Opened 8 years ago

Closed 8 years ago

#3750 closed task (wontfix)

web tor proxy

Reported by: freevps Owned by: freevps
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Is there some on-line service/site like http://hidemyass.com/, to proxy throw tor http request's?

I think, it would be great to have one relay with http server on board, which will work like web proxy, also would get access to hidden web service's with .onion domain via simple web browser's.

And, that my opinion, if such relay would up, and have some dns translation on board, like dyndns, with users panel, both opened from internet and tor-network, to sum up classic domain name's and .onion domain's.

We will get hidden net, that simply accessed from web for every user.

Child Tickets

Change History (10)

comment:1 Changed 8 years ago by freevps

Owner: changed from phobos to freevps
Status: newaccepted

comment:2 Changed 8 years ago by freevps

Status: acceptedneeds_information

For last part of my ticket, look at this.
http://tor2web.org/

But tor-proxy, like hidemyass, still open.

comment:3 Changed 8 years ago by hellais

You should definitely be looking at the tor2web project as it is currently the one that most people are working on and that I think will have most future.

The source for tor2web by Aaron Swartz can be found at: https://github.com/aaronsw/tor2web.

Currently I have been working on something that shares the same concept but adopts a completely different technical approach and the source for that may be found at: https://github.com/globaleaks/tor2web-2.0. It is based on glype-proxy and is written in PHP.

The reason why we started developing this is that keeping a tor2web up and running is not an easy task. By running a tor2web node it appears that you are serving the content directly, and nothing leads the client to believe that this is not the case. For this reason we decided that it is necessary to:

1) Have a clear disclaimer briefly explaining hidden services and that the site is basically just a web proxy.
2) Allow node maintainers to create a blocklist easily.

Currently there is only one tor2web node still alive, and we hope that with this new version of tor2web more people will start setting one up.
Also we are discussing the possibility of expanding the idea and make tor2web meet these two requirements:

  • Distribute responsibility across multiple actors
  • Minimize the probability of takedown of a tor2web node

And withstand these two kinds of "attacks":

1) A spammer sends a message containing a tor2web link. When the link is
clicked, the user is presented with the malicious page. This web page is
hosted as a hidden service, so the cost of setting up a new website is
very low (blocklisting is not feasable).
The ISP receives a notification that the link is associated with illegal
content, he visits the page and verifies immediately that the content is
there and that it is under his address space. The node gets shut down.

2) Somebody is hosting illegal content on a hidden service. He is able
to spread this link and the content is served immediately. This means
that authorities are able to verify immediately that the content is in
fact there and may not be able to immediately understand that it is
served from the Tor network.

For more information on the "new" tor2web visit: http://wiki.tor2web.org/index.php/Main_Page.

comment:4 Changed 8 years ago by privacyresearch

It must be also considered that the tor2web cannot be done with stateless apache http reverse proxy as dynamic URL must be rewritten by looking at the body of the HTML content.

Also for that reason a web-application managing the content and rewriting it properly must be used (like in any web proxy).

comment:5 in reply to:  description ; Changed 8 years ago by phobos

Replying to freevps:

Is there some on-line service/site like http://hidemyass.com/, to proxy throw tor http request's?

Turning tor into a web service proxy is a bad idea for user anonymity and privacy. The web proxy then gets to see all of your requests and who you are. There are a number of these websites out there that supposedly point http/https proxy requests to tor. It's also a bad idea from the server side. The ISP hosting the server and the owner of the server also get to see all of the user traffic along with where they are in the world.

comment:6 Changed 8 years ago by privacyresearch

@phobos: it depends on the anonymity goals that you want to achieve and how you are fair with the end-user.

Tor2web want to allow anonymous internet publishing and not anonymous internet access, so the protection and facility is not for the client who access the content but for the server the provide the content.

Obviously we must be *very clear* with the client, while accessing a tor2web proxed content, that:

  • This is a proxy
  • The proxy will be able to collect his IP address
  • Strongly suggesting to use TorBrowserBundle and connect directly to .onion

That way we can be *very fair* with the client (to avoid him misunderstanding the anonymity context) while providing the tor2web goals (that's providing internet-exposure to website running on tor hidden-services).

So looking in perspective to tor2web we must not think about 'client anonymity' but only of 'server anonymity'.
Regarding the client, it must just have a disclaimer explaining him that's better to go with .onion.

Look on google site:.tor2web.org , there's now a wide ecosystem of tor-hidden-service website that leverage tor2web internet exposure.

We must support them, we must preserve their ability to internet-publish anonymously while still keeping their location secret by running their server on a tor-hidden-service.

comment:7 Changed 8 years ago by privacyresearch

Tor2web has now also a mailing list where interested people can subscribe:

Mailing list:

comment:8 in reply to:  5 Changed 8 years ago by freevps

Replying to phobos:

Replying to freevps:

Is there some on-line service/site like http://hidemyass.com/, to proxy throw tor http request's?

Turning tor into a web service proxy is a bad idea for user anonymity and privacy. The web proxy then gets to see all of your requests and who you are. There are a number of these websites out there that supposedly point http/https proxy requests to tor. It's also a bad idea from the server side. The ISP hosting the server and the owner of the server also get to see all of the user traffic along with where they are in the world.

As a case, it should force https usage, to protect user from sniffing itself.

And i can give you china example, when people just want to see other side of the moon.

comment:9 Changed 8 years ago by freevps

Another example.

I'm a student who come to library. Check link, but all is a restricted, i can't install anything to machine. Only browser that's doesn't fold.

It would be bad to crack free internet place, but also restricted so many domain names. What can i do?

I just open this tor-hop proxy, and chose a exit node, all of internet are open now for me.

If you think, that is child example, imaging me as a Robin Hood mixed with 007 Agent called on to warn human race!

comment:10 Changed 8 years ago by rransom

Resolution: wontfix
Status: needs_informationclosed
Type: projecttask
Note: See TracTickets for help on using tickets.