├── conf ├── apache2-website.conf ├── apache2.conf ├── nginx.conf ├── privoxy-config ├── proxy.pac ├── rewriteurl.pl ├── squid.conf ├── tor2web.org-ss.crt └── tor2web.org-ss.key ├── config.html ├── forwarding-failed.html ├── google208953862fc78abe.html ├── google70664d1609b3d899.html ├── index.html ├── invalid.html ├── legal.html ├── mirror.html ├── security.html ├── style.css └── tortodo.html /conf/apache2-website.conf: -------------------------------------------------------------------------------- 1 | 2 | ServerName tor2web.org 3 | DocumentRoot /var/www/tor2web.org/ 4 | 5 | 6 | 7 | ServerName www.tor2web.org 8 | Redirect permanent / http://tor2web.org/ 9 | 10 | 11 | 12 | ServerName www.tor.theinfo.org 13 | ServerAlias tor.theinfo.org 14 | ServerAlias tor2web.com 15 | ServerAlias www.tor2web.org 16 | ServerAlias www.tor2web.com 17 | Redirect permanent / http://tor2web.org/ 18 | 19 | 20 | 21 | ServerName tor.theinfo.org 22 | ServerAlias *.tor.theinfo.org 23 | RewriteEngine On 24 | RewriteCond %{HTTP_HOST} ^(.*).tor.theinfo.org$ [NC] 25 | RewriteRule ^(.*)$ https://%1.tor2web.org$1 [R=301,L] 26 | 27 | 28 | 29 | ServerName tor2web.com 30 | ServerAlias *.tor2web.com 31 | RewriteEngine On 32 | RewriteCond %{HTTP_HOST} ^(.*).tor2web.com$ [NC] 33 | RewriteRule ^(.*)$ https://%1.tor2web.org$1 [R=301,L] 34 | 35 | -------------------------------------------------------------------------------- /conf/apache2.conf: -------------------------------------------------------------------------------- 1 | # load modules 2 | LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so 3 | LoadModule cache_module /usr/lib/apache2/modules/mod_cache.so 4 | LoadModule disk_cache_module /usr/lib/apache2/modules/mod_disk_cache.so 5 | LoadModule env_module /usr/lib/apache2/modules/mod_env.so 6 | LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so 7 | LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so 8 | LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so 9 | LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so 10 | LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so 11 | LoadModule status_module /usr/lib/apache2/modules/mod_status.so 12 | 13 | # filenames 14 | SSLCertificateFile /etc/apache2/tor2web.org.crt 15 | SSLCertificateKeyFile /etc/apache2/tor2web.org.key 16 | CacheRoot /mnt/apache2-cache 17 | ServerRoot "/etc/apache2" 18 | LockFile /var/lock/apache2/accept.lock 19 | PidFile ${APACHE_PID_FILE} 20 | ErrorLog /var/log/apache2/error.log 21 | 22 | # basic stuff 23 | Listen 80 24 | Listen 443 25 | User ${APACHE_RUN_USER} 26 | Group ${APACHE_RUN_GROUP} 27 | HostnameLookups Off 28 | LogLevel warn 29 | 30 | 31 | StartServers 32 32 | ServerLimit 32 33 | MinSpareThreads 25 34 | MaxSpareThreads 75 35 | ThreadLimit 1920 36 | ThreadsPerChild 64 37 | MaxClients 2048 38 | MaxRequestsPerChild 0 39 | 40 | 41 | SSLRandomSeed startup builtin 42 | SSLRandomSeed startup file:/dev/urandom 512 43 | SSLRandomSeed connect builtin 44 | SSLRandomSeed connect file:/dev/urandom 512 45 | SSLSessionCache shmcb:/var/run/apache2/ssl_scache(512000) 46 | SSLSessionCacheTimeout 300 47 | SSLMutex file:/var/run/apache2/ssl_mutex 48 | #SSLCipherSuite HIGH:MEDIUM:!ADH 49 | # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 50 | SSLProtocol all -SSLv2 51 | 52 | # global custom stuff 53 | SSLCipherSuite DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA 54 | 55 | 56 | RewriteEngine On 57 | RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 58 | 59 | 60 | 61 | 62 | SetHandler server-status 63 | 64 | 65 | SSLEngine on 66 | ProxyRequests Off 67 | ProxyPreserveHost On 68 | 69 | RewriteEngine On 70 | RewriteCond %{HTTP_HOST} ^x\.tor2web\.org(:443)?$ 71 | RewriteRule ^/([a-z0-9]+)$ https://x.tor2web.org/$1/ [R] 72 | RewriteCond %{HTTP_HOST} ^x\.tor2web\.org(:443)?$ 73 | RewriteRule ^/([a-z0-9]+)(/.*)$ http://127.0.0.1:8118$2 [P,E=SERVICE:$1] 74 | RewriteCond %{HTTP_HOST} ^([a-z0-9][a-z0-9]+)\.tor2web\.org(:443)?$ 75 | RewriteRule ^(.*)$ http://127.0.0.1:8118$1 [P,E=SERVICE:%1] 76 | RequestHeader set Host "%{SERVICE}e.onion" 77 | 78 | ErrorDocument 404 /index.html 79 | 80 | CacheEnable disk / 81 | #CacheStoreExpired On 82 | #CacheStaleOnError on 83 | CacheMaxExpire 6048000 84 | CacheIgnoreNoLastMod On 85 | SetEnvIf Cookie .+ no-cache 86 | 87 | -------------------------------------------------------------------------------- /conf/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 1; 3 | 4 | pid /var/run/nginx.pid; 5 | 6 | events { 7 | worker_connections 10000; 8 | } 9 | 10 | http { 11 | include /etc/nginx/mime.types; 12 | sendfile on; 13 | keepalive_timeout 65; 14 | tcp_nodelay on; 15 | proxy_temp_path /var/cache/nginx/proxy_temp; 16 | proxy_cache_key $scheme$host$request_uri; 17 | proxy_cache_path /var/cache/nginx/cached levels=2:2 keys_zone=global:640m inactive=30d max_size=100G; 18 | 19 | server { 20 | listen 80; 21 | rewrite ^(.*)$ https://$host$1 permanent; 22 | } 23 | 24 | server { 25 | listen 443 default ssl; 26 | ssl_certificate /etc/nginx/tor2web.org.crt; 27 | ssl_certificate_key /etc/nginx/tor2web.org.key; 28 | 29 | ssl_ciphers DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA; 30 | ssl_protocols SSLv3 TLSv1; 31 | 32 | server_name tor2web.org; 33 | location / { 34 | proxy_pass http://127.0.0.1:8118; 35 | proxy_read_timeout 2000; 36 | set $hostreq "${host}${request_uri}"; 37 | if ($host ~* (.*).tor2web.org) { 38 | set $server_id $1; 39 | } 40 | if ($hostreq ~* x.tor2web.org/([^/]+)(/.*)) { 41 | set $server_id $1; 42 | rewrite ^/[^/]+(/.*)$ $1 break; 43 | } 44 | proxy_set_header Host $server_id.onion; 45 | proxy_cache global; 46 | proxy_cache_valid any 1h; 47 | proxy_cache_valid 503 1s; 48 | proxy_cache_use_stale updating error timeout; 49 | proxy_redirect http://$server_id.onion/ https://$server_id.tor2web.org/; 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /conf/privoxy-config: -------------------------------------------------------------------------------- 1 | # This is the main tor2web privoxy configuration file 2 | # This goes into /etc/privoxy/config 3 | # 4 | listen-address 127.0.0.1:8118 5 | toggle 0 6 | accept-intercepted-requests 1 7 | forward-socks4a / 127.0.0.1:9050 . 8 | confdir /etc/privoxy 9 | 10 | toggle 1 11 | enable-remote-toggle 0 12 | enable-edit-actions 0 13 | enable-remote-http-toggle 0 14 | buffer-limit 4096 15 | templdir /etc/privoxy/templates 16 | -------------------------------------------------------------------------------- /conf/proxy.pac: -------------------------------------------------------------------------------- 1 | function FindProxyForURL(url, host) { 2 | if (shExpMatch(url,"*.onion/*")) { return "PROXY localhost:8118"; } 3 | return "DIRECT"; 4 | } -------------------------------------------------------------------------------- /conf/rewriteurl.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | $|=1; 3 | my $line; 4 | while ($line = ) { 5 | if ($line =~ m,^http://[a-z0-9]+\.tor2web\.com,) { 6 | $line =~ s,(http://[a-z0-9]+\.)tor2web\.com,$1onion,; 7 | } else { 8 | $line = "http://tor2web.com/invalid\n"; 9 | } 10 | print $line; 11 | } 12 | -------------------------------------------------------------------------------- /conf/squid.conf: -------------------------------------------------------------------------------- 1 | acl all src all 2 | acl manager proto cache_object 3 | acl purge method PURGE 4 | acl connect method CONNECT 5 | acl safe port 80 6 | http_access deny manager 7 | http_access deny purge 8 | http_access deny connect 9 | http_access deny !safe 10 | http_access allow all 11 | acl apache rep_header Server ^Apache 12 | broken_vary_encoding allow apache 13 | forwarded_for delete 14 | 15 | access_log none 16 | cache_store_log none 17 | 18 | icp_port 0 19 | http_port 80 vhost vport=80 20 | http_port 8080 vhost vport=80 21 | cache_peer localhost parent 8118 0 default no-query no-digest no-netdb-exchange 22 | never_direct allow all 23 | 24 | visible_hostname tor2web.com 25 | 26 | redirect_program /etc/squid/rewriteurl.pl 27 | redirect_children 20 28 | 29 | cache_dir ufs /var/spool/squid 170400 16 256 30 | -------------------------------------------------------------------------------- /conf/tor2web.org-ss.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICMTCCAZoCCQCMcx3RorULXjANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJB 3 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 4 | cyBQdHkgTHRkMRYwFAYDVQQDDA0qLnRvcjJ3ZWIub3JnMB4XDTEyMDMyMTIzMjQz 5 | NloXDTIyMDMxOTIzMjQzNlowXTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUt 6 | U3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEWMBQGA1UE 7 | AwwNKi50b3Iyd2ViLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8hGp 8 | Lh/L8SvZ6KzZyPjSpepbDRfk4f9ljPQsmpJ9RS/jmu/cd02wNjhwT60LuAMwcYx2 9 | 4pLgyxlmCX8RJp4mxt0rfRciruseF7hhFlb/FH7ly25NaBt1G3yypWW73JeHX9qu 10 | 1uVBtsxt3RljIsWO3hi27xS3uvPb4Hpdlwf8t9kCAwEAATANBgkqhkiG9w0BAQUF 11 | AAOBgQDGFwBe5RJgfYej63xfWIYxQd9+lTUcaQbQEMRzOJi71md2g+ZtNKDpEKX4 12 | YM+je0Mm4acSVWntMmM9DTsA7sy0ELNHED4C36FfcHoUyHZmVOO5gVkRoJRaF9OS 13 | 0F6+qOAEYP14TIITaDdfbHZvahAmsGoYYzYG5A89RIw2M5mktg== 14 | -----END CERTIFICATE----- 15 | -------------------------------------------------------------------------------- /conf/tor2web.org-ss.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIICXQIBAAKBgQDyEakuH8vxK9norNnI+NKl6lsNF+Th/2WM9Cyakn1FL+Oa79x3 3 | TbA2OHBPrQu4AzBxjHbikuDLGWYJfxEmnibG3St9FyKu6x4XuGEWVv8UfuXLbk1o 4 | G3UbfLKlZbvcl4df2q7W5UG2zG3dGWMixY7eGLbvFLe689vgel2XB/y32QIDAQAB 5 | AoGBAIq5oFD0m/XsgYccd/r6zg2Tjvaj+OGjcdkjneQ/i1b5KOEEET614QRRt9uR 6 | eiPMgBiyvPb/4Z/DQHy0u2l8PQ+hD7xDT1cvqcCB/drgIZ3Prql+PWDx17mlkysg 7 | oXBw+vHUvPj1ZS5/AcDNG+OaN8wyVixqanD11NyilV2KVlHhAkEA/mGu8wP65/Yc 8 | nWwiuYZkbAdywh21Dzbx+3aX1Cu1DxLlfzRGmnd9EAa6Eq1KcpnpNRPHcSuI8qvq 9 | pWJBOEyjbQJBAPOb7Hc5jimQwdaFPjl5vOSOewwHWn9/uRyYhAjCdrhLc/dKNk2c 10 | YYpz3uLoR4yAry/FWl/DIzY3zyy4C6rhtp0CQGXUvs8jib5vxDa0ghYYmXyxYpwY 11 | flGP4kCS0eaqdHmLS/mm+Jh/Or4+oyA05LeJq1SHDXDdR541eeIougkKjOUCQQDS 12 | KocLJOB9A6H3TOSt+VT5aeLGMeHldW9iOEJQvFRoEtBtW90VgAC2zdhQskxn7u00 13 | rXKWg2dxcxyNXArU1f4RAkB4r3X59xl4ifP7f8QjHni7auFHsftvxNrIjhLuQjbc 14 | KO9KbJBuoHBvYhHyUh3tL8NQLD0FGe4/g9cJxq7OSgW2 15 | -----END RSA PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /config.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | tor2web: how to run a proxy 5 | 6 |
7 |

tor2web: how to run a proxy

8 |
9 | 10 |

Want to set up a proxy of your own? Here's how! For simplicity, we'll assume you're running a recent version of Ubuntu, but the instructions should be easy to adapt to any other OS. (Don't have a server? You can get one using Amazon's EC2 with Ubuntu AMIs.)

11 | 12 | 
13 | # Install the latest version of tor, with the tor2web flag
14 | sudo apt-get install python-software-properties
15 | sudo apt-add-repository http://deb.torproject.org/torproject.org
16 | gpg --keyserver keys.gnupg.net --recv 886DDD89
17 | gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
18 | sudo apt-get update
19 | sudo apt-get install deb.torproject.org-keyring dpkg-dev autoconf
20 | sudo apt-get build-dep tor
21 | git clone git://git.torproject.org/debian/tor.git
22 | cd tor
23 | curl https://trac.torproject.org/projects/tor/raw-attachment/ticket/2553/0001-Add-support-for-an-enable-tor2web-mode-DEB_BUILD_OPT.patch | patch -p 1
24 | ./autogen.sh
25 | echo "all:" > src/test/Makefile
26 | echo "check:" >> src/test/Makefile
27 | echo "install:" >> src/test/Makefile
28 | DEB_BUILD_OPTIONS="enable-tor2web-mode" fakeroot debian/rules binary
29 | cd ..
30 | sudo dpkg -i tor_0.2.3.12-alpha-1_amd64.deb
31 | # (this will return an error, ignore it)
32 | sudo sh -c "echo Tor2webMode 1 >> /etc/tor/torrc"
33 | sudo /etc/init.d/tor restart
34 | 
35 | # Install privoxy to translate normal web requests to SOCKS, which Tor speaks:
36 | sudo apt-get install privoxy
37 | sudo sh -c "curl http://tor2web.org/conf/privoxy-config > /etc/privoxy/config"
38 | sudo /etc/init.d/privoxy restart
39 | 
40 | # Install Apache to serve web requests
41 | sudo apt-get install apache2
42 | sudo sh -c "curl http://tor2web.org/conf/apache2.conf > /etc/apache2/apache2.conf"
43 | sudo sh -c "curl http://tor2web.org/conf/tor2web.org-ss.crt > /etc/apache2/tor2web.org.crt"
44 | sudo sh -c "curl http://tor2web.org/conf/tor2web.org-ss.key > /etc/apache2/tor2web.org.key"
45 | 
46 | # Make the cache directory (edit apache2.conf if you want this somewhere else)
47 | sudo mkdir /mnt/apache2-cache
48 | sudo chown www-data /mnt/apache2-cache
49 | 
50 | sudo /etc/init.d/apache2 restart
51 |
52 | 53 |

To debug, you can check the individual components to make sure they work:

54 | 55 | 
56 | # Tor
57 | curl -i --socks4a 127.0.0.1:9050 http://duskgytldkxiuqc6.onion/
58 | # privoxy
59 | curl -x 127.0.0.1:8118 http://duskgytldkxiuqc6.onion/
60 | # Apache
61 | curl -k -H "Pragma: none" -H "Host: duskgytldkxiuqc6.tor2web.org" -i https://127.0.0.1/
62 | # run again to see if it serves from cache:
63 | curl -k -H "Pragma: none" -H "Host: duskgytldkxiuqc6.tor2web.org" -i https://127.0.0.1/
64 |
65 | 66 |

That's it!

67 | 68 |

Send your IP address to info@tor2web.org and ask to be added to the *.tor2web.org round-robin. This will allow your server to respond to requests from the public for Tor hidden services. (We'll also send you the real SSL keys; the ones above are only for testing purposes.)

69 | 70 |

If you have trouble with the process or would like a different way of doing it, let me know. If you want to build scripts or tools to simplify this process, that would be great too. You might also be interested in running a Tor relay.

71 | 72 |

See also: Is this legal?

73 | 74 |
75 | 76 |
info@tor2web.org
77 | 78 | 79 | -------------------------------------------------------------------------------- /forwarding-failed.html: -------------------------------------------------------------------------------- 1 | 2 | Connection failed (via tor2web.org) 3 | 4 |

Connection failed

5 | 6 |

Sorry, we couldn't find the page you requested. This could be because:

7 | 8 |
    9 |

  1. You entered an invalid URL. This is most likely if you get this page immediately after trying to visit a URL. This service only works with valid .onion URLs. Please check your URL and try again.

    2. 10 |

  2. The server you're trying to connect to is down. This is most likely if you get this page after a long wait. Please try again later.

    3. 11 |

  3. The Tor network is overloaded. This is most likely if you have other reasons to believe the URL is valid and the server is up. Please try again later.

    4. 12 |

  4. There's a problem with tor2web. This is most likely if you get this error on every uncached request. Please let us know.

    5. 13 |
14 | 15 |

If you need to get to the page urgently, you can also download the Tor browser bundle and replace .tor2web.org with .onion to visit the web page directly through Tor.

16 | 17 |
tor2web.org
18 | 19 | 20 | -------------------------------------------------------------------------------- /google208953862fc78abe.html: -------------------------------------------------------------------------------- 1 | google-site-verification: google208953862fc78abe.html -------------------------------------------------------------------------------- /google70664d1609b3d899.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aaronsw/tor2web/e7193639ab26491407ee14596e3617aafec522f0/google70664d1609b3d899.html -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | tor2web: visit anonymous websites 6 | 7 |
8 |

tor2web: visit anonymous websites

9 |
10 | 11 |

Tor is a software project that lets you use the Internet anonymously. tor2web is a project to let Internet users access anonymous servers.

12 | 13 |

Here's how it works: Imagine you've got something that you want to publish anonymously, like the Federalist Papers or leaked documents from a whistleblower. You publish them via HTTP using a Tor hidden service; that way your anonymity is protected. Then people access those documents through tor2web; that way anyone with a Web browser can see them.

14 | 15 |

Getting started

16 | 17 |

Whenever you see a URL like http://duskgytldkxiuqc6.onion/, that's a Tor hidden Web service. Just replace .onion with .tor2web.org to use the tor2web proxy network. Example:

18 | 19 | 
https://duskgytldkxiuqc6.tor2web.org/
20 | 21 |

This connects you with tor2web, which then talks to the hidden service via Tor and relays the response back to you.

22 | 23 |

WARNING: tor2web is only intended to protect publishers, not readers. You won't get the level of anonymity, confidentiality, or authentication that you would get if you were using a Tor client yourself. Using tor2web trades off security for convenience; install Tor for better results. (More details...)

24 | 25 |
26 |

Example sites

27 | 28 | 33 |
34 | 35 |

More information

36 | 37 | 43 | 44 |

Support us

45 |

HOST: You can set up your own tor2web proxy.

46 | 47 |

CODE: You can write code to help us. Also check out tor2web-related tasks in Tor.

48 | 49 |

Press

50 | 51 | 56 | 57 |
58 |
59 | info@tor2web.org
60 | to report abuse, please contact abuse@tor2web.org 61 |
62 | 63 | 64 | -------------------------------------------------------------------------------- /invalid.html: -------------------------------------------------------------------------------- 1 | 2 | Invalid URL specified 3 | 4 | 5 |

Invalid!

6 | 7 |

You've requested an invalid URL. This server only supports Tor hidden services.

8 | 9 |

Example: https://duskgytldkxiuqc6.tor2web.org/

10 | 11 |
tor2web.org
12 | 13 | 14 | -------------------------------------------------------------------------------- /legal.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | tor2web: is this legal? 4 | 5 | 6 |
7 |

tor2web: is this legal?

8 |
9 | 10 |

A tor2web proxy is just like any other piece of network infrastructure; it just passes back and forth requests and responses and doesn't inspect or modify content.

11 | 12 |

17 USC 512(a) (part of the DMCA) says:

13 | 14 |

A service provider shall not be liable ... for infringement of copyright by reason of the provider's transmitting, routing, or providing connections for, material through a system ... operated by or for the service provider, or by reason of the intermediate and transient storage of that material in the course of such transmitting, routing, or providing connections, if --

15 | 16 |
    17 |

  1. the transmission of the material was initiated by or at the direction of a person other than the service provider;

    2. 18 | 19 |

  2. the transmission ... is carried out through an automatic technical process without selection of the material by the service provider;

    3. 20 | 21 |

  3. the service provider does not select the recipients of the material except as an automatic response to the request of another person;

    4. 22 | 23 |

  4. no copy of the material made ... is maintained ... in a manner ordinarily accessible to anyone other than anticipated recipients [or] for a longer period than is reasonably necessary for the transmission...

    5. 24 | 25 |

  5. the material is transmitted ... without modification of its content.

    6. 26 |
27 | 28 |
29 | 30 |

512(b) extends the immunity to "generally accepted industry standard" caching.

31 | 32 |

(The DMCA takedown notice procedures you may have heard of are part of 512(c) and only apply to services that store copies of material.)

33 | 34 |

For more information, see the Tor legal FAQ.

35 | 36 | 37 | 38 |
39 |
info@tor2web.org
40 | 41 | 42 | -------------------------------------------------------------------------------- /mirror.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | tor2web: what about mirroring? 5 | 6 |
7 |

tor2web: what about mirroring?

8 |
9 | 10 |

It's possible to imagine some hidden Web services becoming quite popular and overloaded or somehow getting shut down. It would be nice if other hidden Web services mirrored their content so that users could still access it. And it would be nice if there was a directory service that would point users to an accessible copy of the content. Here's a proposal for such a system:

11 | 12 |
    13 |

  1. You have a bunch of files you'd like to publish. You publish them via HTTP and publish a list at /files.txt mapping their SHA1 to their path on your server.

    2. 14 | 15 |

  2. You register your HTTP server with a directory server. The 16 | directory server reads your files.txt and adds it to its index. Now 17 | whenever someone asks for a SHA1 you host, it redirects them to it on 18 | your server (perhaps using CAW as well).

    3. 19 | 20 |

  3. Someone else asks the directory server for a list of the most 21 | popular files. They download a copy, publish them via 22 | HTTP, publish a files.txt for them, and notify the directory. Now the 23 | directory server can round-robin between the two. (To prevent against directory poisoning, the directory can occasionally spot-check the servers in its index to make sure the files they server match the hash.)

    4. 24 |
25 | 26 |

The end result is that you can point users at a URL like:

27 | 28 |

http://dir.theinfo.org/sha1/ed70c57d7564e994e7d5f6fd6967cea8b347efbc

29 | 30 |

and be fairly confident that they can get a copy.

31 | 32 |

Note that such a system need not be limited to tor2web servers proxying for hidden HTTP servers. It could redirect to the file on any Web-accessible system.

33 | 34 |
35 |
info@tor2web.org
36 | 37 | 38 | -------------------------------------------------------------------------------- /security.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | tor2web: security considerations 4 | 5 | 6 |
7 |

tor2web: security considerations

8 |
9 | 10 |

Install Tor

11 | 12 |

For maximum security, install your own copy of Tor and use that to visit the .onion URLs. Tor will encrypt and anonymize your requests and use digital signatures to verify you're talking to the actual server.

13 | 14 |

If you don't want to access all your pages through Tor, but just .onion URLs, set your browser's PAC file to:

15 | 16 | 
http://tor2web.org/conf/proxy.pac
17 | 18 |

On Mac OS X, you can do this by clicking the Apple Menu, choosing "System Preferences...", clicking the button "Network", clicking the green dot on the left, clicking the button "Advanced...", choosing the tab "Proxies", checking "Automatic Proxy Configuration" on the left and clicking it, then putting this in the "URL:" box, clicking "OK", then clicking "Apply".

19 | 20 |

Hide domain names

21 | 22 |

tor2web uses SSL so that others can't eavesdrop on your requests, but this doesn't protect you from people looking at your own browser history or if someone compromises the tor2web server itself. In addition, in its default usage people will be able to tell which Tor site you're visiting. To prevent this, you can use x.tor2web.org as follows:

23 | 24 | 
https://x.tor2web.org/duskgytldkxiuqc6/
25 | 26 |

This isn't turned on by default since it breaks most internal site links.

27 | 28 |
29 |
info@tor2web.org
30 | 31 | 32 | -------------------------------------------------------------------------------- /style.css: -------------------------------------------------------------------------------- 1 | html, body { margin: 0; padding: 0; font-family: "Times", "Times New Roman", serif; font-size:1em; letter-spacing: .025em; } 2 | .header { background-color: #47A03C; margin: 0; padding: .2em; color: white; } 3 | .header a:link, .header a:visited { color: white; text-decoration: underline; } 4 | h1 { text-align: center; font-family: "American Typewriter", "Andale Mono", "Monaco", "MPW", monospaced; font-weight: normal; } 5 | h1 a { font-weight: bold; } 6 | h2 { margin-top: 1.5em;} 7 | p { margin-left: 1.5em; margin-right: 1.5em } 8 | .body { margin: auto; width: 50em; padding-top: .5em;} 9 | 10 | .example { border: 1px solid #ccc; float: right; background: #eee; padding: 1em; margin: 1em } 11 | .example h3 { padding-top: 0; margin-top: 0; } 12 | .example ul { padding-left: 1.5em; } 13 | 14 | address { padding: 1.5em; color: #555; text-align: center;} 15 | code, pre { background-color: #eee;} 16 | pre { padding: 1em; } 17 | a:link { color: #377e10; } 18 | a:visited { color:#777; } -------------------------------------------------------------------------------- /tortodo.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | tor2web: how can Tor help? 5 | 6 |
7 |

tor2web: how can Tor help?

8 |
9 | 10 |

Support half-anonymity

11 | 12 |

Right now when a client connects to a hidden server, both parties pick a "rendezvous point" and create anonymous connections to it, so that neither side knows the others identity. The identity of tor2web proxies, however, are public, so there is no point in disguising their identity.

13 | 14 |

If Tor had an option to allow the tor2web proxies to select themselves as rendezvous points, it could significantly speed things up.

15 | 16 |

STATUS: Roger says he's hesitant to support this.

17 | 18 |

Speed up network services

19 | 20 |

Support more things like NLnet Project: Speed Up Tor Hidden Services.

21 | 22 |

Add Tor support to nginx

23 | 24 |

It would be great if nginx (the caching proxy we use with tor2web) support Tor (i.e. SOCKS4a) so that we didn't have to proxy requests through privoxy as well.

25 | 26 |

Create a read-only version of the browser bundle

27 | 28 |

It would be nice if there was a Tor browser bundle that only handled .onion requests so that people could visit .onion websites without routing all of their traffic through Tor.

29 | 30 |

Automated testing of tor2web proxies

31 | 32 |

tor2web proxies frequently go down, but this is difficult to detect because of the long and variable lags in returning uncached pages as well as frequent downtime from even the most popular network services. Reliable tools to detect whether a proxy is actually down, notify its owner, and remove it from the DNS round robbin would be an enormous help.

33 | 34 |

Consistent hashing DNS server

35 | 36 |

There are multiple caching proxies that server *.tor2web.org requests. If users are directed to select one at random, this leads to cache fragmentation. Ideally, the DNS server would use a consistent hashing scheme to return a particular server for each onion domain.

37 | 38 |
39 |
info@tor2web.org
40 | 41 | 42 | --------------------------------------------------------------------------------