Hidden Services Crowdfunding Campaign

Task Brainstorming Area

• Improve security

  • Implement the next generation hidden services proposal (rend-spec-ng.txt)
    • also finalize and implement proposal 202 (improved relay crypto)
  • High-latency anonymity + HS research
    • also look into pynchon gate / alpha mixing
  • Better guard security for HSes
    • More guard discovery research
    • More long-lived HS circuits
    • Add entry guard rate limiting so that the HS stops working after so many guards
    • Better guard node data structures (#12595 (moved))
  • Tor path building with AS awareness
  • Modularize Tor and write different parts of Tor in different languages (golang/rust/etc.)
  • Write PoC for constant time padding protection against traffic analysis
  • Compartmentalize crypto keys from the rest of Tor (see SoftHSM project)
  • Better defence against tagging attacks
  • Support postquantum crypto throughout the Tor protocol. Just in case!
  • Better integration for TAILS in a VM
  • Rewrite all Tor parsers to use trunnel

• Improve the hidden service community

  • Improve integration with securedrop/pond/ricochet/torchat/whonix/openbazaar/onionshare
  • More hidden service search engine research and development (see ahmia)
  • Host a few useful HSes ourselves or with partner (e.g. pond/jabber server)
  • Fund TWN author
  • help maintain and extend pond
  • research and PoC of anonymous blacklisting credentials
  • collaborate with other anonymity projects (I2P/Gnunet/etc.) and closely review each other's code

• Improve performance

  • More hidden service scaling / fault tolerance / availability
  • More R&D on tor2web mode and encrypted services (its server-side equivalent)
  • Make the Tor network itself more scaleable (support hundreds of thousands of relays!)

• Improve human factor / usability

  • Analysis of HS use cases
  • Petnames!
    • petname system for gnunet: [https://gnunet.org/fcfs/Zoneinfo]
    • GNS: [https://moderncrypto.org/mail-archive/messaging/2014/000939.html]
    • SDSI: [http://people.csail.mit.edu/rivest/sdsi10.html]
  • Better VM images to make HS easier and more secure to run and harder to deanonymize
  • Better UI for HSes
    • client-side: Makes HS authentication more user friendly, [XXX]
    • client-side: Display HS circuit establishment process on the browser (similar to % process bar)
    • HS-side: Make it easier for HS operators to check their guard nodes and the node history etc.
    • Make it easier for HS operators to check their guard nodes and the node history etc.
  • Write "best usage advice for HS operators" document (see #13843 (moved))
  • Allow HSes to have configurable threat model (profiles)
    • the default profile
    • the Facebook profile: more IPs, more scaleability
    • the paranoid profile: more guard discovery protection, bigger guard lifetime
  • Make all the tor mods to better support SSL certs in HSes
    • sign selfsigned cert with onion key etc.
    • [https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs]

• More projects!

  • Tor router
  • Stormy
  • Video chat over HSes
    • Generate video-broadcast hidden service on the fly, perhaps as a gui
  • Tor on iOS or android
  • Tor messenger

• Misc

  • Crypto and/or code audit by [whitfield diffie / PPP / google security team / subgraph / the blackhats]
  • Do online lecture series (coursera-style) on privacy / anonymity network design
  • get full time press person (or any other position we missing and community might appreciate)
  • tunnel tor inside bittorrent
  • Write a Tor book

Stretch goals!

Rewards brainstorming

Need more cool ideas for rewards to people who pledge

• We deanonymize/credit you in the blog post
• Stickers / Swag / Posters / T-Shirts -> juris@torservers willing to handle logistics
• Unique swag? Art by Tor people?
• Tor baseball caps
• Your name in the unittest constants
• Evening/night out with Tor people in the next dev meeting.
• Your 5 uninterrupted minutes with Roger

Crowdfunding platform logistics

Which crowdfunding platform? Why? How? Kicsktarter? Indiegogo? Or maybe thresh!

TODO

What have we missed during task brainstorming? Should we add more TBB stuff? More non-HS stuff?

Misc

"Onion Services: Next Generation Hidden Services" I'm telling you it's powerful.