After reading the list of projects currently maintained by The Tor Project, I could not find any that focuses in introducing them to prospective users. Well, this is obviously done by the website, which contains all information one needs to learn how to use Tor and related projects, how to download them and how they work. However, when facing censorship, people who can benefit from Tor have a hard time to access the resources from the website, as it is blocked. Currently there are two solutions for such problem: gettor and bridgesdb. The former provides alternative ways of downloading Tor, and the latter provides alternative entry nodes that are (probably) not blocked by the censor, so that after downloading the software, one can access the network.
One problem that I see is that in order to send requests to gettor and bridgesdb people must at least know before hand that they should contact them via email/Twitter/etc and their respective address/handle, and considering that they are in a censored environment, getting this information might not be too easy.
The other problem, which in my opinion is the most serious, is that there is no easy way to verify that what they got from gettor/bridgesdb did come from The Tor Project. Both solutions do provide a way of verifying their responses, but that requires that people get fingerprints from 1 and 2, which I assume to be blocked, or searching on key servers for Tor's signing keys, and finding a way to check that someone in their Web of Trust signed those keys, which is the right way of doing it but hard for most users. For example, there should be at least what Tails currently does by mentioning there is a key from a Debian developer which people can get from the debian-keyring and verify the Tor signing key.
With those issues in mind, I had an idea to make it a lot easier to access Tor resources, as well as verifying that the software/bridges you get are legit.
Please, read this proposal considering that most users are not able to access Tor resources (also do not know how it works, how to use it, how to get it) and are not familiar with PGP. If they manage to get Tor, its unlikely they will verify the data. This project aims to provide a better user experience in those situations.
Before explaining what I intend to do, this is what I assume that people face with censorship: I expect that any connection to torproject.org is blocked as well as downloads over HTTP that leak that Tor related data is being downloaded, maybe based on the file name, content or checksum. That makes it impossible to get Tor from any source that is known for delivering it (e.g., torproject.org) or any other that is not blocked, but that leak the content (e.g., package managers over HTTP).
It is still not clear to me what The Tor Project assumes that sensors can do, so my assumptions might be wrong.
I intend to create a software that comes with documentation that teach people how to use Tor and how to download it, as well as being able to easily verify any (verifiable) data from The Tor Project by including the main public keys and even checksums and detached sigs. In order to prevent this software from being censored, it must be hosted on a provider that is too important to be blocked and that does not leak that it is being downloaded.
As I have been coding mostly in Python and I have packaged a few applications before, what I have in mind is developing a package that can be distributed by PyPI via HTTPS, preferably using pip. Therefore, censors would probably not block such an important service and HTTPS would prevent them from observing what's being downloaded. It would be as simple as:
# User installs Python, pip and gnupg
pip install initiator # Sorry, that's the name I came up with
initiator help # Show what it can do
initiator docs # Show the docs it has
initiator docs tails # Show how to use and get Tails
# User downloads Tails or gets it from a friend
initiator verify tails.iso # Check if they are a true friend
Although now there is a way to check software/bridges, we are back to the same problem because we cannot verify this package that verifies everything else but I'd rather trust PSF and their CDN instead of hoping that the checksums I got via email match the ones from The Tor Project (probably the current situation, as I assume people do not know or it is hard to verify them). What is possible to do to prevent that is making something that regularly checks if the CDN is delivering the right software (use OONI for that) and even ask for help of people that can access torproject.org to get the keys and preferably, check with their Web of Trust. Another alternative is to take advantage of how powerful pip is and download from many other (trusted) providers hosting the VCS project (but might introduce some complexity to the user).
If this works, people can basically be initiated to Tor just by knowing there is a package called "initiator" downloadable with pip. It will have anything they need to know so that there is no need to search/ask for Tor (maybe risking their lives?), and if they find some alternative source, be able to verify that the data is legit. Anyone can be a provider (as long as people verify) so that torproject.org/gettor/bridgesdb do not need to be the only sources and hopefully it will be a lot harder to prevent people from using Tor.
I would like to make it clear that gettor and bridgesdb are servers and this new package is a client. It could even start parsing data from them if, for example, gettor starts to split the files in multiple links.
I am trying to use less dependencies and these are probably everything we need for a CLI, however, using a GUI or something more friendly for the docs is also a good idea, but will increase the number of dependencies.
After discussing with sukhe, Yawning and gamambel, it seems that Windows users might have a hard time to securely install Python and gnupg.
-
Python
-
pip - Already installed with Python 2 >=2.7.9 or Python 3 >=3.4 downloaded from python.org
-
gnupg
Note: In most Operating Systems, if users use the get-pip.py script,
setuptools will be installed as well.
- hashlib - For checksums and probably the only option for Windows at the moment
I split the project into a few tasks, assigning an ID (in parenthesis) for each, which can be seen in the timeline.
Create a package that can be uploaded to PyPI and downloaded with pip. This initial client will only have the following features:
-
A command line interface that responds to
helpanddocs-
The
helpoutput should explain the commands which the client responds to -
The
docsoutput should display which docs are available for the user to read
-
-
Documentation for gettor and bridgesdb
- By calling the
docscommand with, for example, thegettorargument, display the docs that teach users how to use it
- By calling the
Include the Tor signing keys and latest checksums and detached signatures of the Tor browser. Functions should be developed to read those files and return them as strings.
Create a checksum command that given a file as argument, search for
its respective checksum to verify its integrity/authenticity. Python's
hashlib will be used. As we already trust those checksums, the
authenticity will also be verified.
Create a verify command that given a file as argument, search for
its respective detached signature to verify its
integrity/authenticity. python-gnupg/gnupg will be used.
Add more docs files to the client that can be displayed with the
docs command. The docs should be for popular projects such as
Tails, Tor Messenger, Orbot, etc.
Add more checksums and detached signatures to the client that can be
used by the checksum and verify commands. The docs should be for
popular projects such as Tails, Tor Messenger, Orbot, etc.
It is expected all the previous tasks implement all the
functionalities described by the "Design" section, and most of it
should belong to a client module that communicates with both the
CLI and GUI. Those two last modules should only present
information. As the CLI already had all the expected features,
the GUI just needs to be designed and "connected" to the client
module.
| Tasks/Weeks | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| T1 | X | |||||||||||||
| T2 | X | X | ||||||||||||
| T3 | X | X | ||||||||||||
| Mid-term | X | |||||||||||||
| T4 | X | |||||||||||||
| T5 | X | X | ||||||||||||
| T6 | X | X | ||||||||||||
| T7 | X | X | X | X | ||||||||||
| Final | X |
As it will be the software that tells people if they have data that did come from The Tor Project, attackers will do everything they can to attack it, so that if they find a vulnerability to make people install a malicious package, they will be in serious trouble.
I assume that it is secure to install/use Python and gnupg.
Outdated versions of pip can be downloaded via package managers, but pip can be used to easily update itself. It is important to update it because those versions might miss important security features, for example, hash-checking mode (for the dependencies of this package). As it does not look like Windows has a package manager to download pip, it will probably be downloaded from pypa.io via HTTPS, which means there is a Certificate Authority that might also pose a threat.
I assume that it is secure to use pip.
Downloading packages from PyPI over HTTPS means that you not only have to trust a Certificate Authority, but also their Content Delivery Network, because assuming that censors block all the sources that could assist users on verifying the package, they will have to blindly trust that the CDN did deliver the package released by The Tor Project. This is similar to the situation faced by users who try to verify data provided by gettor/bridgesdb, trusting the third parties that handled their messages. The biggest difference is that it seems easier to verify if the CDN behaves like it should, instead of all the third parties involved in the current approach.
I assume that it is secure to use PyPI.
This tool is not meant to replace anything. It is something that is currently not offered by The Tor Project and intends to be a very easy and secure way of initiating censored people to Tor. It is not a silver bullet, but compared to the current scenario, it reasonably increases the chances of a user getting the right data (I do not know how to quantify that).
As this package will be signed and can be verified, it might even become some kind of Tor download manager or something like that. There are lots of uses for it, but I am not going to spend more time on it if I do not find anyone that believes it can work.
I am a Senior studying Computer Engineering at UTFPR in Brazil. In January of 2014 I went to the U.S. for an exchange program, which lasted until December of the same year. During the Summer, I joined a research project where I learned about Anonymous Communication and I have been part of it since then. We have mostly worked on nymphemeral, pyaxo and nymserv - you should check them out. As I really like the field, my Senior Design Project is also about Anonymous Communication.
I have a few repositories on my GitHub profile, but I recommend taking a look at nymphemeral, which is the one I have mostly worked on.
As I mentioned, I have been working with Anonymous Communication for a couple of years and I intend to keep doing it not only because I like it, but because it is an important field capable of helping millions of people around the world.
In my opinion, The Tor Project is the biggest organization in this field and working with people responsible for software I run everyday is a dream of every developer.
The Tor community must continue to grow and I believe that participating in the Google Summer of Code will contribute to that.
Since I joined the research project in the U.S., I have been mostly working with rxcomm (my advisor) on the projects I mentioned previously and git and GitHub makes our work a lot easier to work in parallel on the same code, manage tickets to help us keep track of the development and interact with contributors interested in our projects.
Whenever I see a project which I can contribute to, even if a it is a small change, I open a ticket or make a pull request right away. My GitHub profile lists a few repositories which I contributed to. One contribution that comes to my mind which I had an awesome experience was improving the translation to Brazilian Portuguese of the Cheat Sheet of GitHub's Training Kit. The official contributor was very friendly and open to my suggestions, and I hope that Brazilians had a better experience when using it after the changes.
As I live in the southern hemisphere, my Summer break is already over. I am currently taking two classes this semester, working on my Senior Design Project and I am also a TA of the Object Orient Programming class at my university. The academic schedule defines the end of the semester on July 7, 2016. Therefore, I will have other commitments and I will not be available full-time until then. I just would like to clarify that, at least in my opinion as a Brazilian, being accepted for the Google Summer of Code is more important than any other opportunity I could have here and I intend to put effort to it whenever I can.
I am aware of how risky this project is. It will be responsible for the "user's trust root" that ensures they get the right data to become a Tor user. That means that it will become a big target for attackers looking for vulnerabilities, which can be devastating for the whole community. It probably will not be officially supported until tests and audits are made to assure that it is secure and works as intended. I believe this process will take some time and I intend to keep working on it after the GSoC is over to finally see people using it.
Also, as I have been working with anonymous communication for a while, I do not see myself going somewhere else soon, so the chances of keeping contributing the Tor community are high.
I intend to use IRC to discuss with my mentors and other tor devs (who wish to contribute to the project) about ideas and actions to be taken.
To formalize what is discussed on IRC, I will use the Trac system to manage features/enhancement/issues to keep records and maintain an organized environment for the development of the project, as well as interact with contributors.
To summarize everything, I will do what seems to have worked well for previous students: regular reports on the mailing list to keep people updated with what is happening on the project from a higher level.
OFTC: dau
Email: dau@riseup.net
PGP: 0xC5A49047572A0D47
I am only applying to The Tor Project :)
I encourage you to take a look at nymphemeral's git log and issues tracker. I think I am a very organized developer and I have been trying my best to follow the gitflow model and take advantage of the features offered by GitHub.