
Tor in Google Summer of Code 2014 - taylorbuley
https://blog.torproject.org/blog/tor-google-summer-code-2014
======
benjaminpv
Serious question for people that are familiar with Tor: given that we've
already seen people get arrested for simply running an exit node, have
features like hidden services made it any safer for someone that agrees with
tor's purpose (providing a less restricted end point to people that are
censored by their governments) to keep an exit node running?

It seems to me that arresting an exit node's maintainer for child porn serves
to have a real chilling effect on the system. As much as I'd like to provide,
say, a dissident with a means to voice their opinion, it's not going to help
when the cops cart away the exit note and haul me off to jail.

I guess what I'm thinking is that hidden tor services sort of 'close the gap'
when it comes to problems like I describe above, since conceivably a political
dissident could post to a hidden service (never appearing on the Internet at
large) and have something of an intermediary in a country with greater freedom
post it for them?

~~~
NegativeK
I've talked to someone who runs an exit node. They not only have avoided
hassle, but they run it via Amazon, which is supposedly against ToS. No issues
so far.

Also, if people would like to help Tor but are afraid of running an exit node,
Noisebridge (a hackerspace) runs a fucking giant exit node. Donating time or
money to them would help.

~~~
dublinben
Exit relays can be run on AWS, but it's a waste of money. You'd be better off
with an inexpensive VPS from a Tor-friendly provider. Donations of any amount
can also be sent to TorServers.net.

[https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISP...](https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs)

------
pearjuice
So is Tox, "a free and open source replacement to the well used proprietary
application Skype".

[https://www.google-
melange.com/gsoc/org2/google/gsoc2014/tox](https://www.google-
melange.com/gsoc/org2/google/gsoc2014/tox)

~~~
eqyiel
This may be the coolest thing to ever come out of /g/!

------
willvarfar
I tried to actually use tor for my browsing back when snowden leaked and
schneier implored us all to. But I found the browser really too restricted to
be useful. I understand that plugins can go around the browser config etc, but
there has to be a better way...

The project I want to see is running the tor router in zerovm in docker, and
running a full browser and all plugins in a child docker in such a way that it
is fully fire walled and can only communicate via the tor container, with vnc
screen scraping etc.

And set up so the browser container can be launched in persistent mode to make
changes eg browser plugins, but normally runs with aufs on a ram disk so it
never touches disk and is completely lost when closed.

~~~
13throwaway
Can't you set up tor as an HTTP proxy then just use whatever browser you want?

~~~
A_COMPUTER
An HTTP proxy won't proxy DNS lookups. If you're using SOCKS4a/5 proxying,
Firefox will use it IF you set network.proxy.socks_remote_dns=true, on Chrome
it'll work if you use socks5 but the dns prefetch will bypass it and expose
you. On Firefox, plugins and extensions can bypass the proxy. I don't know
specifically about Chrome, but I experimented with it and when playing around
with strict firewall egress filtering and restrictive apparmor profile, using
the embedded Flash would just up and crash the browser.

It's not a good idea. If you want to use the web on Tor, use the browser
bundle.

------
manish_gill
Uhh...I don't think the organisations have been announced yet. This just means
that they will be applying for GSoC 2014, not that they are selected. :)

~~~
epanastasi
Announced here: [http://google-opensource.blogspot.com/2014/02/mentoring-
orga...](http://google-opensource.blogspot.com/2014/02/mentoring-
organizations-for-google.html)

Direct Link: [http://www.google-
melange.com/gsoc/org/list/public/google/gs...](http://www.google-
melange.com/gsoc/org/list/public/google/gsoc2014)

~~~
ScottWhigham
Direct link to the Tor entry: [http://www.google-
melange.com/gsoc/org2/google/gsoc2014/tor](http://www.google-
melange.com/gsoc/org2/google/gsoc2014/tor)

------
habosa
Oh no! Now Google is going to put a backdoor in Tor and use it to make more
money on GMail ads and sell my soul to the NSA!

Just kidding, turns out Google is not always evil. Good that HN gets a
reminder once in a while.

~~~
yeukhon
In the past Navy sponsored Tor and NSF continues to sponsor Tor. And someone
is going to say, "oh no."
[https://www.torproject.org/about/sponsors.html.en](https://www.torproject.org/about/sponsors.html.en)

Truth is, Google doesn't care what open source project you want to make into
GSoC, as long as someone likes your proposal, the project will get the $$ it
needs :) Note Mercurial didn't make it to GSoC officially this year (probably
have to go under PSF's name) - so even popular OSS doesn't automatically
becomes a GSoC participant.

~~~
yen223
Tor wasn't just sponsored by the Navy, it was "originally designed,
implemented, and deployed as a third-generation onion routing project of the
U.S. Naval Research Laboratory."
[https://www.torproject.org/about/overview.html.en](https://www.torproject.org/about/overview.html.en)

