity consider
    the tradeoff between choosing an efficient circuit and choosing a random
    circuit. Look at Stephen Rollyson's <a
    href="http://swiki.cc.gatech.edu:8080/ugResearch/uploads/7/ImprovingTor.pdf">position
    paper</a> on how to discard particularly slow choices without hurting
    anonymity "too much". This line of reasoning needs more work and more
    thinking, but it looks very promising.</li>
    <li>Tor doesn't work very well when relays have asymmetric bandwidth
    (e.g. cable or DSL). Because Tor has separate TCP connections between
    each hop, if the incoming bytes are arriving just fine and the outgoing
    bytes are all getting dropped on the floor, the TCP push-back mechanisms
    don't really transmit this information back to the incoming streams.
    Perhaps Tor should detect when it's dropping a lot of outgoing packets,
    and rate-limit incoming streams to regulate this itself? I can imagine
    a build-up and drop-off scheme where we pick a conservative rate-limit,
    slowly increase it until we get lost packets, back off, repeat. We
    need somebody who's good with networks to simulate this and help design
    solutions; and/or we need to understand the extent of the performance
    degradation, and use this as motivation to reconsider UDP transport.</li>
    <li>A related topic is congestion control. Is our
    current design sufficient once we have heavy use? Maybe
    we should experiment with variable-sized windows rather
    than fixed-size windows? That seemed to go well in an <a
    href="http://www.psc.edu/networking/projects/hpn-ssh/theory.php">ssh
    throughput experiment</a>. We'll need to measure and tweak, and maybe
    overhaul if the results are good.</li>
    <li>Our censorship-resistance goals include preventing
    an attacker who's looking at Tor traffic on the wire from <a
    href="<svnprojects>design-paper/blocking.html#sec:network-fingerprint">distinguishing
    it from normal SSL traffic</a>. Obviously we can't achieve perfect
    steganography and still remain usable, but for a first step we'd like to
    block any attacks that can win by observing only a few packets. One of
    the remaining attacks we haven't examined much is that Tor cells are 512
    bytes, so the traffic on the wire may well be a multiple of 512 bytes.
    How much does the batching and overhead in TLS records blur this on the
    wire? Do different buffer flushing strategies in Tor affect this? Could
    a bit of padding help a lot, or is this an attack we must accept?</li>
    <li>Tor circuits are built one hop at a time, so in theory we have the
    ability to make some streams exit from the second hop, some from the
    third, and so on. This seems nice because it breaks up the set of exiting
    streams that a given relay can see. But if we want each stream to be safe,
    the "shortest" path should be at least 3 hops long by our current logic, so
    the rest will be even longer. We need to examine this performance / security
    tradeoff.</li>
    <li>It's not that hard to DoS Tor relays or directory authorities. Are client
    puzzles the right answer? What other practical approaches are there? Bonus
    if they're backward-compatible with the current Tor protocol.</li>
    <li>Programs like <a
    href="<page torbutton/index>">Torbutton</a> aim to hide
    your browser's UserAgent string by replacing it with a uniform answer for
    every Tor user. That way the attacker can't splinter Tor's anonymity set
    by looking at that header. It tries to pick a string that is commonly used
    by non-Tor users too, so it doesn't stand out. Question one: how badly
    do we hurt ourselves by periodically updating the version of Firefox
    that Torbutton claims to be? If we update it too often, we splinter the
    anonymity sets ourselves. If we don't update it often enough, then all the
    Tor users stand out because they claim to be running a quite old version
    of Firefox. The answer here probably depends on the Firefox versions seen
    in the wild. Question two: periodically people ask us to cycle through N
    UserAgent strings rather than stick with one. Does this approach help,
    hurt, or not matter? Consider: cookies and recognizing Torbutton users
    by their rotating UserAgents; malicious websites who only attack certain
    browsers; and whether the answers to question one impact this answer.
    </li>
    <li>How many bridge relays do you need to know to maintain
    reachability? We should measure the churn in our bridges. If there is
    lots of churn, are there ways to keep bridge users more likely to stay
    connected?
    </li>
    </ol>
    
    <p>
    <a href="<page about/contact>">Let us know</a> if you've made progress on any
    of these!
    </p>
  </div>
  <!-- END MAINCOL -->
  <div id = "sidecol">
#include "side.wmi"
#include "info.wmi"
  </div>
  <!-- END SIDECOL -->
</div>
<!-- END CONTENT -->
#include <foot.wmi>