Need help? Check out our Support site, then


[REQUEST] Widget for Anticensorship project "Flashproxy"; Help censored people

  1. Dear wordpress.com developers,

    I start with Tor, but it's about Flashproxy, a project replying on volunteer websites who put a badge on their pages. The badge is placed via an iframe and makes use of JavaScript and WebSockets.

    This is why it requires your attention. It is not allowed to use iframes or JavaScript, for very good reason, but you may find it acceptable and could provide a widget that would allow wordpress.com blog owners to place the badge on their blogs.

    It doesn't have to be a widget, you utilize shortcodes for embedding content, so you could do this here as well.

    You may or may not know the anonymity project Tor [1] created by the Tor
    Project. Tor (free open source software) aims to anonymize the location
    of the traffic by routing it through three nodes/relays run by
    volunteers. Anonymity was and still is the main goal. People with monitored
    Internet (from China, Iran, Syria, and many others) use Tor as a circumvention tool to connect to destinations they couldn't reach due to censorship.

    Censors prevent the entry to the Tor network by blocking all known
    relays (which are all because they are public). Bridges [2] (unlisted
    relays serving only as entry points) got deployed, but censors try to
    find bridges and block them as well.

    Censors can simply blacklist addresses they know, they can also
    fingerprint on traffic and disrupt connections. The Tor Project
    introduced Pluggable Transports [3] recently to plug something between
    the Tor components to modify traffic.

    One project utilizing Pluggable Transports, in a different way, is called Flashproxy. [4]

    Fast and short-living. Its initial implementation used Adobe Flash, but
    the new development makes use of JavaScript and Websockets. It aims to
    provide access to the Tor network by turning web browsers into proxies.
    The pool of addresses available should be large, at least large and
    unstable enough so censors couldn't enumerate them all.

    It works by people who visit a website, or multiple, containing a badge. The proxy connects to the facilitator and asks for clients to
    serve. The proxy may get IP addresses it connects to to transport
    (encrypted after the handshake) traffic between a client and a relay.
    You can see how it works in detail [5].

    Here's explain how to put in on a page. [6]

    Currently the badge works opt-out by default, that may change.

    It is an iframe pointing to stanford.edu and website owners have the choice to select if their visitors should be proxies by default or not.

    The first variant makes a visitor (his/her browser) a proxy, unless there's a cookie that opts-out.

    The second (recently added) variant does not relay traffic by default, a visitor has to visit the options page [7] (can be opened by clicking on the badge) and choose “Yes” or “No”.

    It does not work if the embedding page uses https due to restrictions of
    the proxies, but the won't produce a warning.

    Questions you might have:

    Q: Does a censored user have to see the badge?
    A: No the censored user makes use of the proxies provided by visitors.

    Q: Does this use bandwidth from the wordpress.com servers?
    A: No, your servers won't use more bandwidth.

    Q: How long is the (flash) proxy active?
    A: The proxy is active as long as a visitor is on the page with the badge on it. When he/she closes the page the proxy is gone.

    Q: What traffic will be transported?
    A: The proxy itself connects unencrypted (due to it's design). The Tor
    components on each users and the bridge/relay end encrypt the traffic.
    It's expected to be websites, but the visitor can't see it.

    Q: To what domains does the badge connect?
    A: Currently to crypto.standford.edu (host of the badge) and bamsoftware.com (host of the facilitator)

    Q: Does the flash proxy request content from the Internet on behalf of the client?
    A: No the proxy is just an intermediary between the client and the relay.

    As you are aware of the security implications by embedding
    third-party domain content I ask you to consider them and think about enabling blog owners to put a badge on their blogs.

    In the same breath I'd like to ask you to put the badge on wordpress.com pages to contribute to the project, if you like it.

    You can read about how the badge, facilitator, client and server side work. [8] Should you be interested in reading source code [9].

    If you got any questions just go ahead.

    The project maintainer is David Fifield, to whom I'll point for detailed
    answers on the design.

    Please note that the PDF (research paper) is a bit outdated since their
    initial implementation used Flash, which is not used anymore.

    This way I'm just contributing to the project, while I'm not directly involved in it.

    Thank you in advance for your time and your considerations.

    Best Regards!

    p.s. this is tracked by ticket [#7061]

    [1] https://www.torproject.org
    [2] https://www.torproject.org//docs/bridges.html.en
    [3] https://www.torproject.org//docs/pluggable-transports.html.en
    [4] http://crypto.stanford.edu/flashproxy/
    [5] http://crypto.stanford.edu/flashproxy/#how-it-works
    [6] http://crypto.stanford.edu/flashproxy/#badge-howto
    [7] http://crypto.stanford.edu/flashproxy/options.html
    [8] https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/doc/design.txt
    [9] https://gitweb.torproject.org/flashproxy.git/tree
    [#7601] https://trac.torproject.org/projects/tor/ticket/7061

Topic Closed

This topic has been closed to new replies.

About this Topic