Jeremy Rand <[email protected]> writes: > Hi Tor developers, > > I'm interested in participating in GSoC. I'm an undergrad majoring in > computer science at University of Oklahoma, and I've been a major Tor > enthusiast for years. > > There are two possible projects which I'm considering; I'm looking for > some feedback on which you think would be better for me to apply for. > > One project is allowing hidden services to have human-readable names. > I think Namecoin would be an excellent backend for this. I coded a > proof-of-concept of using Namecoin to point human-readable .bit > domains to .onion domains; that code is available at > https://github.com/JeremyRand/Convergence . For example, using this, > you can visit http://federalistpapers.bit/ to get to the Federalist > Papers hidden service. The proof of concept only works on Firefox > right now (not TorBrowser); I would definitely be interested in > porting it to TorBrowser, improving its privacy, and making it work > for applications other than web browsing. Namecoin also has the > useful feature of allowing HTTPS fingerprints to be embedded in the > blockchain, which eliminates the need to trust certificate authorities > for clearnet HTTPS websites (I understand that malicious exit nodes > messing with TLS is currently a significantly voiced concern for Tor). > I have a strong understanding of how Namecoin's DNS works and have > developed some projects using Namecoin (including a dynamic DNS > client), so I think I'm a good fit for such a project if there's > interest in the Tor community. I talked with Jacob Appelbaum about > using Namecoin recently; he was concerned about a 51% attack. I think > that could be mostly resolved via a checkpointing system; while doing > so adds a small degree of centralization, Tor is already slightly > centralized, and it's still less centralized than other alternative > naming systems that have been proposed (e.g. having Tor Project > maintain a list of names themselves). While I'm not particularly > familiar (yet) with how checkpointing is done within Namecoin's block > validation system, I do know how to at least verify whether the > currently loaded blockchain matches a given checkpoint (which would at > least alert users that an attack had taken place). >
I'd like to see human-readable names in HSes, but I'm not very familiar with Namecoin. I don't want to discourage you from working on this, but I'm not sure if I would be a good mentor for this. BTW, I remember watching a presentation about namecoin, and it seemed like there are still a few serious unresolved problems (domain squatting is easy, no revocation, lightweight clients are impossible). Also, namecoin are not anonymous, but people who get HS domain names care about anonymity. > The other project is making a search engine for hidden services > (listed as Project Idea F on the Tor website). I think YaCy could be > used to accomplish this in a decentralized and censorship-free way. I > would suggest making a separate YaCy network for hidden services, > using a regexp whitelist to only index .onion URL's (YaCy has such a > network but I think it's currently inactive). YaCy doesn't have > whitelist support built in, but I think the blacklist feature should > be usable for simulating such a feature with some effort. YaCy's SOLR > schema supports searching based on outgoing link URL's, so I think I > could make a standard YaCy client search for all clearnet sites which > link to a .onion/.onion.to/.tor2web.org URL, and feed those URL's to a > Tor YaCy client for indexing. I've been a YaCy enthusiast for a > couple years, and I'm actually using YaCy in a grad-level CS project > this semester (the course is on Artificial Neural Networks and > Evolution), so while I haven't touched the YaCy source code, I think > I'm a good match for this project. > Yes, you seem like a good match for this project. Familiriaty with YaCy will be very useful indeed. On the crawler side, may I suggest you to also look into archive.org's Heritrix crawler? Someone told me that it's what the cool kids use these days for crawling the web but I haven't used it myself. I think you would be a good candidate for this project. However, be warned that it's likely that more good candidates will apply for this project so it might be a tough competition. _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
