| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dbdb2b813b483fe73f95f6bcc4f25f63.squirrel@gameframe.net> Date: Mon, 22 Aug 2011 23:08:16 +0300 From: nix@...roxylists.com To: "Arturo Filastò" <art@...baleaks.org> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Tor2web 2.0 is live! > Hi all, > > We are glad to announce the release of the new tor2web software. > > For those of you who are not aware of what tor2web is let us give you a > brief description. The goal of tor2web is that of promoting the use of > Tor Hidden Services > (https://www.torproject.org/docs/hidden-services.html.en). Hidden > Services allow people to run TCP based services without disclosing the > identity/location of their server. In the specific they allow people to > anonymously publish content to the web. Also, since you are being > reached trough the Tor network, you are not required to have a static ip > address or purchase a domain. This lowers the entry barrier to content > publishing and protect the content publisher from retaliation and Denial > of Service attacks. > > The problem though is that Hidden Services are usually only accessible > by installing a Tor client > (https://www.torproject.org/projects/torbrowser.html.en). Tor2web > creates a transport, by acting as a web proxy, between the internet and > the Tor network. This means that anonymous publishers are able to reach > a much wider audience. The user visiting a website though tor2web is > always advised to install a Tor client as by doing so he will protect > his identity and leverage Hidden Services end-to-end encryption. > > This version of tor2web (called tor2web 2.0) is based on glype PHP web > proxy (http://www.glype.com) and it is by no means the definitive > solution. We are currently working on a new design that will be able to > withstand other "attacks" that are currently possible. > > What we have implemented is: > * A clear disclaimer warning the user that the content is not being > served directly from the server, but it comes from the Tor network > * Contact forms for abuse complaints and to report broken websites > * Transparent rewriting of URLs into the tor2web form (i.e. > so4rmjdiwmqjosxz.onion become so4rmjdiwmqjosxz.tor2web.org) > * Blocklists to allow a tor2web node maintainer to block particular > websites, the blocklists are stored in md5 format so the node maintainer > does not need to store potentially illegal site lists. > > At this current stage we would like the community to stand-up and help > us by: > * Finding security and functional bugs in the existing implementation > * Volounteering to run new tor2web servers: > In this first stage we are looking for reliable systems, run or > endorsed by trustworthy organizations involved in anonymity and privacy > research and development. > > For the new release the goals that we wish to further pursue are: > * Distribute responsibility across multiple actors > * Minimize the probability of takedown of a tor2web node > > If you want further information on the tor2web project visit: > Wiki for new developments: http://wiki.tor2web.org/ > Tor2web original website: http://www.tor2web.org > Github: https://github.com/globaleaks/tor2web-2.0 > Mailing List: tor2web-talk@...ts.tor2web.org on http://bit.ly/pxFwNS . > IRC: irc.oftc.net #tor2web > > Have a nice day, > Some Random GlobaLeaks Contributors > > Please spread across the anonimity communities and mailing lists Im involved in anonymity and privacy research and development. I've recently released NiX Web Proxy Script: http://myproxylists.com/proxy-script A fully working online demo: http://myproxylists.com/nix_web_proxy/ PS. Does tor2web require custom modification before you can use a spesific web proxy software with the project? Im still trying to understand what's the point in tor2web :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists