Add Torflow+Torbutton projects to volunteer page.
Mike Perry commited on 2008-03-11 08:10:26
Zeige 1 geänderte Dateien mit 122 Einfügungen und 11 Löschungen.
- en/volunteer.wml 5ba18bc53..2b0ddb0ec
| ... | ... |
@@ -436,18 +436,129 @@ also requires a lot of coding. |
| 436 | 436 |
</li> |
| 437 | 437 |
|
| 438 | 438 |
<li> |
| 439 |
-<b>TorFlow improvements</b> |
|
| 440 |
-<br /> |
|
| 441 |
-Help Mike Perry on his <a |
|
| 442 |
-href="https://www.torproject.org/svn/torflow/">TorFlow</a> |
|
| 443 |
-library (<a href="https://www.torproject.org/svn/torflow/TODO">TODO</a>): |
|
| 444 |
-it's a python library that uses the <a |
|
| 445 |
-href="https://www.torproject.org/svn/torctl/doc/howto.txt">Tor controller |
|
| 446 |
-protocol</a> to instruct Tor to build circuits in a variety of ways, |
|
| 447 |
-and then it measures performance and tries to detect anomalies. |
|
| 448 |
-Help detect bad relays and automatically get that |
|
| 449 |
-info to the directory authorities for realtime blacklisting. |
|
| 439 |
+<b>Tor Exit Scanner Improvements</b> |
|
| 440 |
+<br /> |
|
| 441 |
+Priority: <i>High</i> |
|
| 442 |
+<br /> |
|
| 443 |
+Effort Level: <i>High</i> |
|
| 444 |
+<br /> |
|
| 445 |
+Likely Mentors: <i>Mike Perry</i> |
|
| 446 |
+ |
|
| 447 |
+<br /> |
|
| 448 |
+The Tor exit node scanner 'SoaT', part of the <a |
|
| 449 |
+href="https://www.torproject.org/svn/torflow/">Torflow project</a>, is |
|
| 450 |
+currently written in rather rickety perl and relies on MD5sums of |
|
| 451 |
+entire documents in order to determine if exit nodes are modifying |
|
| 452 |
+content. The problem with this is threefold: 1) Perl sucks at life. |
|
| 453 |
+2) The scanner can't verify pages that are dynamic, and attackers can |
|
| 454 |
+focus malicious content injection on only those dynamic pages. 3) |
|
| 455 |
+Pages change after a while (or based on GeoIP) and begin generating |
|
| 456 |
+false positives. |
|
| 457 |
+<br /> |
|
| 458 |
+Ideally, soat.pl would be reimplemented in a sane language with a |
|
| 459 |
+robust html parser library (since the rest of Torflow is in Python, |
|
| 460 |
+that would be nice, but not required), and calculate signatures only for |
|
| 461 |
+tags and content likely to be targeted by a malicious attacker (script |
|
| 462 |
+tags, object links, images). It should also be robust in the face of |
|
| 463 |
+changes to content outside of Tor, and ultimately even GeoIP localized |
|
| 464 |
+content. |
|
| 465 |
+<br /> |
|
| 466 |
+This scanner would likely be run by the directory authorities and |
|
| 467 |
+report its results to the control port via the AuthDirBadExit config |
|
| 468 |
+setting. |
|
| 469 |
+<br /> |
|
| 470 |
+</li> |
|
| 471 |
+<li> |
|
| 472 |
+<b>Tor Node Scanner Improvements</b> |
|
| 473 |
+<br /> |
|
| 474 |
+Priority: <i>High</i> |
|
| 475 |
+<br /> |
|
| 476 |
+Effort Level: <i>Medium-High</i> |
|
| 477 |
+<br /> |
|
| 478 |
+Likely Mentors: <i>Mike Perry</i> |
|
| 479 |
+<br /> |
|
| 480 |
+Similar to the exit scanner (or perhaps even during exit scanning), |
|
| 481 |
+statistics can be gathered about the reliability of nodes. Nodes that |
|
| 482 |
+fail a certain percentage of their circuits should not be used for |
|
| 483 |
+Guard status, and perhaps should have their reported bandwidth |
|
| 484 |
+penalized by some ratio as well, or just get marked as Invalid. In |
|
| 485 |
+addition, nodes that exhibit a very low average stream capacity but |
|
| 486 |
+advertise a very high node bandwidth can also be marked as Invalid. |
|
| 487 |
+Much of this statistics gathering is already done, it just needs to be |
|
| 488 |
+transformed into something that can be reported to the Directory |
|
| 489 |
+Authorities to blacklist/penalize nodes in such a way that clients |
|
| 490 |
+will listen. |
|
| 491 |
+<br /> |
|
| 492 |
+In addition, these same statistics can be gathered about the traffic |
|
| 493 |
+through a node. Events can be added to the <a |
|
| 494 |
+href="https://www.torproject.org/svn/torctl/doc/howto.txt">Tor Control |
|
| 495 |
+Protocol</a> to |
|
| 496 |
+report if a circuit extend through the node succeeds or fails, and |
|
| 497 |
+passive statistics can be gathered on both bandwidth and reliability |
|
| 498 |
+of other nodes via a node-based monitor using these events. Such a |
|
| 499 |
+scanner which would also report information on oddly-behaving nodes to |
|
| 500 |
+the Directory Authorities, but a communication channel for this |
|
| 501 |
+currently does not exist and would need to be developed as well. |
|
| 502 |
+</li> |
|
| 503 |
+<li> |
|
| 504 |
+<b>Tor path selection improvements</b> |
|
| 505 |
+<br /> |
|
| 506 |
+Priority: <i>High</i> |
|
| 507 |
+<br /> |
|
| 508 |
+Effort Level: <i>Low-Medium</i> |
|
| 509 |
+<br /> |
|
| 510 |
+Likely Mentors: <i>Mike Perry</i> |
|
| 511 |
+<br /> |
|
| 512 |
+Some simple improvements can be made to Tor's path selection to vastly |
|
| 513 |
+improve Tor speed. For instance, some of the (unofficial) <a |
|
| 514 |
+href="http://wiki.noreply.org/noreply/TheOnionRouter/FireFoxTorPerf">Tor |
|
| 515 |
+Performance Recommendations</a> on the wiki are to increase the number of |
|
| 516 |
+guards and decrease the CircuitBuildTimeout. Ideally, the client would |
|
| 517 |
+learn these values by gathering statistics on circuit construction |
|
| 518 |
+time (and/or using values gained from Torflow), and set the timeouts |
|
| 519 |
+low enough such that some high percentile (75%, 90%, 1-stddev?) of |
|
| 520 |
+circuits succeed, yet extremely slow nodes are avoided. This would |
|
| 521 |
+involve some statistics gathering+basic research, and some changes to |
|
| 522 |
+Tor path selection code. |
|
| 523 |
+<br /> |
|
| 524 |
+ |
|
| 525 |
+In addition, to improve path security, some elements from the <a |
|
| 526 |
+href="http://www.torproject.org/svn/trunk/doc/spec/proposals/115-two-hop-paths.txt">Two |
|
| 527 |
+Hop Paths proposal</a> could be done as part of this (since it will |
|
| 528 |
+likely touch the same code anyways), regardless of the adoption of |
|
| 529 |
+thatproposal. In particular, clients probably should avoid guards thatseem to |
|
| 530 |
+fail an excessive percentage of their circuits through them, and non-bridged |
|
| 531 |
+clients should issue a warn if they are only able toconnect to a limited set |
|
| 532 |
+of guard nodes. |
|
| 533 |
+ |
|
| 534 |
+</li> |
|
| 535 |
+<li> |
|
| 536 |
+<b>Torbutton improvements</b> |
|
| 537 |
+<br /> |
|
| 538 |
+Priority: <i>Low</i> |
|
| 539 |
+<br /> |
|
| 540 |
+Effort Level: <i>Medium-High</i> |
|
| 541 |
+<br /> |
|
| 542 |
+Likely Mentors: <i>Mike Perry</i> |
|
| 543 |
+<br/> |
|
| 544 |
+ |
|
| 545 |
+Torbutton has a number of improvements that can be made in the post-1.2 |
|
| 546 |
+timeframe. Most of these are documented as feature requests in the <a |
|
| 547 |
+href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">Torbutton |
|
| 548 |
+flyspray section</a>. Good examples include: stripping off node.exit on http |
|
| 549 |
+headers, more fine-grained control over formfill blocking, improved referrer |
|
| 550 |
+spoofing based on the domain of the site (a-la refspoof extension), tighter |
|
| 551 |
+integration with Vidalia for reporting Tor status, a New Identity button with |
|
| 552 |
+Tor integration and multiple identity management, and anything else you might |
|
| 553 |
+think of. |
|
| 450 | 554 |
|
| 555 |
+<br /> |
|
| 556 |
+ |
|
| 557 |
+This work would be independent coding in Javascript and the fun world of <a |
|
| 558 |
+href="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">XUL</a>, |
|
| 559 |
+with not too much involvement in the Tor internals. |
|
| 560 |
+ |
|
| 561 |
+</li> |
|
| 451 | 562 |
<li> |
| 452 | 563 |
<b>Help track the overall Tor Network status</b> |
| 453 | 564 |
Torstatus. Set up an automated system for tracking network health |
| 454 | 565 |