Hi there John - glad to have you working with Tor! We're really anxious to
see where you go with this project since, as exemplified by the recent
incident with PrivacyNow [0], we're currently pretty miserable about
noticing and flagging bad exits.
Unfortunately our definition of a bad exit is pretty vague [1]:
"BadExit" if the router is believed to be useless as an exit node
(because its ISP censors it, because it is behind a restrictive
proxy, or for some similar reason).
An easy place to start would be to solicit input on or-talk for a better
definition and enumerable attributes we can look for. Some obvious starting
ones would be ssl stripping, certificate tampering (checking for differences
like the Perspectives addon [2]), and bad DNS responses. I'd imagine Scott
Bennett would be glad to jump in with some more ideas. :)
Also, have you thought about setting up a site or blog where people can
check how things are coming along? Here's what I did when doing GSoC with
the SIP Communicator project: http://www.atagar.com/misc/gsocBlog/
Again, glad to have you and looking forward to working with you this summer!
-Damian
[0] http://archives.seul.org/or/talk/Apr-2010/msg00120.html
[1]
http://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=doc/spec/dir-spec.txt
[2] http://www.cs.cmu.edu/~perspectives/index.html
On Fri, Apr 30, 2010 at 9:15 PM, John M. Schanck <jm...@hampshire.edu>wrote:
> Hi or-talk,
> My name is John Schanck, I'm a third year CS student at Hampshire College,
> and I'll be working with Tor this summer through Google Summer of Code.
> First, let me say how excited I am to have this opportunity - I've been
> following the Tor project for several years now and can think of no better
> place to devote my efforts. Many thanks to those of you who read my
> proposal, especially Mike Perry who has graciously agreed to mentor the
> project, and Damian and Erinn who have also offered up some of their time.
>
> I'm going to be working on improving the Snakes on a Tor (SoaT) exit
> scanner. For those of you not familiar with it, SoaT aims to detect
> malicious, misconfigured, or heavily censored exit nodes by comparing the
> results of queries fetched across those exits to results obtained without
> Tor. It's an ambitious project, originally developed by Mike Perry and
> crafted into its current form by Aleksei Gorney during GSoC 2008, so my
> goals are modest. I'm going to begin by stabilizing the existing codebase,
> and then work on minimizing the number of false positives generated by the
> current filters. If time permits I'll also begin designing new filters to
> handle adversaries not yet accounted for.
>
> If you'd like to talk about the project (or just say hello), you can find
> me on OFTC under the nickname 'susurrusus'.
>
> Cheers,
> John
>
> PS. Congratulations to the other accepted students, I look forward to
> meeting you and hearing about your projects :).
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEAREDAAYFAkvbquAACgkQke2DTaHTnQlItQCgkFWuzOYTTA1ctpRTaa54q5Zf
> kmAAnR5Z8jzMOaFErAkSXyGEdtRbXbBJ
> =9a6k
> -----END PGP SIGNATURE-----
>
>
