[tor-dev] GSOC- Revamp GetTor

Kiran Mathew Koshy kiranmathewkoshy at gmail.com
Fri Mar 21 08:41:15 UTC 2014


Hi everyone,

My name is Kiran Mathew Koshy and I'm a student of IIT Patna, India. I''m
interested in participating in Google Summer of Code 2014 under Tor
project. GetTor is a service that I had tried a couple of months ago when
tor was blocked by our sysadmin, and I believe revamping getTor will have
huge impact on avoiding censorship.

*TL;DR version*:

   1. A system by which a user has multiple routes of obtaining the tor
   browser- dropbox , mega, google drive, and a couple of other file sharing
   sites
   2. If the user provides their pgp key, an encrypted reply can be sent
   3. If the user requests so, the file sent should be password-protected ,
   plus some random data(in a single file) should be added along with the tor
   browser in order to have variable file sizes.
   4. Some file sharing sites(most) allow you to transfer a file between
   accounts. This is a bit unnecessary, but can be implemented if there is
   time left.
   5. NLP: A very simple natural language processor to process the email
   and to scavenge for the requested configuration- language, os, file sharing
   site, etc. Example mail: "please send me a tor browser bundle ( English)
   that works on Windows. Could you send it through Mega ?"  .
   6. An email proxy- To counter the small chance that the mail server
   doesn't allow emails to gettor at gettor.torproject.org.
   Chances of this are low in my opinion, since gmail/ any other mail
   service is
   usually available.


*Details and explanation*:


   1. In most cases, a sysadmin or an ISP can block known bridges,
   torproject sites, and tor nodes. In this case, *the only way to ensure
   that a user can access the tor browser software is by allowing multiple
   sources to download it from. *
   The practice of blocking File sharing sites is also common, so sites
   like dropbox, google drive, box, etc are also important. The code will be
   written in a modular format such that addinga  new file sharing site would
   be equal to adding a couple of urls of their REST API, or at most, writing
   a new  module consisting of 10-15 lines of code. I have worked with the
   APIs of file sharing sites before, and most are quite similar.

   2.  If PGP keys are sent, an encrypted reply follows. No brainer.

   3. Bundling the software with a file of random size into a password
   protected tar would prevent  snooping based on size of the https request. A
   little bit far fetched, yes, but good if you are up against your government.
   This would prove to be cpu intensive and network intensive, since the
   server will have to encrypt the file and upload it to a file sharing site
   every time someone requests it. Therefore, this will be limited to one or
   two instances at any given time.  It is also possible to upload multiple
   instances of  encrypted tor browser software, and store the keys in the
   server.

   4.  Self Explanatory

   5. An NLP would be very simple to implement in this case, in order to
   fish out the keywords and choose the correct configuration.
   Example mail: "please send me a tor browser bundle ( English) that works
   on Windows. Could you send it through Mega ?"  .  The keywords in this case
   would be: 1. tor browser bundle. 2. English. 3.Windows 4.Mega. A list of
   such keywords will be stored on the server.

   I believe  an NLP would be better than the current arrangement.

   6. Self Explanatory.

Since the current getTor doesn't come close to this, I believe it is best
to *rewrite it, reusing select parts*. I havce a good experience in C++ and
Python. I completed Google Summer of Code 2013 under Wikimedia Foundation,
so this is my second year for GSOC.


Since I'm a bit late to apply, I will be submitting this as a proposal
right away. Please comment on any changes you would like to incorporate in
this.


-- 
Kiran Mathew Koshy
Electrical Engineering,
IIT Patna,
Patna,
India
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140321/ed18d444/attachment-0001.html>


More information about the tor-dev mailing list