
Lightnion: Tor in the Browser - lbeziaud
https://github.com/spring-epfl/lightnion
======
iamnotacrook
So all the speed, black listing and endless unsolvable captchas of Tor but
with none of that annoying anonymity!

~~~
agumonkey
tor speed is an improvement, it impedes on social network addiction :p

------
kodablah
Appears to be a public TCP-to-websocket proxy to a Tor client w/ a JS wrapper.
I assume the host could be an onion service address which does have value, but
you're still going through a proxy.

At that point, you might as well have your own web server side connect to Tor
and do what you want, it's not hard w/ libs out there. Otherwise, if I see
this on your site, I just might start using your proxy as my new tor2web, heh
(not that there is real value over just my own Tor client running locally).

~~~
plcp
It's a lightweight Tor client written in Javascript than runs in the end-user
browser. The websocket-to-TCP (dumb) proxy acts in some ways as a Guard node
from the live network (it's not about running a Tor client on a remote proxy).
Hopefully, a pluggable transport will be implemented at some point and Guard
nodes will be able to directly accept incoming connections, without proxy.

Note that it's not a replacement for the Tor browser: it is not build for the
same usages. A good example is people implementing privacy-oriented tools with
strong cryptography in Javascript to drives adoption. The goal is to improve
the privacy of such partially honest services by bringing anonymity into the
picture, with a better compromise than a _" trust us to not log"_ policy.

You can even fantom models where a commercial service provider focused on
privacy push its users to use the Tor Browser while shipping a Tor client by
default to its user that didn't bothered installing one. Because at the end,
it will be easier to keep your promises about not doing logs if you
intentionally forced all of your users through the Tor network.

------
plcp
Found an associated paper here:
[https://madweb.work/papers/paper10.pdf](https://madweb.work/papers/paper10.pdf)

------
zaarn
Could be useful for people in controlled software environments, though it
would require new, special types of bridges...

------
aakilfernandes
My understanding of Tor is that proxy keys are shared in a gossip network, and
that without access to that gossip network you're vulnerable to being sybil
attacked. How does Lightnion solve this? Or am I misunderstanding Tor?

~~~
plcp
There's a consensus made on the global state of the Tor network made between
several well-known parties: just as a regular Tor client, Lighnion downloads
the consensus document, parses it, validates its signatures and perform a path
selection algorithm on it. It's several megabytes to downloaded by the
Javascript client (itself being few kilobytes) and is currently a limitation
of the protocol.

If the "walking onions" proposal gets maintstream (i.e. private retrieval of a
consensus subset), we can hope for improvements (see
[https://gitweb.torproject.org/torspec.git/tree/proposals/300...](https://gitweb.torproject.org/torspec.git/tree/proposals/300-walking-
onions.txt)).

------
johndough
Nice, this could be another way to solve the problem of hosting an anonymous
website without forcing the user to install a new browser. Only needs someone
to host a proxy website.

