> "Flash proxy" is a name that should make you think "quick" and "short-lived." Our implementation uses standard web technologies: JavaScript and WebSocket.
I get it, but there's another (widely reviled) in-browser technology that goes by the name Flash, and it's entirely plausible that this could be written with it. Sometimes you need to be able to let go of a name.
I like how to name implies (accidentally or not) that term "flash" is not anymore solely bound to doomed battery-eating technology from 00s but can be used as a generic word.
Time for a stupid question: what prevents the censor from simply blocking the facilitator? It isn't ephemeral like the "flash proxy"... so it seems like you'd have the same problem as you have with the relays.
It's a good question, discussed a bit in the PETS paper: https://crypto.stanford.edu/flashproxy/flashproxy.pdf (section 6). The short answer is that communicating a small amount of information outside of the censored region to a blocked facilitator is an easier problem than full connectivity.
Yeah, it was a stupid question in that I should have read the paper ;-) Laziness on my part, sorry.
Right, their idea is to basically leverage some protocols that allow unblocked entities forward information from the client to the facilitator (which is assumed to be directly blocked always). That seems to make sense.
It seems to be that the flash proxy must be able to connect to the client directly (the client is not behind NAT), which seems like a pretty big assumption... though that might be fine in the real world use cases that they are targeting.
Plus IPv6 could drastically reduce the need for NAT (particularly in mobile where they're basically out of IPs and basically NAT the entire mobile network)
From how I understand it this is not a javascript Tor implementation at all. It's an entirely different piece of software that allows you to create a whole lot of volatile short lived proxy servers that can then be used to connect to actual tor relays. The idea being that it will be really hard for censors to block proxy servers that only exist for a short period of time.
It makes me extremely sad - and somewhat angry - that a lot of people just
associate Tor with CP and criminals. Tor enabled and helped carry out fucking revolutions.
Hundreds, if not thousands of (not only) chinese dissidents use it to
communicate safely. It protects lives. Tor is a blessing upon humanity, and
a big, fat, thorn in the side of every oppressive government on this planet.
The fact that some individuals use Tor for accessing child pornography is sad,
but that constitutes a miniscule amount of its entire traffic. Stop looking
at the few bad apples and look at the big picture.
Oh, and if you're at it, watch Jacob and Roger's talk at the 29c3 as soon as it
is available. They explained this awesome piece of software a bit more in
detail there, amongst all the other amazing projects related to the Tor
Project.
I agree with you about how awesome Jacob Appelbaum makes Tor sound, but you could still make a case about not wanting your computer to be used without your consent for stuff like that.
For example, as much as cancer research can benefit from extra computing power, I wouldn't want web sites to start including secret javascript code meant to "reap the spare cpu cycles" available when I visit their site.
It's equally debatable whether it's okay to put stupid advertisements or
tracking technology on your website - which have infinitely less positive
benefits for humanity than Tor.
Anyways, my answer wasn't about Flash-Proxy at all (which is, polemics aside,
indeed debatable). I was pissed about the attitude that Tor == CP, which is a
dishonest fallacy thrown around by supporters of surveillance and spying.
There are at least three actual possibilities there:
1. People afraid of being tracked down and prosecuted because someone used their exit node for criminal behavior
2. People concerned about limiting criminal behavior
3. People who want to stop free speech
Assuming #3 seems like a stretch even if it is easy to conclude that people pushing for constraints on free speech for the sake of limiting criminal behavior under-appreciate the vital importance of vigorous anonymous public discourse, even in countries without dictators.
>1. People afraid of being tracked down and prosecuted because someone used
their exit node for criminal behavior
Again, Flash Proxy is not an exit node, it's a bridge. It merely helps people
to access the Tor network, and does not relay traffic back out (which, as far
as I know, is not even technically possible). There's zero risks involved.
Also, why are you not running at least a relay, anyways?
>2. People concerned about limiting criminal behavior
Limiting criminal behavior is fine, but never at the cost of essential
liberties and rights. This is inarguable. People rallying against Tor for
"criminal behavior" are the very same people we need Tor to protect ourselves
against.
>3. People who want to stop free speech
I you[1] are such a person, I hate you and you more than deserve to have your
browser turned into a powerful weapon of the very thing you want to stop.
[1] This is the general you, I'm not talking to the parent poster specifically.
I agree about the debatable status of the stupid advertisements running without my permission. As you're pointing out, the worse aspect of them is that they're involved in a large-scale tracking scheme. It wouldn't be as bad if you got your ads and nothing else (no tracking on top of the ads).
The "Tor == CP" reasoning is as absurd as saying "Free Speech == Rampant Nazi Propaganda". =)
You are not an end node, so nothing but encrypted data is passed between a Tor user and another Tor node. These bridges help people in countries who block access to the tor network enter the Tor network. They don't use you to access any actual content.
That said. Don't go to websites that put the iframe in if you don't want to be one. It's not like it's going to be a common practice to throw that on your webpage.
While OP is wrong about this specific implementation, is there anything stopping someone from modifying it to make you an exit node?
While the authors clearly have good intentions, the basic idea of my browser relaying traffic transparently that I am not aware of is indeed disturbing.
I get it, but there's another (widely reviled) in-browser technology that goes by the name Flash, and it's entirely plausible that this could be written with it. Sometimes you need to be able to let go of a name.