[tor-bugs] #2553 [Tor Hidden Services]: tor2web mode for accessing hidden services

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Sep 17 09:03:32 UTC 2011


#2553: tor2web mode for accessing hidden services
---------------------------------+------------------------------------------
 Reporter:  arma                 |          Owner:  rransom     
     Type:  enhancement          |         Status:  needs_review
 Priority:  normal               |      Milestone:              
Component:  Tor Hidden Services  |        Version:              
 Keywords:                       |         Parent:  #2552       
   Points:                       |   Actualpoints:              
---------------------------------+------------------------------------------

Comment(by hellais):

 > > Also, the security implications of having a "don't be anonymous" mode
 worry me some. Can we do more to make sure that no user ever thinks that
 turning this on is a good idea? The check in
 connection_ap_rewrite_and_attach is a good start, but I worry about
 accidentally breaking it later.
 I think a very clear and scary message at start should be displayed.

 If we think this is a big issue, then maybe the best solution is have the
 tor2web client send something to Tor (via TorCtl or a magic request to
 SOCKS) and if this does not happen it does not allow any connection?

 > > Can we have this whole feature be disabled unless the user supplies a
 compile-time option, for instance? (Is there any reason not to do that?)

 If this gets merged into trunk I would like for people who wish to run
 tor2web to install Tor from the official repositories and just install the
 tor2web package. Having to also build Tor would be a bit redundant.

 > > Also, have the tor2web people tried this out?
 >
 > Yes.  I'm CC-ing hellais, who says that he has tested this branch.


 Yes, I have been testing this for the past month or locally and I want to
 deploy it on one tor2web node.

 I would like to configure something that does benchmarking so that we are
 able to compare the effectiveness of the reduced hop count.
 The idea is to have one node run with tor2web node enabled and at the same
 time have another one run with tor2web mode disabled. For doing so I have
 a few options

 1) Write a patch for tor2web 2.0 to include basic measurements such as
 latency and connection speed (this is a bit hacky and is not "Tor" aware)

 2) Base something on torperf. I wonder though if it's possible to have
 something that uses real user requests, so as to be a test on what
 actually is happening when tor2web is being used.

 3) Any other suggestions?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2553#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list