On 11/08/2011 12:29 AM, warms0x wrote: >> On 11/05/2011 06:26 PM, Arturo Filastò wrote: >>> I have made a patch to check.torproject.org to expose a JSONP interface >>> that would allow people to have the user check client side if (s)he is >>> using Tor. >>> >>> This would allow people to embed a badge on their website >>> (privacybadge.html) that congratulates the user of using Tor or warns >>> him of non Tor usage with a link to torproject.org. >>> >>> I can imagine privacy advocates having this deployed on their websites >>> or systems that engourage users to connect to them anonymously. >>> >>> Compared to what check.torproject.org does at the moment the risk does >>> not change, it is erogating exactly the same service, just making it >>> more useful and flexible. >>> >>> Basically what it does is check if the ip doing the connection is >>> connected through Tor. The web service will reply with a JSON encoded >>> array that can be loaded from the user and display in the browser a nice >>> looking badge. >>> >> >> I think this is a fine idea - it reminds me of the only IPv6 demo turtle. >> >> I think it's quite ironic to use these technologies to encourage people >> to deploy real privacy solutions. > > > I also like the idea, but I immediately thought of nefarious uses for such > an API. No more nefarious than what one can do with a proper list of exit > nodes I suppose.
It is a real time version of this - powered by... a Tor client. :) > > Is there any general difference between having a queryable API to > determine if a client is using Tor and the periodic fetching of the list > of exit nodes? > No, not for a user who is using Tor - the exiting from the network is generally considered "Tor" and we've supported this to help quash crappy attempts: https://check.torproject.org/cgi-bin/TorBulkExitList.py (note the svn link, it's actually code anyone may run) In other words, we'd like everyone to enter the Tor network - we won't help block _entry_ into Tor. But generally, it's OK if some people block Tor exits as the anonymous user can just go somewhere else... > Apologies if this isn't a particularly -dev-like question, I'm still fresh > on a lot of the Tor internals and I'm still not sure what data is public > versus protected It's not private information. The biggest problem with this proposal is simply that many people may use it and it will generate a lot of load. All the best, Jacob _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
