Kory Kirk's Tor Application - Rough Draft

  1. What project would you like to work on? Use our ideas lists as starting point or make up your own idea. Your proposal should include high-level descriptions of what you're going to do, with more details about the parts you expect to be tricky. Your proposal should also try to break down the project into tasks of a fairly fine granularity, and convince us you have a plan for finishing it.

    I would like to work on the TorButton Firefox Extension. There are many feature requests, but I plan to focus on three of them. According to Google Summer of Code, I have ten weeks to complete my project. My plan is to spend three weeks on each feature request, leaving the last week for cleaning up code, finalizing documentation, and tying up any other loose ends. If I end up ahead of schedule, I will either work on adding another feature or I will work on fixing reported bugs.

  2. Projects:
    1. tor:// association


      I would implement the tor:// and tors:// protocols by implementing the nsIProtocolHandler class. By doing this, it will automatically listen to whenever this protocol is triggered. That means that it could be handled by the Bookmark Manager in Firefox, which would take care of the bookmarking aspect of this request. So when the request is triggered, we would have to check first to determine if Tor is on. If it is running, then toggle on Torbutton and open the http:// request. But we will need to know whether or not to treat it as an http://or https:// request, that is why we have tor:// and tors://, respectively. For security, we would probably want to limit the calling of tor:// from either the Address Bar or a bookmark. On top of this, we might want to add an option to the right click menu for links on web pages. It would be a “torify link,” which would just open the link in the tor:// or tors:// protocol.

      This project may take up to three weeks for development and testing. The idea is simple, but this will be my first time modifying the Torbutton code, so I imagine there will be some roadblocks along those lines. I will be writing the majority of this code from scratch, therefore I suspect that it will take me longer to perfect the behavior and have it implemented securely enough for Tor’s standards.

    2. Better refspoofing


      Refspoof (https://addons.mozilla.org/en-US/firefox/addon/4513) as mentioned in the Feature Request has all of the desired features for this request. But they need to be implemented differently – we do not need a whole toolbar for this feature. Therefore we should assimilate some of Refspoof’s features to allow automatic referrer spoofing. We should have a few options. The first would block the referrer, second – spoof referrer to the document root of the site. And then a custom referrer option which would allow the user to define the referrer. We could probably put this in a tab in the Security Settings tab of the Torbutton Preferences.

      The basic code already exists in Refspoof, so the first step in creating this part would to understand all the necessary parts of Refspoof that Torbutton would need in order to implement these features. Once that code was recognized, it would need to be added to Torbutton. The UI would need to be created, which is a simple part. Then the functionality will need to be hooked up to the UI, and functionality would need to be tested. This probably will not take a whole three weeks, but that will just give me more time to do other tasks at the end, also there will most likely be more features that could be added to this functionality.

    3. More Granular Cookie Control


      Another Firefox extension Cookie Culler (https://addons.mozilla.org/en-US/firefox/addon/82) has most of the desired features in this Feature Request. I would go about this by creating a new option in the Tor Prefrerence > Security Settings > Cookies tab. This option would be a button that would create a dialogue window with custom cookie settings. It would show all the cookies available and also have a filter to search through them. You could choose individual cookies to want to protect between tor toggles, or possibly choose a group through a filter, e.g. *.gmail.com.

      I would assimilate some of the Cookie Culler code into makings of the dialogue window. There is a space for a button in the cookies options. I would need to store the marked cookies in protected jars, which means we could not store Tor cookies and non-Tor cookies in the same protected Jar. This could also be part of the Multiple Identity Support request (https://bugs.torproject.org/flyspray/index.php?do=details&id=940) , because it would be a way to save your cookies through Tor toggles, which could be Tor and non-Tor identities. This project could very well take up to three weeks, especially if the Multiple Identity Support is implemented in tandem with this.

  3. Point us to a code sample: something good and clean to demonstrate that you know what you're doing, ideally from an existing project.

    Last year I wrote a Firefox extension for my University’s webmail service, it can be found here - http://whileyouwereafk.com/novamail.xpi. It was a project for my software engineering class, while every other group in the class only made prototypes of their project, I fully developed mine. There were two other members in my group with me, however they did not put forth the effort to learn XUL to contribute to programming, their main contribution was graphics and ideas. After we released the extension I maintained it until this past November. The extension is currently disabled, because my University repaired the vulnerability that the extension was exploiting for its main function. Right now I am in the process of negotiating with the University to turn over hosting to them. All details about the development process can be found at http://whileyouwereafk.com/. The extension has about 100 downloads on the Firefox extensions site (because it is sandboxed), but has received over 1800 downloads from the above link. In addition I have a lot of experience with Javascript – for my senior project I implemented a way to calculate Pi in a distributed fashion using Javascript. For more details, visit http://seniorproject.korykirk.com/.

  4. Why do you want to work with The Tor Project / Switzerland in particular?

    I am a big fan of network security, especially in wireless networks. I did a research project last year about different ways to solve the problem of network sniffing and traffic monitoring (http://www.csc.villanova.edu/~kkirk/index.html). I wish I would have known about Tor back then, because it would have been a great solution to my research problem. When I first started looking at mentoring organizations I had no knowledge of Tor. I have a personal ideology involving computing that is similar to the views held by the EFF and Creative Commons. Naturally, those were the first two organizations that I looked at, and then I found Tor. Initially unaware of what it really was, I spent a while researching its history and current status. I was very impressed. After seeing TorButton on the project list, it has become the project that I want to be involved with the most - because I believe that it will make good use of my current skills and expand them; also, because I am confident in my ability to complete the project, and be satisfied with the results.

  5. Tell us about your experiences in free software development environments. We especially want to hear examples of how you have collaborated with others rather than just working on a project by yourself.
  6. I have not contributed to an open source project before. I am familiar with the process and I use many free open source software. In my induction to UPE, the Computing Sciences honor society, I gave a speech on the benefits and use of Open Source Software (http://csc.villanova.edu/news/view/216). I have often worked with peers on programming projects; one example of this is my involvement in the Villanova Programming Team. I have been the team captain for two years. In the ICPC Programming Contest in this past Fall, my team placed 2nd locally (http://csc.villanova.edu/news/view/247). This is an example of a way that I worked with a team to analyze problems quickly, and implement a robust solution to that problem quickly. In addition, for the past three months, our programming team has been working on the Artificial Intelligence focused Programming Competition called Battlecode (http://battlecode.mit.edu/). In this competition my team had to implement a team in a real time strategy game. We created a very large code base, using SVN to keep track of all of our code updates.

  7. Will you be working full-time on the project for the summer, or will you have other commitments too (a second job, classes, etc)? If you won't be available full-time, please explain, and list timing if you know them for other major deadlines (e.g. exams). Having other activities isn't a deal-breaker, but we don't want to be surprised.

    I am going to be taking one class over the summer – May 27th – June 24th. My time investment in this will be two hours a day, Mon-Fri. Other than that, I will not have any other obligations or plans. I will probably travel a little over the summer, but I will be able to work wherever I go.

  8. Will your project need more work and/or maintenance after the summer ends? What are the chances you will stick around and help out with that and other related projects?

    Yes my project will need more maintenance. I say this because I know the nature of Firefox Extensions – Firefox updates come out, users want more features, and bugs arise that need to be fix. I definitely want to stick around and help out. For a while, I have wanted to be a part of an open source community, but the task has seemed too daunting up until now.

  9. What is your ideal approach to keeping everybody informed of your progress, problems, and questions over the course of the project? Said another way, how much of a "manager" will you need your mentor to be?

    For keeping everyone informed on the milestones of my progress, I think the best approach would be to update the progress on TorButton Flyspray. The feature request could be assigned to me (I have already set up a Flyspray account, my username is koryk) and I would update the relevant thread with details and estimated percentage complete. I do not believe that my mentor needs to be much of a “manager.” I feel like I have a good understanding of what I need to do, and any road blocks that I may encounter, I will definitely turn to my mentor for support. But as far as progress goes, I am self motivated. The best ways of communication would be through IRC and email. I am on IRC whenever my computer is on and connected to the internet, so as long as I am at my keyboard I can communicate through that medium (my username is koryk on Freenode and OFTC).

  10. What school are you attending? What year are you, and what's your major/degree/focus? If you're part of a research group, which one?

    I am a senior in Computer Science at Villanova University, with a minor in math. I am in a five year combined BS/MS program in computer science, so my next year will be equivalent to that of a second year graduate student in a Masters program. For the past two semesters I have also been an undergraduate researcher on a Nation Science Foundation grant surrounding ad-hoc wireless network research (more details can be found at http://adhoc.korykirk.com).

  11. Is there anything else we should know that will make us like your project more?

    I have tried to include my most of my relevant qualifications in the previous questions, so here are a few things about me that semirelevant:

    • In addition to becoming a Computer Science professor, after I graduate I would like to be a Chili Cook-off judge and a books on tape narrator.
    • I really want to learn how to do a back flip.
    • I like music a lot and I write songs about robots.
    • I really like robots.
    • I knew that I wanted to major in Computer Science since fifth grade.