
A Tor proxy that runs in your browser - mmastrac
https://crypto.stanford.edu/flashproxy/
======
jcoder
> "Flash proxy" is a name that should make you think "quick" and "short-
> lived." Our implementation uses standard web technologies: JavaScript and
> WebSocket.

I get it, but there's another (widely reviled) in-browser technology that goes
by the name Flash, and it's entirely plausible that this could be written with
it. Sometimes you need to be able to let go of a name.

~~~
javis
Does this not require Flash Player at all then?

~~~
mmastrac
From a cursory investigation of the source, this is WebSockets only.

------
arscan
Time for a stupid question: what prevents the censor from simply blocking the
facilitator? It isn't ephemeral like the "flash proxy"... so it seems like
you'd have the same problem as you have with the relays.

~~~
emily37
It's a good question, discussed a bit in the PETS paper:
<https://crypto.stanford.edu/flashproxy/flashproxy.pdf> (section 6). The short
answer is that communicating a small amount of information outside of the
censored region to a blocked facilitator is an easier problem than full
connectivity.

~~~
arscan
Yeah, it was a stupid question in that I should have read the paper ;-)
Laziness on my part, sorry.

Right, their idea is to basically leverage some protocols that allow unblocked
entities forward information from the client to the facilitator (which is
assumed to be directly blocked always). That seems to make sense.

It seems to be that the flash proxy must be able to connect to the client
directly (the client is not behind NAT), which seems like a pretty big
assumption... though that might be fine in the real world use cases that they
are targeting.

~~~
javis
Doesn't the requirement that the client not be behind NAT render this somewhat
useless?

Isn't the vast majority of the internet behind NAT?

~~~
psionski
Two words: port forwarding :) Yes, it makes using TOR a bit more difficult,
but not by very much...

~~~
coopdog
Plus IPv6 could drastically reduce the need for NAT (particularly in mobile
where they're basically out of IPs and basically NAT the entire mobile
network)

------
throwaway125
From how I understand it this is not a javascript Tor implementation at all.
It's an entirely different piece of software that allows you to create a whole
lot of volatile short lived proxy servers that can then be used to connect to
actual tor relays. The idea being that it will be really hard for censors to
block proxy servers that only exist for a short period of time.

------
chx
How can I block this? For reals. I have no desire to run a Tor proxy and be
shafted with CP charges.

Edit: my understanding is that this can be put into any web page and then make
anyone visiting that page a Tor exit node.

~~~
slowpoke
It makes me extremely sad - and somewhat angry - that a lot of people just
associate Tor with CP and criminals. Tor enabled and helped carry out fucking
revolutions. Hundreds, if not thousands of (not only) chinese dissidents use
it to communicate safely. It _protects lives_. Tor is a blessing upon
humanity, and a big, fat, thorn in the side of every oppressive government on
this planet.

The fact that some individuals use Tor for accessing child pornography is sad,
but that constitutes a _miniscule amount of its entire traffic_. Stop looking
at the few bad apples and look at the big picture.

Oh, and if you're at it, watch Jacob and Roger's talk at the 29c3 as soon as
it is available. They explained this awesome piece of software a bit more in
detail there, amongst all the other amazing projects related to the Tor
Project.

~~~
gyom
I agree with you about how awesome Jacob Appelbaum makes Tor sound, but you
could still make a case about not wanting your computer to be used without
your consent for stuff like that.

For example, as much as cancer research can benefit from extra computing
power, I wouldn't want web sites to start including secret javascript code
meant to "reap the spare cpu cycles" available when I visit their site.

~~~
slowpoke
It's equally debatable whether it's okay to put stupid advertisements or
tracking technology on your website - which have infinitely less positive
benefits for humanity than Tor.

Anyways, my answer wasn't about Flash-Proxy at all (which is, polemics aside,
indeed debatable). I was pissed about the attitude that Tor == CP, which is a
dishonest fallacy thrown around by supporters of surveillance and spying.

~~~
rz2k
There are at least three actual possibilities there:

1\. People afraid of being tracked down and prosecuted because someone used
their exit node for criminal behavior

2\. People concerned about limiting criminal behavior

3\. People who want to stop free speech

Assuming #3 seems like a stretch even if it is easy to conclude that people
pushing for constraints on free speech for the sake of limiting criminal
behavior under-appreciate the vital importance of vigorous anonymous public
discourse, even in countries without dictators.

~~~
slowpoke
_> 1\. People afraid of being tracked down and prosecuted because someone used
their exit node for criminal behavior_

Again, Flash Proxy is not an exit node, it's a bridge. It merely helps people
to access the Tor network, and does not relay traffic back out (which, as far
as I know, is not even technically possible). There's zero risks involved.
Also, why are you not running at least a relay, anyways?

 _> 2\. People concerned about limiting criminal behavior_

Limiting criminal behavior is fine, but never at the cost of essential
liberties and rights. This is inarguable. People rallying against Tor for
"criminal behavior" are the very same people we need Tor to protect ourselves
against.

 _> 3\. People who want to stop free speech_

I you[1] are such a person, I hate you and you more than deserve to have your
browser turned into a powerful weapon of the very thing you want to stop.

[1] This is the general you, I'm not talking to the parent poster
specifically.

------
liongo
that's great!

------
normalfaults
I thought I saw a similar project somewhere else on HN... interesting non the
less.

