getinvolved/en/volunteer.wml (5051d73aa) - tor-webwml.git

volunteer.wml

## translation metadata
# Revision: $Revision$
# Translation-Priority: 4-optional

#include "head.wmi" TITLE="Tor: Volunteer" CHARSET="UTF-8"
<div id="content" class="clearfix">
 <div id="breadcrumbs">
 <a href="<page index>">Home &raquo; </a>
 <a href="<page getinvolved/volunteer>">Volunteer</a>
 </div>
 <div id="maincol">
 
 <h1>A few things everyone can do now:</h1>
 <ol>
 <li>Please consider <a href="<page docs/tor-doc-relay>">running
 a relay</a> to help the Tor network grow.</li>
 <li>Tell your friends! Get them to run relays. Get them to run hidden
 services. Get them to tell their friends.</li>
 <li>If you like Tor's goals, please <a href="<page donate/donate>">take a moment
 to donate to support further Tor development</a>. We're also looking
 for more sponsors &mdash; if you know any companies, NGOs, agencies,
 or other organizations that want anonymity / privacy / communications
 security, let them know about us.</li>
 <li>We're looking for more <a href="<page about/torusers>">good examples of Tor
 users and Tor use cases</a>. If you use Tor for a scenario or purpose not
 yet described on that page, and you're comfortable sharing it with us,
 we'd love to hear from you.</li>
 </ol>

<a id="Documentation"></a>
 <h2><a class="anchor" href="#Documentation">Documentation</a></h2>
 <ol>
 <li>Help translate the

 documentation into other
 languages. See the <a href="<page getinvolved/translation>">translation
 guidelines</a> if you want to help out. We especially need Arabic or
 Farsi translations, for the many Tor users in censored areas.</li>
 <li>Evaluate and document
 <a href="<wiki>doc/TorifyHOWTO">our
 list of programs</a> that can be configured to use Tor.</li>
 <li>We have a huge list of <a
 href="<wiki>doc/SupportPrograms">potentially useful
 programs that interface with Tor</a>. Which ones are useful in which
 situations? Please help us test them out and document your results.</li>
 </ol>

<a id="Advocacy"></a>
 <h2><a class="anchor" href="#Advocacy">Advocacy</a></h2>
 <ol>
 <li>Monitor some of our <a
 href="https://lists.torproject.org/cgi-bin/mailman/listinfo">public mailing
 lists</a>, like <a
 href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk">tor-talk</a>, <a
 href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">tor-relays</a>, <a
 href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev">tor-dev</a>, or <a
 href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev">tbb-dev</a>,
 and summarize noteworthy exchanges into articles for <a
 href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-news">Tor
 Weekly News</a>.</li>
 <li>Create a presentation that can be used for various user group
meetings around the world.</li>
 <li>Create a video about the positive uses of Tor, what Tor is,
 or how to use it. Some have already started on <a
 href="https://media.torproject.org/video/">Tor's Media server</a>,
 <a
 href="http://www.howcast.com/videos/90601-How-To-Circumvent-an-Internet-Proxy/">Howcast</a>,
 and <a href="http://www.youtube.com/c/thetorproject">YouTube</a>.</li>
 <li>Create a poster around a theme, such as "Tor for Freedom!"</li>
 <li>Create a t-shirt design that incorporates "<a
 href="https://check.torproject.org/">Congratulations! You are using
 Tor!</a>" in any language.</li>
 <li>Spread the word about Tor at a symposium or conference and use these
 <a href="https://media.torproject.org/misc/2015-03-tor-brochure/">Tor
 brochures</a> in PDF and ODG format and translated to at least ten
 different languages as conversation starter.</li>
 </ol>

<a id="gsoc"></a>
 <h2><a class="anchor" href="#gsoc">Google Summer of Code</a></h2>

Tor is also taking part in this year's <a
 href="https://summerofcode.withgoogle.com/">Google
 Summer of Code</a>! To apply but you need to be either <a
 href="https://developers.google.com/open-source/gsoc/faq#what_are_the_eligibility_requirements_for_participation">a
 present student or just graduated</a>. See our page for <a href="<page
 about/gsoc>">Google Summer of Code</a> for more information.

<a id="Projects"></a>
 <h2><a class="anchor" href="#Projects">Projects</a></h2>

Below are a list of Tor related projects we're developing and/or
 maintaining. Most discussions happen on IRC so if you're interested in any
 of these (or you have a project idea of your own), then please <a
 href="<page about/contact>#irc">join us in #tor-dev</a>. Don't be shy
 to ask questions, and don't hesitate to ask even if the main contributors
 aren't active at that moment.

For a presentation summarizing many of these projects see...

<div id="ecosystem_presentation">
 <a href="https://www.youtube.com/watch?v=fb6iqZcQsSg">Tor Ecosystem</a> (<a href="https://media.torproject.org/video/2013-11-t3am-damian-johnson.mp4">mp4</a>, <a href="https://svn.torproject.org/svn/projects/presentations/2013-11-t3am-tor-ecosystem.pdf">slides</a>)
 </div>

<table id="projects">
 <tr>
 <th>Name</th>
 <th>Category</th>
 <th>Language</th>
 <th>Activity</th>
 <th>Contributors</th>
 </tr>

<tr>
 <td><a href="#project-tor">Tor</a></td>
 <td>Core</td>
 <td>C</td>
 <td>Heavy</td>
 <td>nickm, athena, arma, dgoulet, asn, teor</td>
 </tr>

<tr>
 <td><a href="#project-torbrowser">Tor Browser</a></td>
 <td>Bundle</td>
 <td>Javascript, XUL, Scripting</td>
 <td>Heavy</td>
 <td>mikeperry, Pearl Crescent, GeKo</td>
 </tr>

<tr>
 <td><a href="#project-httpseverywhere">HTTPS Everywhere</a></td>
 <td>Browser Add-on</td>
 <td>Javascript</td>
 <td>Heavy</td>
 <td>pde, mikeperry</td>
 </tr>

<tr>
 <td><a href="#project-nyx">Nyx</a></td>
 <td>User Interface</td>
 <td>Python, Curses</td>
 <td>Heavy</td>
 <td>atagar</td>
 </tr>

<tr>
 <td><a href="#project-orbot">Orbot</a></td>
 <td>User Interface</td>
 <td>Java</td>
 <td>Moderate</td>
 <td>n8fr8</td>
 </tr>

<tr>
 <td><a href="#project-tails">Tails</a></td>
 <td>OS image</td>
 <td>Sys Admin</td>
 <td>Heavy</td>
 <td><a href="https://tails.boum.org/">#tails</a></td>
 </tr>

<tr>
 <td><a href="#project-torramdisk">tor-ramdisk</a></td>
 <td>OS image</td>
 <td>Sys Admin</td>
 <td>Light</td>
 <td>blueness</td>
 </tr>

<tr>
 <td><a href="#project-torsocks">Torsocks</a></td>
 <td>Usability</td>
 <td>C</td>
 <td>Light</td>
 <td>David Goulet</td>
 </tr>

<tr>
 <td><a href="#project-tormessenger">Tor Messenger</a></td>
 <td>Bundle</td>
 <td>JavaScript, XUL, Scripting</td>
 <td>Heavy</td>
 <td>arlolra, boklm, sukhe</td>
 </tr>

<tr>
 <td><a href="#project-torbirdy">TorBirdy</a></td>
 <td>Browser Add-on</td>
 <td>JavaScript</td>
 <td>Light</td>
 <td>sukhe</td>
 </tr>

<tr>
 <td><a href="#project-obfsproxy">Obfsproxy</a></td>
 <td>Client Add-on</td>
 <td>Python</td>
 <td>None</td>
 <td>asn</td>
 </tr>

<tr>
 <td><a href="#project-flash-proxy">Flash Proxy</a></td>
 <td>Client Add-on</td>
 <td>Python, JavaScript, Go</td>
 <td>Light</td>
 <td>dcf, infinity0, Arlo Breault</td>
 </tr>

<tr>
 <td><a href="#project-shadow">Shadow</a></td>
 <td>Simulator</td>
 <td>C, Python</td>
 <td>Heavy</td>
 <td>robgjansen</td>
 </tr>

<tr>
 <td><a href="#project-chutney">Chutney</a></td>
 <td>Simulator</td>
 <td>Python</td>
 <td>Light</td>
 <td>nickm</td>
 </tr>

<tr>
 <td><a href="#project-stem">Stem</a></td>
 <td>Library</td>
 <td>Python</td>
 <td>Heavy</td>
 <td>atagar</td>
 </tr>

<tr>
 <td><a href="#project-txtorcon">Txtorcon</a></td>
 <td>Library</td>
 <td>Python, Twisted</td>
 <td>Light</td>
 <td>meejah</td>
 </tr>

<tr>
 <td><a href="#project-tlsdate">Tlsdate</a></td>
 <td>Utility</td>
 <td>C</td>
 <td>None</td>
 <td>ioerror</td>
 </tr>

<tr>
 <td><a href="#project-metrics">Metrics</a></td>
 <td>Client Service</td>
 <td>Java</td>
 <td>Moderate</td>
 <td>karsten, iwakeh</td>
 </tr>

<tr>
 <td><a href="#project-atlas">Atlas</a></td>
 <td>Client Service</td>
 <td>JavaScript</td>
 <td>Moderate</td>
 <td>irl</td>
 </tr>

<tr>
 <td><a href="#project-compass">Compass</a></td>
 <td>Client Service</td>
 <td>Python</td>
 <td>None</td>
 <td></td>
 </tr>

<tr>
 <td><a href="#project-onionoo">Onionoo</a></td>
 <td>Backend Service</td>
 <td>Java</td>
 <td>Heavy</td>
 <td>karsten, iwakeh</td>
 </tr>

<tr>
 <td><a href="#project-exitmap">ExitMap</a></td>
 <td>Backend Service</td>
 <td>Python</td>
 <td>Light</td>
 <td>phw</td>
 </tr>

<tr>
 <td><a href="#project-doctor">DocTor</a></td>
 <td>Backend Service</td>
 <td>Python</td>
 <td>Light</td>
 <td>atagar</td>
 </tr>

<tr>
 <td><a href="#project-gettor">GetTor</a></td>
 <td>Client Service</td>
 <td>Python</td>
 <td>Light</td>
 <td>ilv</td>
 </tr>

<tr>
 <td><a href="#project-torcheck">TorCheck</a></td>
 <td>Client Service</td>
 <td>Go</td>
 <td>None</td>
 <td>Arlo</td>
 </tr>

<tr>
 <td><a href="#project-bridgedb">BridgeDB</a></td>
 <td>Backend Service</td>
 <td>Python</td>
 <td>Light</td>
 <td>isis</td>
 </tr>

<tr>
 <td><a href="#project-ooni-probe">Ooni Probe</a></td>
 <td>Scanner</td>
 <td>Python</td>
 <td>Moderate</td>
 <td>hellais, aagbsn</td>
 </tr>

<tr>
 <td><a href="#project-torps">TorPS</a></td>
 <td>Backend Service</td>
 <td>Python</td>
 <td>None</td>
 <td>Aaron Johnson</td>
 </tr>

<tr>
 <td><a href="#project-torflow">TorFlow</a></td>
 <td>Backend Service</td>
 <td>Python</td>
 <td>None</td>
 <td>aagbsn</td>
 </tr>

<tr>
 <td><a href="#project-tor2web">Tor2web</a></td>
 <td>Client Service</td>
 <td>Python</td>
 <td>Heavy</td>
 <td>evilaliv3, hellais</td>
 </tr>

<tr>
 <td><a href="#project-anonbib">Anonbib</a></td>
 <td>Website</td>
 <td>Python</td>
 <td>Light</td>
 <td>arma, nickm</td>
 </tr>

<tr>
 <td><a href="#project-collector">CollecTor</a></td>
 <td>Backend Service</td>
 <td>Java</td>
 <td>Heavy</td>
 <td>karsten, iwakeh</td>
 </tr>

<tr>
 <td><a href="#project-metrics-lib">metrics-lib</a></td>
 <td>Library</td>
 <td>Java</td>
 <td>Heavy</td>
 <td>karsten, iwakeh</td>
 </tr>

<tr>
 <td><a href="#project-exonerator">ExoneraTor</a></td>
 <td>Client Service</td>
 <td>Java</td>
 <td>Light</td>
 <td>karsten, iwakeh</td>
 </tr>
 </table>

* Project is still in an alpha state.

<a id="project-tor"></a>
 <h3>Tor (<a href="https://gitweb.torproject.org/tor.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/report/12">bug
 tracker</a>)</h3>

Central project, providing the core software for using and participating in
 the Tor network. Numerous people contribute to the project to varying
 extents, but the chief architects are Nick Mathewson and Roger Dingledine.

Project Ideas: 
 <a href="#improveHiddenServices">Help improve Tor hidden services</a>

<a id="project-torbrowser"></a>
 <h3><a href="<page projects/torbrowser>">Tor Browser</a> (<a
 href="https://gitweb.torproject.org/tor-browser.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Applications%2FTor+Browser&component=Applications%2FTorbutton&component=Applications%2FTor+Launcher&component=Applications%2FTor+bundles%2Finstallation&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&order=priority">bug
 tracker</a>, <a href="https://www.torproject.org/projects/torbrowser/design/">design doc</a>)</h3>

Tor Browser is an easy-to-use, portable package of Tor, HTTPS-Everywhere,
 NoScript, TorLauncher, Torbutton, and a Firefox fork, all preconfigured
 to work together out of
 the box. The modified copy of Firefox aims to resolve the
 privacy and security issues in mainline version.

Project Ideas: 
 <a href="#panopticlick">Panopticlick</a> 
 <a href="#feedbackExtension">Feedback Extension for Tor Browser</a>

<a id="project-httpseverywhere"></a>
 <h3><a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> (<a
 href="https://gitweb.torproject.org/https-everywhere.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/report/19">bug
 tracker</a>)</h3>

HTTPS Everywhere is a Firefox and Chrome extension that encrypts
 your communications with many major websites, making your browsing
 more secure.

<a id="project-nyx"></a>
 <h3><a href="https://www.atagar.com/arm/">Nyx</a> (<a
 href="https://gitweb.torproject.org/nyx.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Core+Tor%2FNyx&order=priority">bug
 tracker</a>)</h3>

Nyx (previously arm) is a terminal status monitor for Tor
 intended for command-line aficionados, ssh connections, and anyone with a
 tty terminal. This works much like top does for system usage, providing
 real time statistics for bandwidth, resource usage, connections, and quite
 a bit more.

Project Ideas: 
 <a href="#expand_nyx">Expand Nyx</a>

<a id="project-orbot"></a>
 <h3><a href="https://guardianproject.info/apps/orbot/">Orbot</a> (<a
 href="https://gitweb.torproject.org/orbot.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Applications%2FOrbot&order=priority">bug
 tracker</a>)</h3>

Provides Tor on the Android platform. The project is under active
 development, updates to latest Tor releases, and working to stay up to
 date with all changes in Android and mobile threats.

<a id="project-tails"></a>
 <h3><a href="https://tails.boum.org/">The Amnesic Incognito Live System</a> (<a
 href="https://git-tails.immerda.ch/tails/">code</a>, <a
 href="https://labs.riseup.net/code/projects/tails">bug
 tracker</a>, <a href="https://tails.boum.org/doc/">documentation</a>, <a
 href="https://tails.boum.org/contribute/design/">design</a>, <a
 href="https://tails.boum.org/contribute/">contribute</a>)</h3>

The Amnesic Incognito Live System is a live CD/USB distribution
 preconfigured so that everything is safely routed through Tor and leaves no
 trace on the local system. This is a merger of the Amnesia and <a
 href="https://web.archive.org/web/20080512054152/http://anonymityanywhere.com/incognito/">Incognito</a> projects,
 and still under very active development.

<a id="project-torramdisk"></a>
 <h3><a href="http://opensource.dyc.edu/tor-ramdisk">Tor-ramdisk</a> (<a
 href="https://gitweb.torproject.org/tor-ramdisk.git">code</a>, <a
 href="http://opensource.dyc.edu/tor-ramdisk-documentation">documentation</a>)</h3>

Tor-ramdisk is a uClibc-based micro Linux distribution whose sole
 purpose is to securely host a Tor server purely in RAM.

<a id="project-torsocks"></a>
 <h3>Torsocks (<a
 href="https://gitweb.torproject.org/torsocks.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Core+Tor%2FTorsocks&order=priority">bug
 tracker</a>)</h3>

Utility for adapting other applications to work with Tor. Development has
 slowed and compatibility issues remain with some platforms, but it's
 otherwise feature complete.

<a id="project-tormessenger"></a>
 <h3><a href="https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger">Tor Messenger</a> (<a
 href="https://gitweb.torproject.org/tor-messenger-build.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=merge_ready&status=needs_information&status=needs_review&status=needs_revision&status=new&status=reopened&component=Applications%2FTor+Messenger&order=priority">bug tracker</a>)</h3>

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor.

<a id="project-torbirdy"></a>
 <h3>TorBirdy (<a
 href="https://gitweb.torproject.org/torbirdy.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/wiki/torbirdy/dev">bug
 tracker</a>)</h3>

TorBirdy is Torbutton for Thunderbird and related Mozilla mail clients.

<a id="project-flash-proxy"></a>
 <h3><a href="https://crypto.stanford.edu/flashproxy/">Flash Proxy</a> (<a
 href="https://gitweb.torproject.org/flashproxy.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Archived%2FFlashproxy&order=priority">bug
 tracker</a>)</h3>

Pluggable transport using proxies running in web browsers to defeat
 address-based blocking.

<a id="project-chutney"></a>
 <h3>Chutney (<a href="https://gitweb.torproject.org/chutney.git">code</a>,
 <a href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_information&status=needs_review&status=needs_revision&status=new&status=reopened&component=Core+Tor%2FChutney&order=priority">bug
 tracker</a>)</h3>

Integration test suite that spawns a local tor network, checking the
 interactions of its components.

<a id="project-shadow"></a>
 <h3><a href="http://shadow.github.io/">Shadow</a> (<a
 href="https://github.com/shadow">code</a>, <a
 href="https://github.com/shadow/shadow/issues">bug
 tracker</a>)</h3>

Shadow is a discrete-event network simulator that runs the real
 Tor software as a plug-in. Shadow is open-source software that enables
 accurate, efficient, controlled, and repeatable Tor experimentation.
 For another simulator, see <a
 href="https://crysp.uwaterloo.ca/software/exptor/">ExperimenTor</a>.

<a id="project-stem"></a>
 <h3><a href="https://stem.torproject.org/">Stem</a> (<a
 href="https://gitweb.torproject.org/stem.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/wiki/doc/stem/bugs">bug
 tracker</a>)</h3>

Python controller library for scripts and controller applications using
 Tor.

Project Ideas: 
 <a href="#descriptor_parsing_in_go">Stem Descriptor Parsing in Go</a>

<a id="project-txtorcon"></a>
 <h3><a href="https://txtorcon.readthedocs.io/en/latest/">Txtorcon</a> (<a
 href="https://github.com/meejah/txtorcon">code</a>, <a
 href="https://github.com/meejah/txtorcon/issues">bug tracker</a>)</h3>

Twisted-based asynchronous Tor control protocol implementation. Includes
 unit-tests, examples, state-tracking code and configuration abstraction.
 Used by OONI and APAF.

Project Ideas: 
 <a href="#txtorcon_use_txaio">Convert txtorcon to use txaio</a> 
 <a href="#txtorcon_use_pytest">Convert txtorcon to py.test</a>

<a id="project-tlsdate"></a>
 <h3>Tlsdate (<a href="https://github.com/ioerror/tlsdate">code</a>)</h3>

tlsdate: secure parasitic rdate replacement

tlsdate sets the local clock by securely connecting with TLS to remote
 servers and extracting the remote time out of the secure handshake. Unlike
 ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS
 enabled service, and provides some protection against adversaries that try
 to feed you malicious time information.

<a id="project-metrics"></a>
 <h3><a href="https://metrics.torproject.org/">Metrics</a> (<a
 href="https://gitweb.torproject.org/metrics-web.git">web</a>)</h3>

Processing and analytics of consensus data, provided to users via the
 metrics portal. This has been under active development for several years by
 Karsten Loesing.

<a id="project-atlas"></a>
 <h3><a href="https://atlas.torproject.org/">Atlas</a> (<a
 href="https://gitweb.torproject.org/atlas.git">code</a>)</h3>

Atlas is a web application to discover Tor relays and bridges. It provides
 useful information on how relays are configured along with graphics about
 their past usage.

This is the spiritual successor to <a
 href="https://gitweb.torproject.org/torstatus.git">TorStatus</a>, the <a
 href="https://svn.torproject.org/svn/torstatus/trunk/">original
 codebase</a> for which was written in PHP, and rewritten by students from
 Wesleyan as Django. If you dig into this space then also check out <a
 href="http://globe.rndm.de/">Globe</a>, another similar site that's since
 been discontinued.

<a id="project-compass"></a>
 <h3><a href="https://compass.torproject.org/">Compass</a> (<a
 href="https://gitweb.torproject.org/compass.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Metrics%2FCompass&order=priority">bug
 tracker</a>)</h3>

Compass is a web and command line application that filters and
 aggregates the Tor relays based on various attributes.

<a id="project-onionoo"></a>
 <h3><a href="https://onionoo.torproject.org/">Onionoo</a> (<a
 href="https://gitweb.torproject.org/onionoo.git">code</a>,
 <a href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Metrics%2FOnionoo&order=priority">bug tracker</a>)</h3>

Onionoo is a JSON based protocol to learn information about currently
 running Tor relays and bridges.

<a id="project-exitmap"></a>
 <h3><a href="http://www.cs.kau.se/philwint/spoiled_onions/">ExitMap</a> (<a
 href="https://github.com/NullHypothesis/exitmap">code</a>, <a
 href="https://github.com/NullHypothesis/exitmap/issues">bug tracker</a>)</h3>

Scanner for the Tor network by Philipp Winter to detect malicious and
 misconfigured exits. For more information about how it works see his <a
 href="http://www.cs.kau.se/philwint/spoiled_onions/pets2014.pdf">Spoiled
 Onions</a> research paper.

<a id="project-doctor"></a>
 <h3>DocTor (<a
 href="https://gitweb.torproject.org/doctor.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Core+Tor%2FDocTor&order=priority">bug
 tracker</a>)</h3>

DocTor is a notification service that monitors newly published descriptor
 information for issues. This is primarily a service to help the tor
 directory authority operators, but it also checks for a handful of other
 issues like sybil attacks.

<a id="project-weather"></a>
 <h3><a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Weather">Weather</a> (<a
 href="https://gitweb.torproject.org/weather.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Metrics%2FTor+Weather&order=priority">bug
 tracker</a>)</h3>

Provides automatic notification to subscribed relay operators when their
 relay's unreachable. This underwent a rewrite by the <a
 href="http://hfoss.wesleyan.edu/">Wesleyan HFOSS team</a>, which went live
 in early 2011.

<a id="project-gettor"></a>
 <h3><a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/GetTor">GetTor</a> (<a
 href="https://gitweb.torproject.org/gettor.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Applications%2FGetTor&order=priority">bug
 tracker</a>)</h3>

E-mail autoresponder providing Tor's packages over SMTP. This has been
 relatively unchanged for quite a while.

<a id="project-torcheck"></a>
 <h3><a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorCheck">TorCheck</a> (<a
 href="https://gitweb.torproject.org/check.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Applications%2FTor+Check&order=priority">bug
 tracker</a>)</h3>

Site for determining if the visitor is using Tor or not.

<a id="project-bridgedb"></a>
 <h3><a href="https://pythonhosted.org/bridgedb/">BridgeDB</a> (<a
 href="https://gitweb.torproject.org/bridgedb.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Obfuscation%2FBridgeDB&order=priority">bug
 tracker</a>)</h3>

Backend bridge distributor, handling the various pools they're distributed
 in. This was actively developed until Fall of 2010.

<a id="project-ooni-probe"></a>
 <h3><a href="https://ooni.torproject.org/">Ooni Probe</a> (<a
 href="https://github.com/TheTorProject/ooni-probe/">code</a>, <a
 href="https://github.com/TheTorProject/ooni-probe/issues">bug
 tracker</a>)</h3>

Censorship scanner, checking your local connection for blocked or modified
 content.

<a id="project-torps"></a>
 <h3>TorPS</a> (<a href="https://github.com/torps/torps">code</a>)</h3>

The Tor Path Simulator (TorPS) is a tool for efficiently simulating
 path selection in Tor. It chooses circuits and assigns user streams to
 those circuits in the same way that Tor does. TorPS is fast enough to
 perform thousands of simulations over periods of months.

<a id="project-torflow"></a>
 <h3><a href="https://trac.torproject.org/projects/tor/wiki/org/roadmaps/TorFlow">TorFlow</a> (<a
 href="https://gitweb.torproject.org/torflow.git">code</a>, <a
 href="https://trac.torproject.org/projects/tor/query?status=accepted&status=assigned&status=needs_review&status=new&status=reopened&component=Metrics%2FTorflow&order=priority">bug
 tracker</a>)</h3>

Library and collection of services for actively monitoring the Tor network.
 These include the Bandwidth Scanners (measuring throughput of relays) and
 SoaT (scans for malicious or misconfigured exit nodes). SoaT was last
 actively developed in the Summer of 2010, and the Bandwidth Scanners a few
 months later. Both have been under active use since then, but development
 has stopped.

Tor2web allows Internet users to browse websites running in <a
 href="<page docs/hidden-services>">Tor hidden services</a>. It trades
 user anonymity for usability by allowing anonymous content to be
 distributed to non-anonymous users.

<a id="project-anonbib"></a>
 <h3><a
 href="http://freehaven.net/anonbib/">Anonymity Bibliography</a> (<a
 href="https://gitweb.torproject.org/anonbib.git">code</a>)</h3>

Anonbib is a list of important papers in the field of anonymity. It's
 also a set of scripts to generate the website from Latex (bibtex). If
 we're missing any important papers, please let us know!

<a id="project-collector"></a>
 <h3><a href="https://collector.torproject.org/">CollecTor</a>
 (<a href="https://gitweb.torproject.org/collector.git">code</a>,
 <a href="https://trac.torproject.org/projects/tor/query?status=!closed&component=Metrics%2FCollecTor&order=priority">bug tracker</a>)</h3>

CollecTor is the Tor network data archive that powers other
 services like <a href="#project-metrics">Metrics</a> and
 <a href="#project-onionoo">Onionoo</a>.

<a id="project-metrics-lib"></a>
 <h3>metrics-lib
 (<a href="https://gitweb.torproject.org/metrics-lib.git">code</a>,
 <a href="https://trac.torproject.org/projects/tor/query?status=!closed&component=Metrics%2Fmetrics-lib&order=priority">bug tracker</a>)</h3>

metrics-lib is a Java library that processes Tor network data
 provided by <a href="#project-collector">CollecTor</a> or from other
 sources.

<a id="project-exonerator"></a>
 <h3><a href="https://exonerator.torproject.org/">ExoneraTor</a>
 (<a href="https://gitweb.torproject.org/exonerator.git">code</a>,
 <a href="https://trac.torproject.org/projects/tor/query?status=!closed&component=Metrics%2FExoneraTor&order=priority">bug tracker</a>)</h3>

ExoneraTor is a service that answers the question whether there was
 a Tor relay running on a given IP address on a given date.

<a id="Coding"></a>
 <a id="Summer"></a>
 <h2><a class="anchor" href="#Coding">Project Ideas</a></h2>

You may find some of these projects to be good ideas for <a href="<page
 about/gsoc>">Google Summer of Code</a>. We have labelled each idea with
 which of our <a href="<page about/corepeople>">core developers</a> would be
 good mentors. If one or more of these ideas looks promising to you, please
 <a href="<page about/contact>">contact us</a> to discuss your plans rather
 than sending blind applications. You may also want to propose your own
 project idea &mdash; which often results in the best applications.

<ol>

<a id="improveHiddenServices"></a>
 <li>
 Help improve Tor hidden services
 
 Language: C
 
 Likely Mentors: George (asn), David Goulet (dgoulet)
 
 
We're working on a revamp of the entire Tor hidden service design to
improve the security and reliability of the hidden service system.

This is a big project: see
<a href="https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt">proposal
224</a> for the latest design. Are you interested in implementing some
part of that?

This is a very ambitious project, so we're deliberately not suggesting
particular sub-topics. If you're interested in participating, try to
read and understand the <a
href="https://gitweb.torproject.org/torspec.git/tree/rend-spec.txt">existing
design</a> and the design proposal for the new design, and then talk to
us about what part you want to work on.

As part of the application process for this project, please contribute a
nontrivial patch to Tor -- ideally, one that will affect some part of
the codebase that you want to work on.
 
 </li>

<a id="expand_nyx"></a>
 <li>
 Expand Nyx
 
 Language: Python
 
 Likely Mentors: Damian (atagar)
 
 
Nyx (previously known as <a href="https://www.atagar.com/arm/">arm</a>) is an
ncurses monitor that provides Tor relay operators...

<ul>
 <li><a href="https://www.atagar.com/arm/images/screenshot_page1_full.png">bandwidth graphs and event log</a></li>
 <li><a href="https://www.atagar.com/arm/images/screenshot_page2_full.png">connections</a></li>
 <li><a href="https://www.atagar.com/arm/images/screenshot_page3_full.png">user's torrc</a></li>
 <li><a href="https://www.atagar.com/arm/images/screenshot_configPanel_full.png">config editor</a></li>
 </ul>

Nyx is presently under development in preparation for its next release. If you
like python, terminals, and collaborating on an active codebase this just might
be the project for you!

Proposals should involve a grab-bag of moderately small improvements you'd like
to make. You're encouraged to brainstorm ideas of their own but here's a few to
get ya started...

<ul>
 <li>Bring back the <a href="https://www.atagar.com/arm/images/screenshot_interpretor_full.png">interpreter panel</a>. This panel was dropped when refactoring Nyx, but it would be a neat component to bring back. You can <a href="https://gitweb.torproject.org/nyx.git/tree/src/cli/interpretorPanel.py?h=release">find old code for it in the history</a> and Stem (the library backing Nyx) has a much improved <a href="https://stem.torproject.org/tutorials/down_the_rabbit_hole.html">variant of this we can leverage</a>. This task would involve writing the curses code around Stem's interpreter functions.</li>
 <li>Windows support. Like most curses applications Nyx doesn't run natively on Windows. We've had dozens of users request this and <a href="https://trac.torproject.org/projects/tor/wiki/doc/arm#Windows">it should be possible</a>. This would involve supporting PDCurses and expanding Stem to be able to query the cpu/memory usage of the tor process.</li>
 <li>Unit testing! Nyx has <a href="https://gitweb.torproject.org/nyx.git/tree/test">started adding tests</a> but it's still very minimal. Achieving any substantial code coverage will require us to figure out how to unit test curses components.</li>
 <li>Onionoo provides additional relay information that could enrich our connection panel such as geoip and rdns. Trick is that at present we can only query it on a per-relay basis which would leak our connections (no-go for security). However, if we could get information about all relays in bulk it would sidestep this. For some old thoughts on this see <a href="https://trac.torproject.org/projects/tor/wiki/doc/arm#CircuitDetails">here</a>.</li>
 <li>Relay setup wizard. Our last release had this (screenshots: <a href="https://www.atagar.com/transfer/tmp/arm_wizard1.png">1</a>, <a href="https://www.atagar.com/transfer/tmp/arm_wizard2.png">2</a>, <a href="https://www.atagar.com/transfer/tmp/arm_wizard3.png">3</a>). This has been removed because including it directly in Nyx confused users, but we might want to resurrect it as a separate setup-tor-relay command.</li>
 <li><a href="https://trac.torproject.org/projects/tor/ticket/18499">Improved dialog</a> for selecting events to log.</li>
 <li>... and more! Again, don't hesitate to propose ideas of your own.</li>
 </ul>

As part of your application for this project please get your hands wet with the codebase by contributing patches for <a href="https://gitweb.torproject.org/nyx.git">Nyx</a> and <a href="https://stem.torproject.org/faq.html#how-do-i-get-started">Stem</a>!
 
 </li>

<a id="descriptor_parsing_in_go"></a>
 <li>
 Stem Descriptor Parsing in Go
 
 Language: Go, Python
 
 Likely Mentors: Damian (atagar), Philipp (phw)
 
 
 Tor consists of two parts: the application and a distributed network of a
 few thousand volunteer relays. Information about these relays is public,
 and made up of documents called <a href="https://stem.torproject.org/tutorials/mirror_mirror_on_the_wall.html#what-is-a-descriptor">descriptors</a>. We have
 <a href="https://stem.torproject.org/tutorials/mirror_mirror_on_the_wall.html#are-there-any-other-parsing-libraries">three libraries capable of reading these documents</a>...

<ul>
 <li><a href="https://stem.torproject.org/">Stem</a> (Python)</li>
 <li><a href="https://gitweb.torproject.org/metrics-lib.git/">Metrics-lib</a> (Java)</li>
 <li><a href="https://gitweb.torproject.org/user/phw/zoossh.git/">Zoossh</a> (Go)</li>
 </ul>

Stem is the most feature rich but slowest, and conversely Zoossh is fastest
 but limited. But what if Stem used CFFI bindings to do the heavy lifting in
 Go? Could we unify these libraries, getting the feature set of Stem with
 the performance of Zoossh?

Applicants should be familiar with both Python and Go. As part of your
 application for this project please write a demo CFFI binding for Stem as a
 proof of concept. Bonus points if you <a
 href="https://stem.torproject.org/faq.html#how-do-i-get-started">get your
 hands wet by contributing patches</a>!
 
 </li>

<a id="txtorcon_use_txaio"></a>
 <li>
 Convert txtorcon to use txaio
 
 Language: Python, asyncio, Twisted
 
 Likely Mentors: meejah
 
 
 txtorcon is currently supports only Twisted users. Re-working txtorcon
 to use the txaio library would allow users to choose between Twisted and
 asyncio for the client code.

This would involve fairly extensive refactoring to txtorcon, as it
 currently makes heavy use of @inlineCallbacks which doesn't work with
 txaio. A prospective student should be very familiar with event-based
 programming in general, and be familiar with one of Twisted or asyncio.
 See also: https://github.com/meejah/txtorcon/issues/135
 
 </li>

<a id="txtorcon_use_pytest"></a>
 <li>
 Convert txtorcon to py.test
 
 Language: Python, Twisted
 
 Likely Mentors: meejah
 
 
 Currently txtorcon uses the built-in "unittest" module, as well as
 Twisted's Deferred-respecting extensions on top. However, meejah has
 found py.test's "fixture" approach to be much more powerful in other
 situations.

This project would be to port at least part of txtorcon's test-suite to
 use py.test style tests and fixtures and evaluate: are the tests easier
 to read? are there fewer lines of code? If so, the rest of the suite
 should be ported and txtorcon switched over to use py.test exclusively.

As some of txtorcon's tests aren't very well-written, this would take a
 prospective student who is very strong in unit-testing knowledge. As
 txtorcon is event-based, familiarity with that style of programming
 (preferrably with Twisted) is ideal.
 See also: https://github.com/meejah/txtorcon/issues/136
 
 </li>

<a id="coniks_in_messenger"></a>
 <li>
 Implement and Integrate CONIKS for Tor Messenger
 
 Language: C, JavaScript
 
 Likely Mentors: Marcela (masomel), Arlo (arlolra)
 
 
CONIKS is an end-user key management and verification system for end-to-end
secure communication services, which improves upon existing key management
systems by providing both strong security and better usability using a model
called key transparency. CONIKS does this by requiring providers to manage
tamper-evident, publicly-auditable key directories, which contain mappings from
usernames to public keys, on behalf of their users. This design makes it easier
for users (both "default" users and power users) to establish trust since they
don't have to worry about or even see keys, but users also don't have to
trust the provider to be well-behaved because the CONIKS client can run as
part of the secure messaging app and automatically check that the service
provider doesn’t map spurious keys to their users' usernames, and it can
verify that observed name-to-key mappings are consistent with what other
clients in the system are seeing. Unlike existing key transparency solutions,
CONIKS also provides strong privacy guarantees by employing cryptographic
primitives for robust data obfuscation.

The CONIKS system design, protocols, and proof-of-concept are described in
great detail in the <a
href="https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-melara.pdf">CONIKS
research paper</a>, and basic reference implementations of a CONIKS key server
and a CONIKS client are avialable on <a
href="https://github.com/coniks-sys/coniks-ref-implementation">Github</a>.

This project has two main components: (1) designing and implementing a CONIKS
key server tailored to Tor Messenger users, and (2) building a CONIKS client
which integrates with the Tor Messenger client. One challenge the applicant
will face is ensuring that the key server design is efficient and scalable for
large volumes of users, concurrent traffic and guarantees this scalability even
as Tor Messenger's user base grows. On the client side, the main challenges
will be to focus on space efficiency as well as minimizing computational
overhead when implementing the CONIKS consistency checks, and determining how
to best communicate CONIKS consistency check results to users in the UI. Since
Tor Messenger does not hand out online identities per se, as most online
communication services do (like, say, Twitter, in which each user has a unique
handle), the CONIKS key server for Tor Messenger will have to map usernames
from third-party communication services to the encryption keys used in Tor
Messenger. One additional important challenge that the applicant will have to
help address is ensuring that each such third-party username remains unique in
the Tor Messenger space and that such external, third-party identities are
indeed controlled by the expected user of that third-party communication
service.

Some design and implementation questions have been discussed in <a
href="https://trac.torproject.org/projects/tor/ticket/17961">Ticket #17961</a>.

The applicant should have some familiarity with well-known crypto primitives
and algorithms, as well as have a basic understanding of the key transparency
model. Client side integration will require some basic use of JavaScript.
Consider submitting a patch for <a
href="https://github.com/arlolra/ctypes-otr/issues">one of the open key
verification issues</a> as part of the application process.
 
 </li>

<a id="panopticlick"></a>
 <li>
 Panopticlick
 
 Likely Mentors: Georg (GeKo), G&uuml;nes Acar, Nicolas (boklm)

The <a href="https://panopticlick.eff.org">Panopticlick project by the EFF</a>
revolutionized how people think about <a
href="https://panopticlick.eff.org/static/browser-uniqueness.pdf">browser
fingerprinting</a>, both by developing tests and metrics to measure browser
fingerprintability, and by crowdsourcing the evaluation and contribution of
individual browser features to overall fingerprintability.

Unfortunately, the way Panopticlick is designed <a
href="https://blog.torproject.org/blog/effs-panopticlick-and-torbutton">makes
it difficult</a> to evaluate defenses to browser fingerprinting, especially
for browsers with a relatively small userbase such as Tor Browser. This is
because any approach we take to reduce fingerprinting automatically makes our
users more distinct from the previous users who submitted their fingerprint
data to the EFF. Indeed, it is also impossible to ever expect that users of
one browser will ever be able to blend in with users of another browser
(Chrome users will always be distinguishable from Firefox users for example,
based on feature set alone).

To address this, we would like to have <a
href="https://trac.torproject.org/projects/tor/ticket/6119">our own
fingerprint test suite</a> to evaluate the fingerprintability of each browser
feature for users running a specific Tor Browser version. There are also <a
href="https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting">additional
fingerprinting tests</a> we can add beyond those deployed by Panopticlick.

For this project, the student would develop a website that users can
voluntarily visit to test and record their Tor Browser fingerprint.  The user
should get feedback on how she performed and the test results should be
available in a machine readable format (e.g. JSON), broken down by Tor Browser
version.  In a second step one could think about adding more sophisticated
tests or supporting other browser vendors that might want to test the
uniformity amongst their userbase as well. Of course, results from each
browser would also need to be broken down by both browser implementation and
version, so that results would only reflect the population of that specific
implementation.

</li>

<a id="stegotorus"></a>
 <li>
 Make Stegotorus deployment ready
 
 Language: C++
 
 Likely Mentors: vmon
 
 
 <a
 href="https://github.com/TheTorProject/stegotorus/tree/master/src">Stegotorus</a>
 is a PT framework which streamline the development stealthier pluggable
 transport. An HTTP pluggable transport is already implemented in Stegotorus
 framework and can be used when encrypted payloads are throttled and only
 ephemeral connections are tolerated.

The majority of work on Stegotorus is done and it can be deployed with a relatively minor improvements including:

<ul>
 <li>#8098 A config file file for Stegotorus
 
 Stegotorus needs many configuration settings specially on the bridge
 side. This include also the configuration required by each steg module.
 Currently the configuration is fed to Stegotorus as command line
 arguments but a file like torrc is needed so all tweaking can be read
 from there.

Current Status and work needed to be done: The code for reading the
 config file is written by SRI but it is not yet used in the Stegotorus
 to read the config.
 
 </li>

<li>#8101 Debugging the transparent proxy
 
 Stegotorus http module uses other websites payload to hide and serve
 censored traffic. As such it needs to decide if the request is
 genuinely to the auxiliary website, in that case becomes a transparent
 proxy and serves the website content as requested, or if the request is
 actually a request to serve censored material which should be delivered
 to steg modules.

Current Status: This is completely implemented. However, the transparent proxy sometimes crashes and need to be triaged, debugged and fixed.
 
 </li>

<li>#11337 refactoring the steg module code
 
 The http steg module code, although not essentials to the core of the
 Stegotorus. needs some improvement and clean up. The solution is to
 refactor the steg modules as children of FileStegMod.

Current status and work needed to be done: This has already been done
 but still needs testing and refactoring before it can be reliably merge
 to the master branch.
 
 </li>

<li>#8089 Adding Elligator to Stegotorus handshake and test
 
 The current Stegotorus handshake is distinguishable from random byte
 string, which can be used to flag and detect Stegotorus traffic
 deterministically and need to be implemented similar to
 ScrambleSuite. Also because the capacity of client to server channel
 might be slim depending on the choice of steg module it is desirable
 to be implemented using Elliptic curve crypto. Hence, Elligator
 protocol is ideal solution for this situation. All we need is to replace Stegotorus handshake by Elligator.

Current Status and work needed to be done: Elligator handshake code is
 included in stegotorus code base, it is only needed to be called by
 instead of the current handshake and be tested.
 
 </li>

<li>Make Stegotorus memory safe by using shared pointers
 
 Stegotorus has large code base and it is not written in a memory safe
 languages. To facilitate its audit, we need to replace (almost all) use
 of pointers to shared pointers.

Current Status: No progress has not been done.
 
 </li>

<li>Security Audit and writing more unit test
 
 To be able to deploy Stegotorus for real world use we need to audit the
 code and write more unit test covering new aspects of the Stegotorus
 (new http transport, proxy server, Elligator handshake)

Current Status: No progress has been done.
 
 </li>

<li>SRI branch merging
 
 Stegotorus has been forked from the initial development from SRI. Now
 that SRI is hosting Stegotorus publicly it is desirable to merge the
 two branches so we can benefit from both developments.

Current Status: No progress has been done.
 
 </li>

<li>#8099 deterministic build
 
 To make deterministic build possible we need to build many of
 Stegotorus dependency from scratch. Boost library is a a huge
 dependency for Stegotorus to access the file system. As we are only
 planning to deploy Stegotorus bridges on Linux machines we can simplify
 such access without that dependency. By dropping such dependency, it
 should be straight forward to have deterministic build for Stegotorus.

Current Status: No progress has been done.
 
 </li>
 </ul>
 </li>

<a id="letsEncryptClient"></a>
 <li>
 Expand the OS and Server Support of the Let's Encrypt Client
 
 Language: Python, Bash
 
 Likely Mentors: Brad Warren (bmw)
 
 
 <a href="https://letsencrypt.org/">Let's Encrypt</a> is a free and open
 certificate authority that allows its users to setup HTTPS on their web
 server in a matter of seconds. The project uses a new protocol called ACME
 to automatically perform domain validation and certificate issuance.

The Let's Encrypt client currently works on most Unix-like OSes and is
 able to automatically set up HTTPS on many Apache configurations. The
 purpose of this project is to expand Let's Encrypt support to new
 systems.

Potential targets include:

<ul>
 <li>Better OS X support including a port or Homebrew package</li>
 <li>A Let's Encrypt client for Windows / IIS</li>
 <li>Handling of more obscure Apache configurations</li>
 <li>Automated HTTPS configuration for other web servers such as Nginx or lighttpd</li>
 <li>Improved support people using shared hosting who are unable to use the full Let's Encrypt client on their server</li>
 </ul>
 </li>

<a id="ahmiaSearch"></a>
 <li>
 Ahmia - Hidden Service Search
 
 Language: Python, Django
 
 Likely Mentors: Juha Nurmi (numes), George (asn)
 
 
 Ahmia is open-source search engine software for Tor hidden service deep
 dark web sites. You can test the running search engine at ahmia.fi. For
 more information see our <a
 href="https://blog.torproject.org/category/tags/ahmiafi">blog post about
 Ahmia's GSoC2014 development</a>.

Ahmia is a working search engine that indexes, searches, and catalogs
 content published on Tor Hidden Services. Furthermore, it is an environment
 to share meaningful insights, statistics, insights, and news about the Tor
 network itself. In this context, there is a lot of work to do.

The Ahmia web service is written using the Django web framework. As a
 result, the server-side language is Python. On the client-side, most of the
 pages are plain HTML. There are some pages that require JavaScript, but the
 search itself works without client-side JavaScript.

There are several possible directions for this project, including...

<ol>
 <li>Improving the search results (very important) 
 <ul>
 <li>Tweaking search algorithms</li>
 <li>Adjust Elasticsearch</li>
 <li>Enrich the data that is used to rank the search results</li>
 </ul>
 </li>
 <li>Improving UX and UI (very important) 
 <ul>
 <li>Showing relevant knowledge</li>
 <li>Design the navigation and information architecture</li>
 <li>HTML5, CSS and Django development</li>
 </ul>
 </li>
 <li>Review code and infrastructure 
 <ul>
 <li>Review code and fix bugs</li>
 <li>Writing Django test cases</li>
 <li>Linux configurations, automatizations</li>
 </ul>
 </li>
 <li>Gather statistics over time and publish them 
 <ul>
 <li>Gather different kind of stats about Hidden Services</li>
 <li>Publish these stats using HTTP REST API</li>
 <li>Using this API show meaningful tables, charts and visualizations</li>
 </ul>
 </li>
 </ol>
 </li>

<a id="ipHijacking"></a>
 <li>
 IP hijacking detection for the Tor Network
 
 Likely Mentors: Aaron Gibson (aagbsn)
 
 
 <a href="https://en.wikipedia.org/wiki/IP_hijacking">IP hijacking</a>
 occurs when a bad actor creates false routing information to redirect
 Internet traffic to or through themselves. This activity is straightforward
 to detect, because the Internet routing tables are public information, but
 currently there are no public services that monitor the Tor network. The
 Tor Network is a dynamic set of relays, so monitoring must be Tor-aware in
 order to keep the set of monitored relays accurate. Additionally, consensus
 archives and historical Internet routing table snapshots are publicly
 available, and this analysis can be performed retroactively.

The implications of IP hijacking are that Tor traffic can be redirected
 through a network that an attacker controls, even if the attacker does not
 normally have this capability - i.e. they are not in the network path. For
 example, an adversary could hijack the prefix of a Tor Guard relay, in
 order to learn who its clients are, or hijack a Tor Exit relay to tamper
 with requests or name resolution.

This project comprises building a service that compares network prefixes of
 relays in the consensus with present and historic routing table snapshots
 from looking glass services such as <a
 href="http://routeviews.org">Routeviews</a>, or aggregators such as <a
 href="https://bgpstream.caida.org">Caida BGPStream</a> and then issues
 email alerts to the contact-info in the relay descriptor and a mailing
 list. Network operators are responsive to route injections, and these
 alerts can be used to notify network operators to take immediate action, as
 well as collect information about the occurrence of these type of attacks.
 
 </li>

<a id="tailsServer"></a>
 <li>
 Tails server: Self-hosted services behind Tails-powered Tor hidden services
 
 Likely Mentors: anonym, George (asn)
 Let's talk about group collaboration, communication and data sharing
 infrastructure, such as chat servers, wikis, or file repositories.
 Hosting such data and infrastructure in the cloud generally
 implies to trust the service providers not to disclose content, usage or
 users location information to third-parties. Hence, there are many threat
 models in which cloud hosting is not suitable.
 Tor partly answers the users location part; this is great, but
 content is left unprotected.
 There are two main ways to protect such content: either to encrypt it
 client-side (security by design), or to avoid putting it into
 untrusted hands in the first place.
 Cloud solutions that offer security by design are rare and generally
 not mature yet. The Tails server project is about exploring the
 other side of the alternative: avoiding to put private data into
 untrusted hands in the first place.
 This is made possible thanks to Tor hidden services, that allow users
 to offer location-hidden services, and make self-hosting possible in
 many threat models. Self-hosting has its own lot of problems, however,
 particularly in contexts where the physical security of the hosting
 place is not assured. Combining Tor hidden services with Tails'
 amnesia property and limited support for persistent encrypted data
 allows to protect content, to a great degree, even in such contexts.
 In short, setting up a new Tails server would be done by:

<ol style="list-style-type: decimal">
 <li>Alice plugs a USB stick into a running desktop Tails system.</li>
 <li>Alice uses a GUI to easily configure the needed services.</li>
 <li>Alice unplugs the USB stick, that now contains encrypted services
 configuration and data storage space.</li>
 <li>Alice plugs that USB stick (and possibly a Tails Live CD) into the
 old laptop that was dedicated to run Tails server.</li>
 <li>Once booted, Alice enters the encryption passphrase either
 directly using the keyboard or through a web interface listening on the
 local network.</li>
 <li>Then, Bob can use the configured services once he gets a hold on
 the hidden service address. (The petname system for Tor hidden
 services project would be very complementary to this one, by the
 way.)</li>
 </ol>

Tails server should content itself with hardware that is a bit old
 (such as a PIII-450 laptop with 256MB of RAM) and/or half broken (e.g.
 non-functional hard-disk, screen or keyboard).
 The challenges behind this project are:

<ul>
 <li>Design and write the services configuration GUI [keywords: edit
 configuration files, upgrade between major Debian versions,
 debconf].</li>
 <li>How to create the hidden service key? [keywords: Vidalia, control
 protocol].</li>
 <li>Adapt the Tails boot process to allow switching to &quot;server
 mode&quot; when appropriate.</li>
 <li>Add support, to the Tails persistence setup process, for asking an
 encryption passphrase without X, and possibly with a broken keyboard
 and/or screen [keywords: local network, SSL/TLS?, certificate?].</li>
 </ul>

This project can easily grow quite large, so the first task would
 probably be to clarify what it would need to get an initial (minimal
 but working) implementation ready to be shipped to users.
 This project does not require to be an expert in one specific field,
 but it requires to be experienced and at ease with a large scope of
 software development tools, processes, and operating system knowledge.
 Undertaking this project requires in-depth knowledge of Debian-like
 systems (self-test: do the "dpkg conffile" and "debconf preseeding"
 words sound new to your ear?); the Debian Live persistence system
 being written in shell, being at ease with robust shell scripting is
 a must; to end with, at least two pieces of software need to be
 written from scratch (a GUI and a webapp): the preferred languages for
 these tasks would be Python and Perl. Using Behaviour Driven
 Development methods to convey expectations and acceptance criteria
 would be most welcome.
 For more information see https://tails.boum.org/todo/server_edition/
 </li>

<a id="feedbackExtension"></a>
 <li>
 Feedback Extension for Tor Browser
 
 Likely Mentors: Nima (mrphs), Will (willscott), Sukhbir (sukhe)

Design and implement an extension for Tor Browser that can be used to gather
 end-user UI/UX feedback on an opt-in basis. While the design and
 implementation is left as an exercise for the applicant (and also serves as
 the qualification task), examples of the information we are looking to gather
 can include troubleshooting network connectivity issues, testing the various
 pluggable transports, or gathering information about the network of the users.

Please propose the extension design in a way that the information is strictly
    on an opt-in basis and scrubs any information that can be used to identify a
    user, and also come up with a way to send the gathered information to a
    central server, whether to an onion address (if the user has Tor running), or
    otherwise. To start with, we are looking to gather only text as part of the
    feedback process.

</li>
<!--
 <a id=""></a>
 <li>
 
 
 Language: Python
 
 Likely Mentors: Damian (atagar)

</li>
-->

<li>
 Bring up new ideas!
 
 Don't like any of these? Look at the <a
 href="/press/presskit/2008-12-19-roadmap-full.pdf">Tor development
 roadmap</a> for more ideas, or just try out Tor and Tor Browser,
 and find out what you think needs fixing.
 Some of the <a href="<spectree>proposals">current proposals</a>
 might also be short on developers.
 </li>

</ol>
 </div>
 
 <div id = "sidecol">
#include "side.wmi"
#include "info.wmi"
 </div>
 
</div>

#include <foot.wmi>

tor-webwml.git

Remove 'Exitmap Improvements' project idea