tor-webwml.git

@@ -48,17 +48,31 @@ width="110" height="79" alt="Tor logo" /></a>

 <h2>Tor: Contribute</h2>

 <hr />

-<p>Users:</p>

+<p>Ongoing needs:</p>

 <ul>

 <li>Try Tor out, and let the Tor developers know about bugs you find or

 features you don't find.</li>

 <li>Please consider <a

 href="cvs/tor/doc/tor-doc.html#server">running a

-server</a> to help with development and scalability.</li>

+server</a> to help the Tor network grow.</li>

+<li>We especially need people with Windows programming skills

+to run an exit server on Windows, to help us debug.</li>

 <li>Run a <a href="cvs/tor/doc/tor-doc.html#hidden-service">Tor hidden

 service</a> and put interesting content on it.</li>

 <li>Tell your friends! Get them to run servers. Get them to run hidden

 services. Get them to tell <i>their</i> friends.</li>

+<li>What else needs to be documented? What is mis-documented?</li>

+<li>Go take a look at the <a href="http://www.eff.org/">Electronic

+Frontier Foundation</a>. More EFF donations means more freedom in the world,

+including more Tor development.</li>

+</ul>

+

+<p>We also have many project-lets: short-term or self-contained tasks

+that would be really helpful for somebody to tackle so we can keep

+focusing on Tor.</p>

+

+<p>Writing project-lets:</p>

+<ul>

 <li>Does somebody want to help maintain this website, or help with

 documentation, or help with managing our TODO and handling bug reports?</li>

 <li>Please help translate the web page and documentation

@@ -70,60 +84,18 @@ and <a href="http://tor.freesuperhost.com/">Persian</a>)</li>

 href="http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ">the FAQ Wiki</a>,

 and if you know the answer to a question in the "unanswered FAQs" list,

 please answer it.</li>

-<li>What else needs to be documented? What is mis-documented?</li>

-</ul>

-

-<!--

-<p>Graphics folks:</p>

-<ul>

-<li>We need a Tor logo.</li>

-<li>We need a snazzy diagram or two, akin to the one BitTorrent has in

-its <a href="http://bittorrent.com/introduction.html">introduction</a>,

-to show people how Tor works.</li>

-</ul>

--->

-

-<p>People with sysadmin skills:</p>

-<ul>

-<li>Can somebody take a look at Martin's <a

-href="http://wiki.noreply.org/wiki/TheOnionRouter/SquidProxy">Squid

-and Tor</a> page, and update it to reflect Tor's new <a href="">RedirectExit</a>

-config option?</li>

-<li>Right now the hidden service descriptors are being stored on the

-dirservers, but any reliable distributed storage system would do (for

-example, a DHT that allows authenticated updates). Can somebody figure

-out our best options and decide if they're good enough?</li>

-<li>How hard is it to patch bind or a DNS proxy to redirect requests

-to Tor via our tor-resolve socks extension? What about to convert UDP

-DNS requests to TCP requests and send them through Tor?</li>

-</ul>

-

-<p>Designers:</p>

-<ul>

-<li>Tor provides anonymous connections, but if you want to keep multiple

-pseudonyms in practice (say, in case you frequently go to two websites

-and if anybody knew about both of them they would conclude it's you),

-we don't support that well yet. We should find a good approach and

-interface for handling pseudonymous profiles in Tor. See <a

-href="http://archives.seul.org/or/talk/Dec-2004/msg00086.html">this

-post</a> and <a

-href="http://archives.seul.org/or/talk/Jan-2005/msg00007.html">followup</a>

-for details.</li>

 </ul>

-<p>Developers:</p>

+<p>Programmer and developer project-lets:</p>

 <ul>

 <li>We need somebody to code up a GUI or other

 controller program, to do configuration, etc. See our <a

 href="cvs/tor/doc/control-spec.txt">control specification</a> for details,

 and the <a href="cvs/tor/contrib/TorControl.py">rudimentary demonstration

 Python control script</a>. No, we don't know what the interface should look

-like.  You can use any license you want, but we'd recommend modified BSD or

+like.  You can use any license you want, but we'd recommend 3-clause BSD or

 maybe GPL; and we can only help out if your license conforms to the

-<a href="http://www.debian.org/social_contract.html#guidelines">DFSG</a>.

-</li>

-<li>We especially need people with Windows programming skills

-     to run an exit server on Windows, to help us debug.</li>

+<a href="http://www.debian.org/social_contract.html#guidelines">DFSG</a>.</li>

 <li>We're always looking for better Windows installers.  Specifically,

    it would be great if somebody were to extend our NSIS-based windows

    installer to include FreeCap and Privoxy.</li>

@@ -132,15 +104,63 @@ so we can go in the system tray?</li>

 <li>A good (portable, fast, clean, BSD-free) asynchronous DNS library

 would be really handy, so we don't have to keep forking DNS worker

 threads to do gethostbyname.</li>

+<li>Can somebody take a look at Martin's <a

+href="http://wiki.noreply.org/wiki/TheOnionRouter/SquidProxy">Squid

+and Tor</a> page, and update it to reflect Tor's new <a href="">RedirectExit</a>

+config option?</li>

 <li>See the <a href="cvs/tor/doc/TODO">TODO</a> and

 <a href="cvs/tor/doc/HACKING">HACKING</a> files in the Tor distribution

 for more ideas.</li>

 </ul>

-<p>Donors:</p>

+<p>Security project-lets: We need people to attack the implementation

+and clean it up, and also to attack the design and experiment with

+defenses.</p>

 <ul>

-<li>Go take a look at the <a href="http://www.eff.org/">Electronic

-Frontier Foundation</a>. More EFF donations means more Tor development.</li>

+<li>We need somebody to <a

+href="http://en.wikipedia.org/wiki/Fuzz_testing">fuzz</a> Tor. Are there

+good libraries out there for what we want? What are the first steps? Win

+fame by getting credit when we put out a new release because of you!

+<li>Server CPU load is high because clients keep asking to make new

+circuits, which uses public key crypto. Possible defenses include:

+using helper nodes (fixed entry nodes); rate limiting the number of

+create cells handled per second; having clients retry failed extensions

+a few times; implementing ssl sessions; and using hardware crypto when

+available.</li>

+<li>Website volume fingerprinting attacks (<a

+href="http://freehaven.net/anonbib/#back01">Back et al</a>, <a

+href="http://freehaven.net/anonbib/#hintz02">Hintz</a>).

+Defenses include a large cell size, <a

+href="http://freehaven.net/anonbib/#timing-fc2004">defensive dropping</a>,

+etc. How well does each approach work?</li>

+<li>The end-to-end traffic confirmation attack. We need to study

+long-range dummies more, along with traffic shaping. How much traffic

+of what sort of distribution is needed before the adversary is confident

+he has won?</li>

+<li>It's not that hard to DoS Tor servers or dirservers. Are puzzles

+the right answer? What other practical approaches are there?</li>

+<li>What sensitive info squeaks by privoxy? Are other html scrubbers

+better?</li>

+</ul>

+

+<p>Designer project-lets:</p>

+<ul>

+<li>Right now the hidden service descriptors are being stored on the

+dirservers, but any reliable distributed storage system would do (for

+example, a DHT that allows authenticated updates). Can somebody figure

+out our best options and decide if they're good enough?</li>

+<li>How hard is it to patch bind or a DNS proxy to redirect requests

+to Tor via our tor-resolve socks extension? What about to convert UDP

+DNS requests to TCP requests and send them through Tor?</li>

+<li>Tor provides anonymous connections, but if you want to keep multiple

+pseudonyms in practice (say, in case you frequently go to two websites

+and if anybody knew about both of them they would conclude it's you),

+we don't support that well yet. We should find a good approach and

+interface for handling pseudonymous profiles in Tor. See <a

+href="http://archives.seul.org/or/talk/Dec-2004/msg00086.html">this

+post</a> and <a

+href="http://archives.seul.org/or/talk/Jan-2005/msg00007.html">followup</a>

+for details.</li>

 </ul>

 <a href="mailto:tor-volunteer@freehaven.net">Email

@@ -51,24 +51,10 @@ href="http://freehaven.net/anonbib/topic.html#Anonymous_20communication">these

 papers</a> (especially the ones in boxes) to get up to speed on anonymous

 communication systems.</p>

-<p>We need people to attack the system, quantify defenses, etc. For example:

+<p>We need people to attack the system, quantify defenses,

+etc. See the "security project-lets" section of the <a

+href="contribute.html">contribute</a> page.</p>

 </p>

-<ul>

-<li>Website volume fingerprinting attacks (<a

-href="http://freehaven.net/anonbib/#back01">Back et al</a>, <a

-href="http://freehaven.net/anonbib/#hintz02">Hintz</a>).

-Defenses include a large cell size, <a

-href="http://freehaven.net/anonbib/#timing-fc2004">defensive dropping</a>,

-etc. How well does each approach work?</li>

-<li>The end-to-end traffic confirmation attack. We need to study

-long-range dummies more, along with traffic shaping. How much traffic

-of what sort of distribution is needed before the adversary is confident

-he has won?</li>

-<li>It's not that hard to DoS Tor servers or dirservers. Are puzzles

-the right answer? What other practical approaches are there?</li>

-<li>What sensitive info squeaks by privoxy? Are other html scrubbers

-better?</li>

-</ul>

   </div><!-- #main -->

 </div>