#7721 closed task (fixed)

Chrome browser add-on

Reported by: proper Owned by: dcf
Priority: minor Milestone:
Component: Flashproxy Version:
Keywords: Cc: proper, griffinboyce@…
Actual Points: Parent ID:
Points:

Description

I am not sure it will work out asking people to stay on a website to provide a circumvention help. How many people will forget about it? How annoying is it for people to always have an extra tab open? How many people are using only one tab?

Why not create browser add-ons for the most popular browsers?

The add-on could remember to always internally open the flashproxy website but hide it from the user. It would be a Tor Bridge (flashproxy) Browser Add-On.

Child Tickets

Change History (10)

comment:1 Changed 17 months ago by bastik

I support this idea. People can support the flashproxy approach without visiting any website at all. I currently don't know any website with the badge on it. (Beside where it lives)

I used "Pin as App Tab" to pin https://crypto.stanford.edu/flashproxy/ to the bar. Therefor it loads every time I launch the browser and I can use Firefox, without getting disturbed by it. Hopefully enough people will either visit the website above or install an add-on.

comment:2 Changed 16 months ago by dcf

  • Parent ID #7166 deleted
  • Priority changed from normal to minor

I guess I can see the appeal of this idea, but: if you abandon the idea of "visit a web page to become a proxy," and go for "install this software to become a proxy," why not just run a standalone proxy program? Why tie it to the browser?

Some advantages of a browser plugin:

  • Perhaps easier to install and keep updated than other types of programs.
  • Porting is easier because we can stay with JavaScript and WebSocket easily.

Disadvantages:

  • I suppose a browser plugin only runs when the browser is open? So wouldn't an always-on system daemon be better?
  • In most cases (i.e., not-#6284) we are still limited to using WebSocket, which has fingerprinting disadvantages.
  • Browsers are complicated and full of security bugs.

I think I understand the desire behind this ticket. People want to contribute to proxy capacity, but can't run their own bridge because of NAT or other concerns. Are there compelling advantages to making this a part of the browser that overwhelm the limitations? Remember that parts of the flash proxy architecture like the facilitator are not there because we like them, they are there because we couldn't think of a better way to do things given browser limitations.

comment:3 Changed 16 months ago by proper

I guess I can see the appeal of this idea, but: if you abandon the idea of "visit a web page to become a proxy," and go for "install this software to become a proxy," why not just run a standalone proxy program? Why tie it to the browser?

Maybe because it's easier to install and update? Easier to install and forget? Fewer clicks? Easier to keep it up to date? Not sure about those.

Another point: longer uptimes - you can define the uptime in your codes.

Just another point: you need less cooperation from website owners.

Well, I mean, if you manage to get Google to install a badge you won't need the add-on. Due to the attached legal and ethical questions attached, I'd assume that in the beginning only a few smaller websites, enthusiasts will install a badge on their website. People who wish to participate a lot are not bound to stay on a website.

I suppose a browser plugin only runs when the browser is open?

I think yes. Haven't heard of a way to run them system wide. Since the browser is nowadays the most used applications, it would still run a long time. - Longer then being dependent on a badge on a website.

So wouldn't an always-on system daemon be better?

Maybe. I don't know what is more difficult to install and keep updated from the end user point of view. Maybe it would be best to have all methods? Badge, add-on, cli package (for servers), 1 click system installer?

In most cases (i.e., not-#6284) we are still limited to using WebSocket, which has fingerprinting disadvantages.

Could you research (or did you) if you could work around this? If Chrome gets a TCP API, won't Firefox get it sooner or later? Maybe it's already planed?

Browsers are complicated and full of security bugs.

For this point I don't see how an add-on is less secure than a badge on a website running in the browser.

comment:4 Changed 16 months ago by dcf

  • Status changed from new to accepted

I would be happy to see a prototype of a browser plugin. But since I don't know anything about developing plugins, that's exactly what I need to see--a working prototype. I marked the priority "minor" because I am not planning to do it myself, but I am willing to accept new code.

comment:5 Changed 16 months ago by saint

  • Cc griffinboyce@… added

I've coded a browser plugin for Chrome: https://github.com/glamrock/cupcake

The concept could be used in addons for FireFox, Opera, or Safari as well, since they all allow processes to run in the background.

Benefits:

  • Allows people to opt-in to becoming flash proxies, rather than current opt-out model
  • Works in Chrome OS
  • Takes all guesswork out of making a bridge
  • Flash proxies made with Cupcake have a substantially longer uptime than those using site visitors
  • Uses less memory than either Tor BB or Vidalia

I've tested it and it seems to work well. If it's useful, I'll submit it to the Chrome Web Store.

comment:6 Changed 15 months ago by dcf

  • Status changed from accepted to needs_review

comment:8 in reply to: ↑ 7 Changed 11 months ago by dcf

Replying to cypherpunks:

I made one for Firefox:
https://addons.mozilla.org/de/firefox/addon/tor-flashproxy-badge/

Thank you for making this. It is good to have something available for Firefox. However, I have found two problems.

First, it crashes and doesn't actually serve any clients.

error: tor-flashproxy-badge: An exception occurred.
ReferenceError: clearTimeout is not defined
resource://jid0-1kqapo5buhwjbqft5beuxhxzjca-at-jetpack/tor-flashproxy-badge/lib/flashproxy.js 285
Traceback (most recent call last):
  File "resource://gre/modules/commonjs/sdk/timers.js", line 31, in notify
    callback.apply(null, args);
  File "resource://jid0-1kqapo5buhwjbqft5beuxhxzjca-at-jetpack/tor-flashproxy-badge/lib/flashproxy.js", line 285, in
    clearTimeout(this.flush_timeout_id);

This is a problem; my hourly client tests have been failing more often than not for weeks now, and I've been checking and re-checking the flash proxy code to try and find the problem. I now think it is caused by this add-on claiming to serve clients and then crashing. I'm afraid I'm going to try and block access by this add-on until the problem is fixed.

Second, the code is a modified fork of flashproxy.js.
https://github.com/reezer/tor-flashproxy-badge/blob/master/lib/flashproxy.js
There are gratuitous changes like changing the indentation level; this will only make it harder to merge updates and bug fixes. How do you plan to keep the code up to date? At this point, I prefer the model used by Cupcake, where it acts as a wrapper around the same proxy code served to everyone else.

comment:10 Changed 11 months ago by dcf

  • Resolution set to fixed
  • Status changed from needs_review to closed
  • Summary changed from flashproxy browser add-on to Chrome browser add-on

I'm changing the ticket title to "Chrome browser add-on" and marking as fixed. I'm happy with Cupcake and have linked it at https://crypto.stanford.edu/flashproxy/#badge-howto.

I started a new ticket for Firefox at #9034.

Note: See TracTickets for help on using tickets.