Tor: GUI Competition Overview
Tor is a decentralized network of computers on the Internet that increases privacy in Web browsing, instant messaging, and other applications. We estimate there are some 50,000 Tor users currently, routing their traffic through about 250 volunteer Tor servers on five continents. However, Tor's current user interface approach — running as a service in the background — does a poor job of communicating network status and security levels to the user.
The Tor project, affiliated with the Electronic Frontier Foundation, is running a UI competition to develop a vision of how Tor can work in a user's everyday anonymous browsing experience. Some of the challenges include how to make alerts and error conditions visible on screen; how to let the user configure Tor to use or avoid certain routes or nodes; how to learn about the current state of a Tor connection, including which servers it uses; and how to find out whether (and which) applications are using Tor safely.
Goals
Submitters will produce either sketches for a suggested user interface, or a work of Open Source Software that will provide a user interface to the Tor system by way of the Tor Controller Protocol.
We are looking for a vision of how Tor can work in a user's everyday anonymous browsing experience.
Entries will:
- Allow the user to fully configure Tor rather than manually searching for and opening text files.
- Let users learn about the current state of their Tor connection (including which servers they are connected to, and how many connections they have), and find out whether any of their applications are using it.
- Make alerts and error conditions visible to the user.
- Run on at least one of Windows, Linux, and OS X, on a not-unusually-configured consumer-level machine.
In addition, they may:
- Provide detailed information about which applications, ports, or packets are (or are not!) passing through Tor, including accounting for both Tor- and non-Tor traffic.
- Provide additional statistics about the Tor connection.
- Give users more control over how their Tor behaves at certain times of day or in other contexts (like operating as a server).
Some examples of useful features include:
- How much bandwidth is Tor using? How does this compare to the overall network traffic to/from the computer?
- Is there network traffic from ports or applications that the user intended to be anonymized?
- What Tor servers does the user know about on the network? Where are they? How available are they?
- An interface for displaying or controlling Tor paths: "show me the network from Africa by way of Asia". Think of the global satellite map from the movie Sneakers.
- Configure other running applications to use Tor (for example, by modifying or working through the network stack, and/or by altering application configurations).
- Provide an elegant installer for Tor, your GUI submission, and other supporting applications.
- Make your GUI manage the Tor process and other supporting applications -- start them, stop them, realize when they've died.
- Provide meaningful defaults for a good Tor experience.
- Provide application-level anonymity -- that is, not just paying attention to transport anonymity on the level of Tor, but also paying attention to the anonymity of the http headers, cookies, etc.
- Let the user specify different Tor config option sets depending on time of day (e.g. daytime vs. nighttime).
- Provide useful controller functions for Tor servers too -- for example, walk the user through recommended bandwidth configurations and exit policies.
- Have a "minimized view" of your GUI for common use, and then a more detailed view or set of windows when the user wants more detail.
- Provide a button or some automatically updating interface to let the user learn whether Tor is working currently, perhaps by accessing an external what's-my-IP site and seeing if it thinks you're a Tor server; and give useful messages and recommendations if it doesn't seem to be working.
- Provide a way to automatically configure local firewalls (ipchains, Windows firewalls, etc) to let Tor traffic out (and in, for Tor servers). As a bonus, configure it to prevent non-Tor traffic from leaving (and notify when it tries).