0
Past, Present, FutureThursday, December 29, 11
Tor Hidden Services                    • Anonymity for the server                    • eqt5g4fuenphqinx.onion             ...
Why use Hidden                               Service?                    • Avoid retaliation for what you publish         ...
Tor2web                    • Exchange clients anonymity for usability                    • Connects Tor Hidden Services wi...
Tor2web 1.0Thursday, December 29, 11
Tor2web 1.0 issues                    • Exposed to abuse complaints                    • Misuse of HS to spread of illicit...
Tor2web 1.0                                    bodycount                    • In 2010 there where at one point 3          ...
Tor2web 2.0Thursday, December 29, 11
Tor2web 2.0                            improvements                    • Tell the audience the content is not hosted      ...
Tor2web 2.0 issues                    • Usability aspect not dealt with (white-page                            effect)    ...
Future of tor2web                    • Distribute responsibility                    • Rewrite the code                    ...
Tor2web mode                    • A tor2web node does not need anonymity                    • To improve performance reduc...
Thursday, December 29, 11
Thursday, December 29, 11
Thursday, December 29, 11
Thursday, December 29, 11
Thursday, December 29, 11
Thursday, December 29, 11
tor2web mode                    • An experimental implementation will be in                            tor 0.2.3.x        ...
Multidomain                    • To run a tor2web node currently we need                            to entrust you with th...
Tor2web cataclysm                                 edition                    • Complete rewrite in Python + Tornado       ...
Unique and Temporary                           URL                    • Separate the linker to content from the           ...
Caching                    •       Still an open problem                    •       Currently tor2web does caching, but wi...
Comfort loader                    •       Not implemented                    •       To avoid the white page effect       ...
We need more nodes!                    • Do you have a dedicated IP space?                    • Do you want to help suppor...
Let’s talk.                        tor2web wiki: http://wiki.tor2web.org/index.php/Main_Page                            to...
Upcoming SlideShare
Loading in...5
×

Tor2web workshop 28C3

1,328

Published on

Tor2web Workshop slides
283C CCC Congress

More info: http://events.ccc.de/congress/2011/wiki/Workshops/GlobaLeaks

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,328
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Tor2web workshop 28C3"

  1. 1. Past, Present, FutureThursday, December 29, 11
  2. 2. Tor Hidden Services • Anonymity for the server • eqt5g4fuenphqinx.onion • End-to-end encryptionThursday, December 29, 11
  3. 3. Why use Hidden Service? • Avoid retaliation for what you publish • Securely serve content • Stealth Hidden ServicesThursday, December 29, 11
  4. 4. Tor2web • Exchange clients anonymity for usability • Connects Tor Hidden Services with the surface web • You can setup an anonymous site and impact the whole netThursday, December 29, 11
  5. 5. Tor2web 1.0Thursday, December 29, 11
  6. 6. Tor2web 1.0 issues • Exposed to abuse complaints • Misuse of HS to spread of illicit content • No disclaimer • No reporting system • High latency -> Little usability • The leads to server takedownThursday, December 29, 11
  7. 7. Tor2web 1.0 bodycount • In 2010 there where at one point 3 tor2web nodes • In April 2011, there was only one server left • In June 2011, the last of the 3 original tor2web nodes went offlineThursday, December 29, 11
  8. 8. Tor2web 2.0Thursday, December 29, 11
  9. 9. Tor2web 2.0 improvements • Tell the audience the content is not hosted • Abuse complaint reporting system • Dynamic URL rewritingThursday, December 29, 11
  10. 10. Tor2web 2.0 issues • Usability aspect not dealt with (white-page effect) • Not easily deployed • Crappy code • Trust issue with sharing of *.tor2web.org SSL private keyThursday, December 29, 11
  11. 11. Future of tor2web • Distribute responsibility • Rewrite the code • Get more Tor2web node!Thursday, December 29, 11
  12. 12. Tor2web mode • A tor2web node does not need anonymity • To improve performance reduce the number of hops • First let’s explain Tor Hidden Service functioningThursday, December 29, 11
  13. 13. Thursday, December 29, 11
  14. 14. Thursday, December 29, 11
  15. 15. Thursday, December 29, 11
  16. 16. Thursday, December 29, 11
  17. 17. Thursday, December 29, 11
  18. 18. Thursday, December 29, 11
  19. 19. tor2web mode • An experimental implementation will be in tor 0.2.3.x • Compile time flag --enable-tor2web-modeThursday, December 29, 11
  20. 20. Multidomain • To run a tor2web node currently we need to entrust you with the wildcard SSL cert • You should be able to run tor2web on xxxx.your_domain.org • There can be a list of all supported tor2web domainsThursday, December 29, 11
  21. 21. Tor2web cataclysm edition • Complete rewrite in Python + Tornado • Encountered issues in Python SSL bindings • Should be patched in Python 3.x • Support for different domain hosting • https://github.com/hellais/Tor2webThursday, December 29, 11
  22. 22. Unique and Temporary URL • Separate the linker to content from the server • I request xxxx.tor2web.org • Just for me get’s generated yyyyy.tor2web.org (or also yyyyy.something.org) • If someone else visits at a latter time yyyyy.tor2web.org it is expired • This also avoids hot-linkingThursday, December 29, 11
  23. 23. Caching • Still an open problem • Currently tor2web does caching, but with more nodes you want the node that has the cache to serve the content • Aaron Swartz proposed a hashing DNS resolver • Open Problems: • How shall we determine the right freshness parameter?Thursday, December 29, 11
  24. 24. Comfort loader • Not implemented • To avoid the white page effect • The user is informed that the page is being loaded • An asynch JS request is done it the background to load the content of the page into a content div • JavaScript hackers?Thursday, December 29, 11
  25. 25. We need more nodes! • Do you have a dedicated IP space? • Do you want to help support tor2web network? • Currently there is only 1 tor2web node :(Thursday, December 29, 11
  26. 26. Let’s talk. tor2web wiki: http://wiki.tor2web.org/index.php/Main_Page tor2web 2.0: https://github.com/globaleaks/tor2web-2.0 Tor2web Cataclysm Edition: https://github.com/hellais/ Tor2webThursday, December 29, 11
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×