Andrew Lewman commited on 2010-11-09 04:46:00
Zeige 1 geänderte Dateien mit 92 Einfügungen und 374 Löschungen.
... | ... |
@@ -51,10 +51,10 @@ |
51 | 51 |
<ol> |
52 | 52 |
<li>Create a <a href="https://trac.torproject.org/projects/tor/wiki/CommunityLogos">community logo</a> under a Creative Commons license that all can use and modify</li> |
53 | 53 |
<li>Create a presentation that can be used for various user group meetings around the world</li> |
54 |
- <li>Create a video about the positive uses of Tor, what Tor is, or how |
|
55 |
- to use it. Some have already |
|
56 |
- started on <a href="http://media.torproject.org/video/">Tor's Media |
|
57 |
- server</a>, <a |
|
54 |
+ <li>Create a video about the positive uses of Tor, what Tor is, |
|
55 |
+ or how to use it. Some have already started on <a |
|
56 |
+ href="http://media.torproject.org/video/">Tor's Media server</a>, |
|
57 |
+ <a |
|
58 | 58 |
href="http://www.howcast.com/videos/90601-How-To-Circumvent-an-Internet-Proxy">Howcast</a>, |
59 | 59 |
and <a href="http://www.youtube.com/thetorproject">Youtube</a>.</li> |
60 | 60 |
<li>Create a poster, or a set of posters, around a theme, |
... | ... |
@@ -82,7 +82,7 @@ |
82 | 82 |
<ol> |
83 | 83 |
|
84 | 84 |
<li> |
85 |
- <b>Tor Browser Bundle for Mac OS X</b> |
|
85 |
+ <b>Audit Tor Browser Bundles for data leaks</b> |
|
86 | 86 |
<br> |
87 | 87 |
Priority: <i>High</i> |
88 | 88 |
<br> |
... | ... |
@@ -91,36 +91,20 @@ |
91 | 91 |
Skill Level: <i>Medium</i> |
92 | 92 |
<br> |
93 | 93 |
Likely Mentors: <i>Steven, Erinn, Jacob, Andrew</i> |
94 |
- <br> |
|
95 |
- The Tor Browser Bundle incorporates Tor, Firefox, Polipo, and the Vidalia |
|
94 |
+ <p>The Tor Browser Bundle incorporates Tor, Firefox, Polipo, and the Vidalia |
|
96 | 95 |
user interface (and optionally the <a href="http://pidgin.im/">Pidgin</a> |
97 | 96 |
Instant Messaging client). Components are pre-configured to operate in a |
98 | 97 |
secure way, and it has very few dependencies on the installed operating |
99 | 98 |
system. It has therefore become one of the most easy to use, and popular, |
100 |
- ways to use Tor on Windows. |
|
101 |
- <br> |
|
102 |
- However, there is currently no released package for Mac OS X, so this project |
|
103 |
- would be to implement Tor Browser Bundle for OS X. This will involve |
|
104 |
- modifications to Vidalia (C++), possibly Firefox (C) then creating and testing |
|
105 |
- the launcher on a range of operating system versions and configurations to |
|
106 |
- verify portability. Some work on this was completed as part of the Google |
|
107 |
- Summer of Code 2009. Another part of this project is to identify all of the |
|
108 |
- traces left behind by using a Tor Browser Bundle on Mac OS X or Linux. |
|
109 |
- Developing ways to stop, counter, or remove these traces is a final step. |
|
110 |
- <br> |
|
111 |
- Students should be familiar with application development on one or |
|
112 |
- preferably both of Linux and Mac OS X, and be comfortable with C/C++ |
|
113 |
- and shell scripting. |
|
114 |
- <br> |
|
115 |
- Part of this project could be usability testing of Tor Browser Bundle, |
|
116 |
- ideally amongst our target demographic. That would help a lot in knowing |
|
117 |
- what needs to be done in terms of bug fixes or new features. We get this |
|
118 |
- informally at the moment, but a more structured process would be better. |
|
119 |
- <br> |
|
120 |
- A beta version of the Tor Browser Bundle has been released for GNU/Linux, but |
|
121 |
- work is still required for the Tor IM Browser bundle. Work is currently being |
|
122 |
- done on the Mac OS X version as well. If you would like to help extend or do |
|
123 |
- security auditing for either (or both) of these, please contact Erinn. |
|
99 |
+ ways to use Tor on Windows.</p> |
|
100 |
+ <p>This project is to identify all of the traces left behind by |
|
101 |
+ using a Tor Browser Bundle on Windows, Mac OS X, or Linux. Developing |
|
102 |
+ ways to stop, counter, or remove these traces is a final step.</p> |
|
103 |
+ <p>Students should be familiar with operating system analysis, |
|
104 |
+ application development on one or preferably Windows, Linux, |
|
105 |
+ and Mac OS X, and be comfortable with C/C++ and shell scripting.</p> |
|
106 |
+ <p>If you would like to help extend or do security auditing for |
|
107 |
+ TBB, please contact Erinn.</p> |
|
124 | 108 |
</li> |
125 | 109 |
|
126 | 110 |
<li> |
... | ... |
@@ -133,69 +117,22 @@ |
133 | 117 |
Skill Level: <i>Medium</i> |
134 | 118 |
<br> |
135 | 119 |
Likely Mentors: <i>Karsten, Roger</i> |
136 |
- <br> |
|
137 |
- It would be great to set up an automated system for tracking network |
|
120 |
+ <p>It would be great to set up an automated system for tracking network |
|
138 | 121 |
health over time, graphing it, etc. Part of this project would involve |
139 | 122 |
inventing better metrics for assessing network health and growth. Is the |
140 | 123 |
average uptime of the network increasing? How many relays are qualifying |
141 | 124 |
for Guard status this month compared to last month? What's the turnover |
142 | 125 |
in terms of new relays showing up and relays shutting off? Periodically |
143 | 126 |
people collect brief snapshots, but where it gets really interesting is |
144 |
- when we start tracking data points over time. |
|
145 |
- <br> |
|
146 |
- Data could be collected from the Tor Network Scanners in <a |
|
127 |
+ when we start tracking data points over time.</p> |
|
128 |
+ <p>Data could be collected from the Tor Network Scanners in <a |
|
147 | 129 |
href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>, from |
148 | 130 |
the server descriptors that each relay publishes, and from other |
149 | 131 |
sources. Results over time could be integrated into one of the <a |
150 | 132 |
href="https://torstatus.blutmagie.de/">Tor Status</a> web pages, or be |
151 | 133 |
kept separate. Speaking of the Tor Status pages, take a look at Roger's |
152 | 134 |
<a href="http://archives.seul.org/or/talk/Jan-2008/msg00300.html">Tor |
153 |
- Status wish list</a>. |
|
154 |
- </li> |
|
155 |
- |
|
156 |
- <li> |
|
157 |
- <b>Rewrite TorDNSEL, this time with a spec!</b> |
|
158 |
- <br> |
|
159 |
- Priority: <i>High</i> |
|
160 |
- <br> |
|
161 |
- Effort Level: <i>Medium</i> |
|
162 |
- <br> |
|
163 |
- Skill Level: <i>Medium</i> |
|
164 |
- <br> |
|
165 |
- Likely Mentors: <i>Mike, Roger, Sebastian, Damian</i> |
|
166 |
- <br> |
|
167 |
- The <a href="<page projects/tordnsel>">Tor DNS Exit List</a> is an |
|
168 |
- unmaintained Haskell |
|
169 |
- program that serves three purposes. First, it provides an rbl-style DNS |
|
170 |
- interface for people to look up whether a given IP address is (or has |
|
171 |
- recently been) a Tor exit relay. Second, it actively builds circuits over |
|
172 |
- the Tor network and connects back to itself, to learn the actual exit |
|
173 |
- IP address of each relay — some Tor relays exit from a different |
|
174 |
- address than they advertise in their descriptor. Third, it exports a <a |
|
175 |
- href="http://exitlist.torproject.org/exitAddresses">set of conclusions</a> |
|
176 |
- so that <a href="https://check.torproject.org/">check.torproject.org</a> |
|
177 |
- can guess for you whether your browser is configured to point to Tor. |
|
178 |
- <br> |
|
179 |
- This project would make use of <a |
|
180 |
- href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>, |
|
181 |
- a set of Python scripts to interact with Tor, |
|
182 |
- to figure out how our Tor Exit Checker should actually work, and then |
|
183 |
- build it — probably in Python since Torflow is in Python. The main |
|
184 |
- goal is to reduce false positives as much as possible, by making sure |
|
185 |
- that it learns about new relays as soon as possible, making sure that |
|
186 |
- the testing phase concludes quickly, and making sure the answers get |
|
187 |
- passed to the Check script quickly. As a bonus, we should standardize |
|
188 |
- (specify) the format of the exitAddresses file, and rewrite the <a |
|
189 |
- href="https://svn.torproject.org/svn/check/trunk/cgi-bin/TorBulkExitList.py">Tor |
|
190 |
- Bulk Exit List</a> script to use that file rather than its current <a |
|
191 |
- href="https://bugs.torproject.org/flyspray/index.php?do=details&id=1019">horrible |
|
192 |
- DNS hacks</a>. As an extra bonus, we should work with Freenode, OFTC, |
|
193 |
- and/or other IRC networks to make sure that the scripts we offer are |
|
194 |
- actually the scripts they want, in terms of accurately identifying which |
|
195 |
- of their users are coming from the Tor network. |
|
196 |
- <br> |
|
197 |
- You can fetch the <a href="git://git.torproject.org/git/tordnsel">latest |
|
198 |
- tordnsel</a> via git. |
|
135 |
+ Status wish list</a>.</p> |
|
199 | 136 |
</li> |
200 | 137 |
|
201 | 138 |
<li> |
... | ... |
@@ -208,14 +145,12 @@ |
208 | 145 |
Skill Level: <i>High</i> |
209 | 146 |
<br> |
210 | 147 |
Likely Mentors: <i>Roger, Nick, Steven</i> |
211 |
- <br> |
|
212 |
- The Tor 0.2.1.x series makes <a |
|
148 |
+ <p>The Tor 0.2.1.x series makes <a |
|
213 | 149 |
href="<svnprojects>design-paper/blocking.html">significant |
214 | 150 |
improvements</a> in resisting national and organizational censorship. |
215 | 151 |
But Tor still needs better mechanisms for some parts of its |
216 |
- anti-censorship design. |
|
217 |
- <br> |
|
218 |
- One huge category of work is adding features to our <a |
|
152 |
+ anti-censorship design.</p> |
|
153 |
+ <p>One huge category of work is adding features to our <a |
|
219 | 154 |
href="http://gitweb.torproject.org//bridgedb.git?a=tree">bridgedb</a> |
220 | 155 |
service (Python). Tor aims to give out <a href="<page docs/bridges>">bridge |
221 | 156 |
relay addresses</a> to users that can't reach the Tor network |
... | ... |
@@ -225,78 +160,19 @@ |
225 | 160 |
blog post on the topic</a> as an overview, and then look at <a |
226 | 161 |
href="http://archives.seul.org/or/dev/Dec-2009/msg00000.html">Roger's |
227 | 162 |
or-dev post</a> from December for more recent thoughts — lots of |
228 |
- design work remains. |
|
229 |
- <br> |
|
230 |
- If you want to get more into the guts of Tor itself (C), a more minor problem |
|
163 |
+ design work remains.</p> |
|
164 |
+ <p>If you want to get more into the guts of Tor itself (C), a more minor problem |
|
231 | 165 |
we should address is that current Tors can only listen on a single |
232 | 166 |
address/port combination at a time. There's |
233 | 167 |
<a href="<gitblob>doc/spec/proposals/118-multiple-orports.txt">a |
234 | 168 |
proposal to address this limitation</a> and allow clients to connect |
235 | 169 |
to any given Tor on multiple addresses and ports, but it needs more |
236 |
- work. |
|
237 |
- <br> |
|
238 |
- This project could involve a lot of research and design. One of the big |
|
170 |
+ work.</p> |
|
171 |
+ <p>This project could involve a lot of research and design. One of the big |
|
239 | 172 |
challenges will be identifying and crafting approaches that can still |
240 | 173 |
resist an adversary even after the adversary knows the design, and |
241 |
- then trading off censorship resistance with usability and robustness. |
|
242 |
- </li> |
|
243 |
- |
|
244 |
- <!--<li> |
|
245 |
- <b>Tuneup Tor!</b> |
|
246 |
- <br> |
|
247 |
- Priority: <i>Medium to High</i> |
|
248 |
- <br> |
|
249 |
- Effort Level: <i>Medium to High</i> |
|
250 |
- <br> |
|
251 |
- Skill Level: <i>High</i> |
|
252 |
- <br> |
|
253 |
- Likely Mentors: <i>Nick, Roger, Mike, Karsten</i> |
|
254 |
- <br> |
|
255 |
- Right now, Tor relays measure and report their own bandwidth, and Tor |
|
256 |
- clients choose which relays to use in part based on that bandwidth. |
|
257 |
- This approach is vulnerable to |
|
258 |
- <a href="http://freehaven.net/anonbib/#bauer:wpes2007">attacks where |
|
259 |
- relays lie about their bandwidth</a>; |
|
260 |
- to address this, Tor currently caps the maximum bandwidth |
|
261 |
- it's willing to believe any relay provides. This is a limited fix, and |
|
262 |
- a waste of bandwidth capacity to boot. Instead, |
|
263 |
- Tor should possibly measure bandwidth in a more distributed way, perhaps |
|
264 |
- as described in the |
|
265 |
- <a href="http://freehaven.net/anonbib/author.html#snader08">"A Tune-up for |
|
266 |
- Tor"</a> paper |
|
267 |
- by Snader and Borisov. One could use current testing code to |
|
268 |
- double-check this paper's findings and verify the extent to which they |
|
269 |
- dovetail with Tor as deployed in the wild, and determine good ways to |
|
270 |
- incorporate them into their suggestions Tor network without adding too |
|
271 |
- much communications overhead between relays and directory |
|
272 |
- authorities. |
|
273 |
- </li>--> |
|
274 |
- |
|
275 |
- <li> |
|
276 |
- <b>Improving Polipo on Windows</b> |
|
277 |
- <br> |
|
278 |
- Priority: <i>Medium to High</i> |
|
279 |
- <br> |
|
280 |
- Effort Level: <i>Medium</i> |
|
281 |
- <br> |
|
282 |
- Skill Level: <i>Medium</i> |
|
283 |
- <br> |
|
284 |
- Likely Mentors: <i>Chris</i> |
|
285 |
- <br> |
|
286 |
- Help port <a |
|
287 |
- href="http://www.pps.jussieu.fr/~jch/software/polipo/">Polipo</a> to |
|
288 |
- Windows. Example topics to tackle include: |
|
289 |
- <ol><li> the ability to asynchronously query name servers, find the |
|
290 |
- system nameservers, and manage netbios and dns queries.</li> |
|
291 |
- <li> manage events and buffers natively (i.e. in Unix-like OSes, |
|
292 |
- Polipo defaults to 25% of ram, in Windows it's whatever the config |
|
293 |
- specifies).</li> |
|
294 |
- <li> some sort of GUI config and reporting tool, bonus if it has a |
|
295 |
- systray icon with right clickable menu options. Double bonus if it's |
|
296 |
- cross-platform compatible.</li> |
|
297 |
- <li> allow the software to use the Windows Registry and handle proper |
|
298 |
- Windows directory locations, such as "C:\Program Files\Polipo"</li> |
|
299 |
- </ol> |
|
174 |
+ then trading off censorship resistance with usability and |
|
175 |
+ robustness.</p> |
|
300 | 176 |
</li> |
301 | 177 |
|
302 | 178 |
<li> |
... | ... |
@@ -309,37 +185,33 @@ |
309 | 185 |
Skill Level: <i>Low to Medium</i> |
310 | 186 |
<br> |
311 | 187 |
Likely Mentors: <i>Matt</i> |
312 |
- <br> |
|
313 |
- There are a number of status changes inside Tor of which the user may need |
|
188 |
+ <p>There are a number of status changes inside Tor of which the user may need |
|
314 | 189 |
to be informed. For example, if the user is trying to set up his Tor as a |
315 | 190 |
relay and Tor decides that its ports are not reachable from outside |
316 | 191 |
the user's network, we should alert the user. Currently, all the user |
317 | 192 |
gets is a couple log messages in Vidalia's 'message log' window, which they |
318 | 193 |
likely never see since they don't receive a notification that something |
319 | 194 |
has gone wrong. Even if the user does actually look at the message log, |
320 |
- most of the messages make little sense to the novice user. |
|
321 |
- <br> |
|
322 |
- Tor has the ability to inform Vidalia of many such status changes, and |
|
195 |
+ most of the messages make little sense to the novice user.</p> |
|
196 |
+ <p>Tor has the ability to inform Vidalia of many such status changes, and |
|
323 | 197 |
we recently implemented support for a couple of these events. Still, |
324 | 198 |
there are many more status events the user should be informed of and we |
325 |
- need a better UI for actually displaying them to the user. |
|
326 |
- <br> |
|
327 |
- The goal of this project then is to design and implement a UI for |
|
199 |
+ need a better UI for actually displaying them to the user.</p> |
|
200 |
+ <p>The goal of this project then is to design and implement a UI for |
|
328 | 201 |
displaying Tor status events to the user. For example, we might put a |
329 | 202 |
little badge on Vidalia's tray icon that alerts the user to new status |
330 | 203 |
events they should look at. Double-clicking the icon could bring up a |
331 | 204 |
dialog that summarizes recent status events in simple terms and maybe |
332 | 205 |
suggests a remedy for any negative events if they can be corrected by |
333 | 206 |
the user. Of course, this is just an example and one is free to |
334 |
- suggest another approach. |
|
335 |
- <br> |
|
336 |
- A person undertaking this project should have good UI design and layout |
|
207 |
+ suggest another approach.</p> |
|
208 |
+ <p>A person undertaking this project should have good UI design and layout |
|
337 | 209 |
and some C++ development experience. Previous experience with Qt and |
338 | 210 |
Qt's Designer will be very helpful, but are not required. Some |
339 | 211 |
English writing ability will also be useful, since this project will |
340 | 212 |
likely involve writing small amounts of help documentation that should |
341 | 213 |
be understandable by non-technical users. Bonus points for some graphic |
342 |
- design/Photoshop fu, since we might want/need some shiny new icons too. |
|
214 |
+ design/Photoshop fu, since we might want/need some shiny new icons too.</p> |
|
343 | 215 |
</li> |
344 | 216 |
|
345 | 217 |
<li> |
... | ... |
@@ -352,21 +224,19 @@ |
352 | 224 |
Skill Level: <i>Medium</i> |
353 | 225 |
<br> |
354 | 226 |
Likely Mentors: <i>Nick, Erinn</i> |
355 |
- <br> |
|
356 |
- Tor needs to be far more tested. This is a multi-part effort. To start |
|
227 |
+ <p>Tor needs to be far more tested. This is a multi-part effort. To start |
|
357 | 228 |
with, our unit test coverage should rise substantially, especially in |
358 | 229 |
the areas outside the utility functions. This will require significant |
359 | 230 |
refactoring of some parts of Tor, in order to dissociate as much logic |
360 |
- as possible from globals. |
|
361 |
- <br> |
|
362 |
- Additionally, we need to automate our performance testing. We've got |
|
231 |
+ as possible from globals.</p> |
|
232 |
+ <p>Additionally, we need to automate our performance testing. We've got |
|
363 | 233 |
buildbot to automate our regular integration and compile testing already |
364 | 234 |
(though we need somebody to set it up on Windows), |
365 | 235 |
but we need to get our network simulation tests (as built in <a |
366 | 236 |
href="https://svn.torproject.org/svn/torflow/trunk/README">TorFlow</a>) |
367 | 237 |
updated for more recent versions of Tor, and designed to launch a test |
368 | 238 |
network either on a single machine, or across several, so we can test |
369 |
- changes in performance on machines in different roles automatically. |
|
239 |
+ changes in performance on machines in different roles automatically.</p> |
|
370 | 240 |
</li> |
371 | 241 |
|
372 | 242 |
<li> |
... | ... |
@@ -379,8 +249,7 @@ |
379 | 249 |
Skill Level: <i>Medium to High</i> |
380 | 250 |
<br> |
381 | 251 |
Likely Mentors: <i>Bruce, Nathan</i> |
382 |
- <br> |
|
383 |
- Others are currently working on Tor clients for Java, Android, and Maemo |
|
252 |
+ <p>Others are currently working on Tor clients for Java, Android, and Maemo |
|
384 | 253 |
environments. The first step is to get a handle on the current state of |
385 | 254 |
the project in which you are interested in helping; <a |
386 | 255 |
href="http://github.com/brl/JTor">Tor for Java</a>, |
... | ... |
@@ -388,15 +257,15 @@ |
388 | 257 |
, or <a href="<page docs/N900>">Tor for Maemo</a>. Check out the |
389 | 258 |
repository and familiarize yourself |
390 | 259 |
with the source code. Further, support for requesting or even providing |
391 |
- Tor hidden services would be neat, but not required. |
|
392 |
- <br> |
|
393 |
- A prospective developer should be able to understand and write new Java |
|
260 |
+ Tor hidden services would be neat, but not required.</p> |
|
261 |
+ <p>A prospective developer should be able to understand and write new Java |
|
394 | 262 |
code, including a Java cryptography API. Being able to read C code would be helpful, |
395 | 263 |
too. One should be willing to read the existing documentation, |
396 | 264 |
implement code based on it, and refine the documentation |
397 | 265 |
when things are underdocumented. This project is mostly about coding and |
398 |
- to a small degree about design. |
|
266 |
+ to a small degree about design.</p> |
|
399 | 267 |
</li> |
268 |
+ |
|
400 | 269 |
<li> |
401 | 270 |
<b>More on Orbot & Android OS-specific development</b> |
402 | 271 |
<br/> |
... | ... |
@@ -408,84 +277,49 @@ |
408 | 277 |
Skill Level: <i>Medium to High</i> |
409 | 278 |
<br> |
410 | 279 |
Likely Mentors: <i>Nathan</i> |
411 |
- <br> |
|
412 |
- |
|
413 |
- <b>Android Java UI work:</b> Improved home screen to show better statistics about data transferred (up/down), number of circuits connected, quality of connection and so on. The "Tether Wifi" Android application is a good model to follow in how it shows a realtime count of bytes transferred as well as notifications when wifi client connect. In addition, better display/handling of Tor system/error messages would also be very helpful. Finally, the addition of a wizard or tutorial walkthrough for novice users to explain to them exactly what or what is not anonymized or protected would greatly improve the likelihood they will use Orbot correctly. |
|
414 |
- <br/><br/> |
|
415 |
- |
|
416 |
- <b>Android Java OS/Core app work:</b> Better system-wide indicator either via the notification bar, "Toast" pop-up dialogs or some other indicator that an application's traffic is indeed moving through Orbot/Tor. For instance, right now you need to first go to a torcheck web service to ensure your browser is routing via Tor. Orbot should be able to notify you that circuits are being opened, used, etc. The aforementioned data transfer tracker might provide this type of awareness as well. |
|
417 |
- |
|
418 |
- <br/><br/> |
|
419 |
- <b>Android Java Library/Community Outreach work:</b> We need to package a simple library for use with third-party application to easily enable them to support "Torification" on non-root devices (aka w/o transparent proxying). This library should include a wrapper for the Apache HTTPClient library, a utility class for detecting the state of Orbot connectivity, and other relevant/useful things an Android app might need to anonymize itself. This work would include the creation of the library, documentation, and sample code. Outreach or effort to implement the library within other open-source apps would follow. |
|
420 |
- |
|
421 |
- <br/><br/> |
|
422 |
- <b>Android OS/C/Linux work:</b> The port of Tor to Android is basically a straight cross-compile to Linux ARM. There has been no work done in looking the optimization of Tor within a mobile hardware environment, on the ARM processor or other Android hardware, or on mobile networks. It should be noted, that even without optimization, Tor is handling the mobile network environment very well, automatically detecting change in IP addresses, reconnecting circuits, etc across switching from 2G to 3G to Wifi, and so forth. |
|
280 |
+ <p><b>Android Java UI work:</b> Improved home screen to show better |
|
281 |
+ statistics about data transferred (up/down), number of circuits |
|
282 |
+ connected, quality of connection and so on. The "Tether Wifi" |
|
283 |
+ Android application is a good model to follow in how it shows |
|
284 |
+ a realtime count of bytes transferred as well as notifications |
|
285 |
+ when wifi client connect. In addition, better display/handling |
|
286 |
+ of Tor system/error messages would also be very helpful. Finally, |
|
287 |
+ the addition of a wizard or tutorial walkthrough for novice |
|
288 |
+ users to explain to them exactly what or what is not anonymized |
|
289 |
+ or protected would greatly improve the likelihood they will use |
|
290 |
+ Orbot correctly.</p> |
|
291 |
+ |
|
292 |
+ <p><b>Android Java OS/Core app work:</b> Better system-wide |
|
293 |
+ indicator either via the notification bar, "Toast" pop-up dialogs |
|
294 |
+ or some other indicator that an application's traffic is indeed |
|
295 |
+ moving through Orbot/Tor. For instance, right now you need to |
|
296 |
+ first go to a torcheck web service to ensure your browser is |
|
297 |
+ routing via Tor. Orbot should be able to notify you that circuits |
|
298 |
+ are being opened, used, etc. The aforementioned data transfer |
|
299 |
+ tracker might provide this type of awareness as well.</p> |
|
300 |
+ |
|
301 |
+ <p><b>Android Java Library/Community Outreach work:</b> We need |
|
302 |
+ to package a simple library for use with third-party application |
|
303 |
+ to easily enable them to support "Torification" on non-root |
|
304 |
+ devices (aka w/o transparent proxying). This library should |
|
305 |
+ include a wrapper for the Apache HTTPClient library, a utility |
|
306 |
+ class for detecting the state of Orbot connectivity, and other |
|
307 |
+ relevant/useful things an Android app might need to anonymize |
|
308 |
+ itself. This work would include the creation of the library, |
|
309 |
+ documentation, and sample code. Outreach or effort to implement |
|
310 |
+ the library within other open-source apps would follow.</p> |
|
311 |
+ |
|
312 |
+ <p><b>Android OS/C/Linux work:</b> The port of Tor to Android |
|
313 |
+ is basically a straight cross-compile to Linux ARM. There has |
|
314 |
+ been no work done in looking the optimization of Tor within a |
|
315 |
+ mobile hardware environment, on the ARM processor or other |
|
316 |
+ Android hardware, or on mobile networks. It should be noted, |
|
317 |
+ that even without optimization, Tor is handling the mobile |
|
318 |
+ network environment very well, automatically detecting change |
|
319 |
+ in IP addresses, reconnecting circuits, etc across switching |
|
320 |
+ from 2G to 3G to Wifi, and so forth.</p> |
|
423 | 321 |
</li> |
424 | 322 |
|
425 |
- <!--<li> |
|
426 |
- <b>New Torbutton Features</b> |
|
427 |
- <br> |
|
428 |
- Priority: <i>Medium</i> |
|
429 |
- <br> |
|
430 |
- Effort Level: <i>High</i> |
|
431 |
- <br> |
|
432 |
- Skill Level: <i>High</i> |
|
433 |
- <br> |
|
434 |
- Likely Mentors: <i>Mike</i> |
|
435 |
- <br/> |
|
436 |
- There are several <a |
|
437 |
- href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5&type=2">good |
|
438 |
- feature requests</a> on the Torbutton Flyspray section. In particular, <a |
|
439 |
- href="https://bugs.torproject.org/flyspray/index.php?do=details&id=523">Integrating |
|
440 |
- 'New Identity' with Vidalia</a>, |
|
441 |
- <a href="https://bugs.torproject.org/flyspray/index.php?do=details&id=940">ways of |
|
442 |
- managing multiple cookie jars/identities</a>, <a |
|
443 |
- href="https://bugs.torproject.org/flyspray/index.php?do=details&id=637">preserving |
|
444 |
- specific cookies</a> when cookies are cleared, |
|
445 |
- <a |
|
446 |
- href="https://bugs.torproject.org/flyspray/index.php?do=details&id=524">better |
|
447 |
- referrer spoofing</a>, <a |
|
448 |
- href="https://bugs.torproject.org/flyspray/index.php?do=details&id=564">correct |
|
449 |
- Tor status reporting</a>, and <a |
|
450 |
- href="https://bugs.torproject.org/flyspray/index.php?do=details&id=462">"tor://" |
|
451 |
- and "tors://" urls</a> are all interesting |
|
452 |
- features that could be added. |
|
453 |
- <br> |
|
454 |
- This work would be independent coding in Javascript and the fun world of <a |
|
455 |
- href="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">XUL</a>, |
|
456 |
- with not too much involvement in the Tor internals. |
|
457 |
- </li>--> |
|
458 |
- |
|
459 |
- <!-- <li> |
|
460 |
- <b>New Thandy Features</b> |
|
461 |
- <br> |
|
462 |
- Priority: <i>Medium</i> |
|
463 |
- <br> |
|
464 |
- Effort Level: <i>Medium</i> |
|
465 |
- <br> |
|
466 |
- Skill Level: <i>Medium to High</i> |
|
467 |
- <br> |
|
468 |
- Likely Mentors: <i>Martin</i> |
|
469 |
- <br> |
|
470 |
- Additional capabilities are needed for assisted updates of all the Tor |
|
471 |
- related software for Windows and other operating systems. Some of the |
|
472 |
- features to consider include: |
|
473 |
- <ol> |
|
474 |
- <li> Integration of the <a |
|
475 |
- href="http://chandlerproject.org/Projects/MeTooCrypto">MeTooCrypto |
|
476 |
- Python library</a> |
|
477 |
- for authenticated HTTPS downloads.</li> |
|
478 |
- <li> Adding a level of indirection |
|
479 |
- between the timestamp signatures and the package files included in an |
|
480 |
- update. See the "Thandy attacks / suggestions" thread on or-dev.</li> |
|
481 |
- <li> Support locale specific installation and configuration of assisted |
|
482 |
- updates based on preference, host, or user account language settings. |
|
483 |
- Familiarity with Windows codepages, unicode, and other character sets |
|
484 |
- is helpful in addition to general win32 and posix API experience and |
|
485 |
- Python proficiency.</li> |
|
486 |
- </ol> |
|
487 |
- </li> --> |
|
488 |
- |
|
489 | 323 |
<li> |
490 | 324 |
<b>Simulator for slow Internet connections</b> |
491 | 325 |
<br> |
... | ... |
@@ -568,56 +402,6 @@ |
568 | 402 |
push to build a Thunderbird extension similar to Torbutton. |
569 | 403 |
</li> |
570 | 404 |
|
571 |
- <!--<li> |
|
572 |
- <b>Intermediate Level Network Device Driver</b> |
|
573 |
- <br> |
|
574 |
- Priority: <i>Low</i> |
|
575 |
- <br> |
|
576 |
- Effort Level: <i>High</i> |
|
577 |
- <br> |
|
578 |
- Skill Level: <i>High</i> |
|
579 |
- <br> |
|
580 |
- Likely Mentors: <i>Martin</i> |
|
581 |
- <br> |
|
582 |
- The WinPCAP device driver used by Tor VM for bridged networking does |
|
583 |
- not support a number of wireless and non-Ethernet network adapters. |
|
584 |
- Implementation of a intermediate level network device driver for win32 |
|
585 |
- and 64bit would provide a way to intercept and route traffic over such |
|
586 |
- networks. This project will require knowledge of and experience with |
|
587 |
- Windows kernel device driver development and testing. Familiarity with |
|
588 |
- Winsock and Qemu would also be helpful. |
|
589 |
- </li>--> |
|
590 |
- |
|
591 |
- <li> |
|
592 |
- <b>Improve Tor Weather</b> |
|
593 |
- <br> |
|
594 |
- Priority: <i>Medium</i> |
|
595 |
- <br> |
|
596 |
- Effort Level: <i>Medium</i> |
|
597 |
- <br> |
|
598 |
- Skill Level: <i>Medium</i> |
|
599 |
- <br> |
|
600 |
- Likely Mentors: <i>Christian, Roger, Damian</i> |
|
601 |
- <br> |
|
602 |
- <a href="https://weather.torproject.org/">Tor weather</a> is a tool |
|
603 |
- that allows signing up to receive notifications via email when the |
|
604 |
- tracked Tor relay is down. Currently, it isn't really useful for |
|
605 |
- people who use the hibernation feature of Tor, or for those who |
|
606 |
- have to shut down their relay regularly. During the project, Tor |
|
607 |
- weather could be extended to allow more flexible configurations. |
|
608 |
- Other enhancements are also possible: Weather could send out warnings |
|
609 |
- when your relay runs an out-of-date version of Tor, or when its |
|
610 |
- observed bandwith drops below a certain value. It might also be a |
|
611 |
- nice tool that allows for checking whether your relay has earned |
|
612 |
- you a <a href="<page getinvolved/tshirt>">T-Shirt</a>, or sending reminders to |
|
613 |
- directory authorities that |
|
614 |
- their keys are about to expire. Be creative, and consider how the |
|
615 |
- above project to track overall network status can help you get your job |
|
616 |
- done more quickly! See also its |
|
617 |
- <a href="https://svn.torproject.org/svn/weather/trunk/README">README</a> |
|
618 |
- and <a href="https://svn.torproject.org/svn/weather/trunk/TODO">TODO</a>. |
|
619 |
- </li> |
|
620 |
- |
|
621 | 405 |
<li> |
622 | 406 |
<b>Improvements for Tor+Vidalia interaction on Linux/Unix platforms</b> |
623 | 407 |
<br> |
... | ... |
@@ -668,77 +452,8 @@ |
668 | 452 |
experience. Previous experience with Qt is helpful, but not required. |
669 | 453 |
</li> |
670 | 454 |
|
671 |
- <!--<li> |
|
672 |
- <b>Tor/Polipo/Vidalia Auto-Update Framework</b> |
|
673 |
- <br> |
|
674 |
- We're in need of a good authenticated-update framework. |
|
675 |
- Vidalia already has the ability to notice when the user is running an |
|
676 |
- outdated or unrecommended version of Tor, using signed statements inside |
|
677 |
- the Tor directory information. Currently, Vidalia simply pops |
|
678 |
- up a little message box that lets the user know they should manually |
|
679 |
- upgrade. The goal of this project would be to extend Vidalia with the |
|
680 |
- ability to also fetch and install the updated Tor software for the |
|
681 |
- user. We should do the fetches via Tor when possible, but also fall back |
|
682 |
- to direct fetches in a smart way. Time permitting, we would also like |
|
683 |
- to be able to update other |
|
684 |
- applications included in the bundled installers, such as Polipo and |
|
685 |
- Vidalia itself. |
|
686 |
- <br> |
|
687 |
- To complete this project, the student will first need to first investigate |
|
688 |
- the existing auto-update frameworks (e.g., Sparkle on OS X) to evaluate |
|
689 |
- their strengths, weaknesses, security properties, and ability to be |
|
690 |
- integrated into Vidalia. If none are found to be suitable, the student |
|
691 |
- will design their own auto-update framework, document the design, and |
|
692 |
- then discuss the design with other developers to assess any security |
|
693 |
- issues. The student will then implement their framework (or integrate |
|
694 |
- an existing one) and test it. |
|
695 |
- <br> |
|
696 |
- A person undertaking this project should have good C++ development |
|
697 |
- experience. Previous experience with Qt is helpful, but not required. One |
|
698 |
- should also have a good understanding of common security |
|
699 |
- practices, such as package signature verification. Good writing ability |
|
700 |
- is also important for this project, since a vital step of the project |
|
701 |
- will be producing a design document to review and discuss |
|
702 |
- with others prior to implementation. |
|
703 |
- </li>--> |
|
704 | 455 |
|
705 | 456 |
<li> |
706 |
- <b>Improving the Tor QA process: Continuous Integration for builds</b> |
|
707 |
- <br> |
|
708 |
- Priority: <i>Medium</i> |
|
709 |
- <br> |
|
710 |
- Effort Level: <i>Medium</i> |
|
711 |
- <br> |
|
712 |
- Skill Level: <i>Medium</i> |
|
713 |
- <br> |
|
714 |
- Likely Mentors: <i>Erinn</i> |
|
715 |
- <br> |
|
716 |
- It would be useful to have automated build processes for Windows and |
|
717 |
- probably other platforms. The purpose of having a continuous integration |
|
718 |
- build environment is to ensure that Windows isn't left behind for any of |
|
719 |
- the software projects used in the Tor project or its accompanying.<br> |
|
720 |
- Buildbot may be a good choice for this as it appears to support all of |
|
721 |
- the platforms Tor does. See the |
|
722 |
- <a href="http://en.wikipedia.org/wiki/BuildBot">wikipedia entry for |
|
723 |
- buildbot</a>.<br> |
|
724 |
- There may be better options and the person undertaking this task should |
|
725 |
- evaluate other options. Any person working on this automatic build |
|
726 |
- process should have experience or be willing to learn how to build all |
|
727 |
- of the respective Tor related code bases from scratch. Furthermore, the |
|
728 |
- person should have some experience building software in Windows |
|
729 |
- environments as this is the target audience we want to ensure we do not |
|
730 |
- leave behind. It would require close work with the Tor source code but |
|
731 |
- probably only in the form of building, not authoring.<br> |
|
732 |
- Additionally, we need to automate our performance testing for all platforms. |
|
733 |
- We've got buildbot (except on Windows — as noted above) to automate |
|
734 |
- our regular integration and compile testing already, |
|
735 |
- but we need to get our network simulation tests (as built in torflow) |
|
736 |
- updated for more recent versions of Tor, and designed to launch a test |
|
737 |
- network either on a single machine, or across several, so we can test |
|
738 |
- changes in performance on machines in different roles automatically. |
|
739 |
- </li> |
|
740 |
- |
|
741 |
- <!--<li> |
|
742 | 457 |
<b>Usability testing of Tor</b> |
743 | 458 |
<br> |
744 | 459 |
Priority: <i>Medium</i> |
... | ... |
@@ -753,7 +468,7 @@ |
753 | 468 |
That would help a lot in knowing what needs to be done in terms of bug |
754 | 469 |
fixes or new features. We get this informally at the moment, but a more |
755 | 470 |
structured process would be better. |
756 |
- </li>--> |
|
471 |
+ </li> |
|
757 | 472 |
|
758 | 473 |
<li> |
759 | 474 |
<b>An authenticating IRC proxy</b> |
... | ... |
@@ -865,8 +580,11 @@ |
865 | 580 |
details on the research side of this task — who knows, when it's |
866 | 581 |
done maybe you can help write a paper or three also.</li> |
867 | 582 |
|
868 |
- <li>Tor 0.1.1.x and later include support for hardware crypto accelerators |
|
869 |
- via OpenSSL. It has been lightly tested and is possibly very buggy. We're looking for more rigorous testing, performance analysis, and optimally, code fixes to openssl and Tor if needed.</li> |
|
583 |
+ <li>Tor 0.1.1.x and later include support for hardware crypto |
|
584 |
+ accelerators via OpenSSL. It has been lightly tested and is |
|
585 |
+ possibly very buggy. We're looking for more rigorous testing, |
|
586 |
+ performance analysis, and optimally, code fixes to openssl and |
|
587 |
+ Tor if needed.</li> |
|
870 | 588 |
|
871 | 589 |
<li>Perform a security analysis of Tor with <a |
872 | 590 |
href="http://en.wikipedia.org/wiki/Fuzz_testing">"fuzz"</a>. Determine |
873 | 591 |