Appears to be a public TCP-to-websocket proxy to a Tor client w/ a JS wrapper. I assume the host could be an onion service address which does have value, but you're still going through a proxy.
At that point, you might as well have your own web server side connect to Tor and do what you want, it's not hard w/ libs out there. Otherwise, if I see this on your site, I just might start using your proxy as my new tor2web, heh (not that there is real value over just my own Tor client running locally).
It's a lightweight Tor client written in Javascript than runs in the end-user browser. The websocket-to-TCP (dumb) proxy acts in some ways as a Guard node from the live network (it's not about running a Tor client on a remote proxy). Hopefully, a pluggable transport will be implemented at some point and Guard nodes will be able to directly accept incoming connections, without proxy.
Note that it's not a replacement for the Tor browser: it is not build for the same usages. A good example is people implementing privacy-oriented tools with strong cryptography in Javascript to drives adoption. The goal is to improve the privacy of such partially honest services by bringing anonymity into the picture, with a better compromise than a "trust us to not log" policy.
You can even fantom models where a commercial service provider focused on privacy push its users to use the Tor Browser while shipping a Tor client by default to its user that didn't bothered installing one. Because at the end, it will be easier to keep your promises about not doing logs if you intentionally forced all of your users through the Tor network.
My understanding of Tor is that proxy keys are shared in a gossip network, and that without access to that gossip network you're vulnerable to being sybil attacked. How does Lightnion solve this? Or am I misunderstanding Tor?
There's a consensus made on the global state of the Tor network made between several well-known parties: just as a regular Tor client, Lighnion downloads the consensus document, parses it, validates its signatures and perform a path selection algorithm on it. It's several megabytes to downloaded by the Javascript client (itself being few kilobytes) and is currently a limitation of the protocol.
Nice, this could be another way to solve the problem of hosting an anonymous website without forcing the user to install a new browser. Only needs someone to host a proxy website.
So all the speed, black listing and endless unsolvable captchas of Tor but with none of that annoying anonymity!
tor speed is an improvement, it impedes on social network addiction :p
Appears to be a public TCP-to-websocket proxy to a Tor client w/ a JS wrapper. I assume the host could be an onion service address which does have value, but you're still going through a proxy.
At that point, you might as well have your own web server side connect to Tor and do what you want, it's not hard w/ libs out there. Otherwise, if I see this on your site, I just might start using your proxy as my new tor2web, heh (not that there is real value over just my own Tor client running locally).
It's a lightweight Tor client written in Javascript than runs in the end-user browser. The websocket-to-TCP (dumb) proxy acts in some ways as a Guard node from the live network (it's not about running a Tor client on a remote proxy). Hopefully, a pluggable transport will be implemented at some point and Guard nodes will be able to directly accept incoming connections, without proxy.
Note that it's not a replacement for the Tor browser: it is not build for the same usages. A good example is people implementing privacy-oriented tools with strong cryptography in Javascript to drives adoption. The goal is to improve the privacy of such partially honest services by bringing anonymity into the picture, with a better compromise than a "trust us to not log" policy.
You can even fantom models where a commercial service provider focused on privacy push its users to use the Tor Browser while shipping a Tor client by default to its user that didn't bothered installing one. Because at the end, it will be easier to keep your promises about not doing logs if you intentionally forced all of your users through the Tor network.
Found an associated paper here: https://madweb.work/papers/paper10.pdf
Could be useful for people in controlled software environments, though it would require new, special types of bridges...
My understanding of Tor is that proxy keys are shared in a gossip network, and that without access to that gossip network you're vulnerable to being sybil attacked. How does Lightnion solve this? Or am I misunderstanding Tor?
There's a consensus made on the global state of the Tor network made between several well-known parties: just as a regular Tor client, Lighnion downloads the consensus document, parses it, validates its signatures and perform a path selection algorithm on it. It's several megabytes to downloaded by the Javascript client (itself being few kilobytes) and is currently a limitation of the protocol.
If the "walking onions" proposal gets maintstream (i.e. private retrieval of a consensus subset), we can hope for improvements (see https://gitweb.torproject.org/torspec.git/tree/proposals/300...).
Nice, this could be another way to solve the problem of hosting an anonymous website without forcing the user to install a new browser. Only needs someone to host a proxy website.
javascript? URGH