On 5/4/11 9:46 PM, Jacob Appelbaum wrote: > On 05/04/2011 12:31 PM, Joseph Lorenzo Hall wrote: >> On Wed, May 4, 2011 at 2:56 PM, katmagic <[email protected]> wrote: >>> >>> Tor2Web sends the X-Forwarded-For header which will contain the IP of >>> the client that requested your site. Actual Tor users won't (shouldn't) >>> send this header at all. > > I'll look into this. I am joining the tor2web.org dns round robin in upcoming days (server ready, basic setup on *.tor.infosecurity.ch, need to setup ssl and then join the dns round robin).
Will have a look at the header stuff doing the setup (in upcoming days) and forward to Aaron. We've been also thinking as a tor2web improvement about using mod_layout to inject a "header" and the page into an iframe (like free web hosting company does for advertising) in order to put there: - A disclaimer about the fact that it's a tor2web proxy and it's not hosting itself the content (if there's an offensive web content, at least it's evident that the server is not hosting the content) - A Disclaimer that's half-anonimity - A suggestion to download torbrowser to access directly via hidden service This could be a way to provide a 'safer' tor2web. It would be also cool to think about making tor2web with a php application, to better fine tune the retries on hidden services, have better control on the output to print out the disclaimer header, making the installation easier. A friend made a rough php concept, need to get him on skype to know if there was some progress. Imho tor2web concept should grow in order to allow easier setup of leak sites and other anonymous publishing initiative. There are still scalability issues to be solved, mainly related to the distribution of wildcard SSL key+certificate and centralized handling of an internet domain name (that could be killed under hard conditions). -naif _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
