[tor-talk] anonymous surveys via Tor? (about tor2web)

Fabio Pietrosanti (naif) lists at infosecurity.ch
Wed May 4 20:03:44 UTC 2011


On 5/4/11 9:46 PM, Jacob Appelbaum wrote:
> On 05/04/2011 12:31 PM, Joseph Lorenzo Hall wrote:
>> On Wed, May 4, 2011 at 2:56 PM, katmagic <the.magical.kat at gmail.com> wrote:
>>>
>>> Tor2Web sends the X-Forwarded-For header which will contain the IP of
>>> the client that requested your site. Actual Tor users won't (shouldn't)
>>> send this header at all.
> 
> I'll look into this.
I am joining the tor2web.org dns round robin in upcoming days (server
ready, basic setup on *.tor.infosecurity.ch, need to setup ssl and then
join the dns round robin).

Will have a look at the header stuff doing the setup (in upcoming days)
and forward to Aaron.

We've been also thinking as a tor2web improvement about using mod_layout
to inject a "header" and the page into an iframe (like free web hosting
company does for advertising) in order to put there:
- A disclaimer about the fact that it's a tor2web proxy and it's not
hosting itself the content (if there's an offensive web content, at
least it's evident that the server is not hosting the content)
- A Disclaimer that's half-anonimity
- A suggestion to download torbrowser to access directly via hidden service

This could be a way to provide a 'safer' tor2web.

It would be also cool to think about making tor2web with a php
application, to better fine tune the retries on hidden services,  have
better control on the output to print out the disclaimer header, making
the installation easier.

A friend made a rough php concept, need to get him on skype to know if
there was some progress.

Imho tor2web concept should grow in order to allow easier setup of leak
sites and other anonymous publishing initiative.
There are still scalability issues to be solved, mainly related to the
distribution of wildcard SSL key+certificate and centralized handling of
an internet domain name (that could be killed under hard conditions).

-naif


More information about the tor-talk mailing list