Hi,
i like where this is going, let me allow to answer inline.
On Tue, 16 Oct 2018 09:19:08 +0200 (CEST)
Niklas Edmundsson <ni...@acc.umu.se> wrote:
Hi!
I'm one of the mirror admins for ftp.acc.umu.se.
It's nice that the tor mirroring effort is seeing some attention from
the project, but I'm still curious on what the plan/purpose/goal with
the mirroring effort is from an end-user perspective.
Bear in mind that I'm mostly accustomed to "regular" open source
projects and not fully updated on all the issues with a
privacy-oriented project such as TOR.
Note that i am not announcing the official position of TPO, instead
just my opinion as a volunteer stepping into the mirror component.
However, I see issues with the usefulness of providing a TOR mirror.
One of the prime motivations for us to provide a mirror is the
benefit for users in our local region, and this is especially true
for other mirrors in bandwidth-starved regions. If there is more
bandwidth consumption by mirroring a project than there are downloads
it's kind of hard to motivate a mirror in the first place.
From what I have gathered it's today almost impossible for an end
user to find and use a mirror...
1) https://www.torproject.org/ -> Download brings you to
https://www.torproject.org/download/download-easy.html.en which seems
hard-coded to download from dist.torproject.org ... No mirror usage
there.
This is true for the current website and we are considering a better
option for the coming one:
https://bugs.torproject.org/21222
2) There is no list of alternative/mirror download locations. I can
google my way to
https://www.torproject.org/getinvolved/mirrors.html.en but that's not
updated with the latest mirrors nor sorted in a user-friendly manner
(you want the list by country/region).
This is absolutely true and i'm glad you are pointing out what i
thought myself updating the script. Filed and currently working on:
https://bugs.torproject.org/28083
3) The TOR project itself doesn't seem to have much interest in
actually using its mirrors. For example
https://trac.torproject.org/projects/tor/ticket/27586 discards using
mirrorbits with "not needed at the moment", when the exact opposite
is true. We mirror admins WANT the traffic, and the TOR project NEEDS
something to enable that together with automatically
monitoring/disabling broken mirrors for a useful end-user experience.
We need a solution for the following problem: 3rd party mirrors
introduce privacy issues and TPO hesitates to automatically redirect
away from its website. Mirrors not necessarily need to be malicious but
can be out of sync or offline. Currently we have no set up that
periodicaly monitors the state of mirrors and verifies files.
Also what if someone sets up mirrors to investigate who is interested
in
Tor? Obviously the answer can't be "use tor" here.
https://bugs.torproject.org/27998
4) And finally, if all above is catered for, there is the question on
how to do download mirror redirect/selection in a clear yet useful
manner for the end user. Should the user always be presented with a
list of mirrors to choose from? Should that be generated on the
server side or in-browser from a list of current mirrors (ie. json
output from mirrorbits or similar)?
Is https://gettor.torproject.org/api/mirrors.json what you suggest?
I agree that we should make better use of it.
https://bugs.torproject.org/16716
We are heading into privacy
concerns here, but it needs to be addressed in a better way than just
assuming that the three magic hosts serving dist.torproject.org is
the best choice for a particular end-user...
The GetTor team dried out and needs your help!
https://gettor.torproject.org/
https://trac.torproject.org/projects/tor/query?status=!closed&component=Applications%2FGetTor
/Nikke
There's a big potential to think mirrors and gettor together and i'd
like to inspire you to make suggestions how to go into this direction.
My answer could be more elaborate but i prefer to delve into code now
:)
--
traumschule.org
gpg fingerprint:
9356 4DED 8546 8D9A C290 3605 12EE 7D70 7111 2056
/otr info
OTR: traumsch...@irc.indymedia.org fingerprint:
OTR: 35AACA83 4564616C B6EBEC66 56B6B2FC C8D572F1
OTR: traumsch...@irc.oftc.net fingerprint:
OTR: D1CCD207 B60C1866 56A975AE ACE090E9 45E90846
OTR: traumsch...@chat.freenode.net fingerprint:
OTR: 51BF8BB9 434840CC 24F264BC 76450C27 A6AADB12
_______________________________________________
tor-mirrors mailing list
tor-mirrors@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
