> On 11/05/2011 06:26 PM, Arturo Filastò wrote: >> I have made a patch to check.torproject.org to expose a JSONP interface >> that would allow people to have the user check client side if (s)he is >> using Tor. >> >> This would allow people to embed a badge on their website >> (privacybadge.html) that congratulates the user of using Tor or warns >> him of non Tor usage with a link to torproject.org. >> >> I can imagine privacy advocates having this deployed on their websites >> or systems that engourage users to connect to them anonymously. >> >> Compared to what check.torproject.org does at the moment the risk does >> not change, it is erogating exactly the same service, just making it >> more useful and flexible. >> >> Basically what it does is check if the ip doing the connection is >> connected through Tor. The web service will reply with a JSON encoded >> array that can be loaded from the user and display in the browser a nice >> looking badge. >> > > I think this is a fine idea - it reminds me of the only IPv6 demo turtle. > > I think it's quite ironic to use these technologies to encourage people > to deploy real privacy solutions.
I also like the idea, but I immediately thought of nefarious uses for such an API. No more nefarious than what one can do with a proper list of exit nodes I suppose. Is there any general difference between having a queryable API to determine if a client is using Tor and the periodic fetching of the list of exit nodes? Apologies if this isn't a particularly -dev-like question, I'm still fresh on a lot of the Tor internals and I'm still not sure what data is public versus protected. Cheers. _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
