[tor-dev] Interested in GSoC - Hidden Service Naming or Hidden Service Searching
Jeremy Rand
biolizard89 at gmail.com
Fri Feb 28 03:02:00 UTC 2014
Hi Tor developers,
I'm interested in participating in GSoC. I'm an undergrad majoring in
computer science at University of Oklahoma, and I've been a major Tor
enthusiast for years.
There are two possible projects which I'm considering; I'm looking for
some feedback on which you think would be better for me to apply for.
One project is allowing hidden services to have human-readable names. I
think Namecoin would be an excellent backend for this. I coded a
proof-of-concept of using Namecoin to point human-readable .bit domains
to .onion domains; that code is available at
https://github.com/JeremyRand/Convergence . For example, using this,
you can visit http://federalistpapers.bit/ to get to the Federalist
Papers hidden service. The proof of concept only works on Firefox right
now (not TorBrowser); I would definitely be interested in porting it to
TorBrowser, improving its privacy, and making it work for applications
other than web browsing. Namecoin also has the useful feature of
allowing HTTPS fingerprints to be embedded in the blockchain, which
eliminates the need to trust certificate authorities for clearnet HTTPS
websites (I understand that malicious exit nodes messing with TLS is
currently a significantly voiced concern for Tor). I have a strong
understanding of how Namecoin's DNS works and have developed some
projects using Namecoin (including a dynamic DNS client), so I think I'm
a good fit for such a project if there's interest in the Tor community.
I talked with Jacob Appelbaum about using Namecoin recently; he was
concerned about a 51% attack. I think that could be mostly resolved via
a checkpointing system; while doing so adds a small degree of
centralization, Tor is already slightly centralized, and it's still less
centralized than other alternative naming systems that have been
proposed (e.g. having Tor Project maintain a list of names themselves).
While I'm not particularly familiar (yet) with how checkpointing is done
within Namecoin's block validation system, I do know how to at least
verify whether the currently loaded blockchain matches a given
checkpoint (which would at least alert users that an attack had taken
place).
The other project is making a search engine for hidden services (listed
as Project Idea F on the Tor website). I think YaCy could be used to
accomplish this in a decentralized and censorship-free way. I would
suggest making a separate YaCy network for hidden services, using a
regexp whitelist to only index .onion URL's (YaCy has such a network but
I think it's currently inactive). YaCy doesn't have whitelist support
built in, but I think the blacklist feature should be usable for
simulating such a feature with some effort. YaCy's SOLR schema supports
searching based on outgoing link URL's, so I think I could make a
standard YaCy client search for all clearnet sites which link to a
.onion/.onion.to/.tor2web.org URL, and feed those URL's to a Tor YaCy
client for indexing. I've been a YaCy enthusiast for a couple years,
and I'm actually using YaCy in a grad-level CS project this semester
(the course is on Artificial Neural Networks and Evolution), so while I
haven't touched the YaCy source code, I think I'm a good match for this
project.
Do either of these sound like good proposals? Is one significantly more
likely to be approved than the other, so that I know which to submit?
Thanks,
-Jeremy Rand
More information about the tor-dev
mailing list