This is an interesting project, that being said I have a few concerns I'm
hoping you can address.
From a security standpoint;
- The instructions for the webservice don't seem to indicate that it is being
served as a hidden service, or even with ssl. See <Virtualhost *:80>. This
would mean that, even if chrome is configured properly, when the request is
made over Tor it basically sends every link on every page you're viewing, in
the clear, over the public internet; and to your server, if one was to actually
use it.
- Unless you intend to share your onionGatherer service with someone else (you
clearly shouldn't) then 'Require All Granted' is unnecessary and inadvisable.
- [if(responseData['onions'][portion.text] ==
0)](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[(responseData[](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)['](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[onions](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)['](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[][](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[portion](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[.](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[text](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[]
](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[==](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[
](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[0](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)[)](https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L52)
would return an orange circle if portion.text is undefined or null, perhaps
stronger typing would be appropriate.
From a pure code review standpoint;
- ou include the images twice, once in the root, and once in figures.
- [You've implemented an XTHML parser in regex](http://
https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension/blob/master/OnionGatherer.js#L6
); Generally this is inadvisable.
- The version of jQuery that was included (2.2.3) is not the most recent (2.2.4)
Evan
Sent with [ProtonMail](https://protonmail.com) Secure Email.
-------- Original Message --------
Subject: [tor-dev] OnionGatherer: evaluating status of hidden services
Local Time: 10 March 2017 7:58 AM
UTC Time: 10 March 2017 11:58
From: lamor...@di.uniroma1.it
To: tor-dev@lists.torproject.org
Julinda Stefa <st...@di.uniroma1.it>, simone raponi
<raponi.1539...@studenti.uniroma1.it>, Alessandro Mei <m...@di.uniroma1.it>
Dear members of the Tor community,
we are a research group at Sapienza University, Rome, Italy. We do research on
distributed systems, Tor, and the Dark Web. As part of our work, we have
developed OnionGatherer, a service that gives up-to-date information about Dark
Web hidden services to Tor users.
OnionGatherer is implemented as a Google Chrome extension coupled with a
back-end service running on our servers. As the user surfes the Web,
OnionGatherer collects all the URLs from the page and adds a green bullet next
ot the URL if the hidden service is up and running, an orange one if the system
are currently evaluating the address' status or a red one if the hidden service
is down. The status of the hidden services is pulled from our servers, which
keep track of all the services found by the users and constantly monitor their
status. When a new hidden service is found, OnionGatherer checks its status in
real time, informs the user accordingly, and adds it to the database.
We believe that OnionGatherer can be very useful to Tor users that are
interested in surfing the Dark Web. Indeed, hidden services are born and shut
down very frequently, and it is often time consuming and frustrating to check
manually which services are still active.
We kindky ask if you can help disseminate our project ---the largest is the
number of users of OnionGatherer, the largest the database and the best the
service we can provide. Currently the software is in Beta version and released
on GitHub at the following link:
client: https://github.com/rfidlabsapienza/onionGatherer-ChromeExtension
server: https://github.com/rfidlabsapienza/onionGatherer-Server
Any feedback or issue are really appreciated.
Thanks in advance. Best regards,
The research group:
A. Mei, J. Stefa, M. La Morgia, S. Raponi
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
