ReporTor
One of the Tor Projects open research questions is How to measure websites breakage without compromising users' safety.
This Webextension takes steps towards acomplishing that goal by asking Tor users for a limited amount of data, which will be used by
researchers to explore trends in network accessibility via Tor.
Installation
Once the plugin is packaged in its final form, installation instructions will go here.
Mention how users may need to enable "allow extension in private window."
Usage
When encountering a pesky web resource, click the extension icon. fill out the form, and press the "finalize report"
button. Thats it.
What data are we asking for? (and why)
URL: Based on the number of reports including a specific URL, we can determine precisely what web resources are broken or blocked.
Obviously collecting the URL is the most important data point to collect.
It is important to address privacy concerns related to sending URL's. Namely, URLs often contain query strings, elements inserted
into URL's to pass information about a users interaction or navigation using the URL itself. The beginning of the query strings
is marked with a '?'. query strings are key value pairs seporated by a '&'.
As a security measure, the URL is stripped of all query strings, by only capturing everything before the '?'.
Exit Node: The list of Tor exit nodes is publicly available, and as a result it is possible for the internet overlords
to block traffic from those specific IP addresses. Collecting the exit node can help us determine if blocked content is blocked
on all nodes, blocked on a single node, blocked from traffic from a specific country, etc.
This can help us determine if traffic is blocked from a specific exit node or country.
Due to the security measures implemented by the Tor browser, it is not possible to grab the exit node automatically. It is also not
possible for the user to copy/paste it. Therfore the IP must be manually typed or selected from the dropdown menu.
To find the exit node for the circuit being used for the current tab, click the lock on the lleft hand side of the search bar
and then copy the last IP address that appears before your destination.
Date: The more we know about when something isn't working, the more accurately we can diagnose the problem. For example,
if a bunch of reports are sent on day x, but none on day x+1, ... Present, then we can assume there was a problem with the server
at that particular time, likely not as a result of anything to do with use of the Tor Browser. There are many well known privacy
concerns with timestamps. Perhaps most notably, they can be used for fingerprinting. Time zones for example can tell you where in the
world someone is when sending packets. Timestamps, HH:mm:ss can give an adversary an idea about where a person is located
based on the time of access. While this is arguably irrelevant to our goals, we decided to err on the side of caution, and only
collect the date without the timestamp or timezone information.
Security Setting
Knowing what security setting causes a web resource to malfunction is essential when trying to come up with solutions.
To find the security setting, click on the shield icon on the browser and look at the dropdown menu.
Frequently Asked Questions
Where is my data going?
here: qimchlfgh7bhrucjgemvuwyqxyzes7zv3bvwryvfbnbeqfctwat4rgid.onion
All reports are sent to an onion address which forwards them to a local database on the server. By using
an onion address we reduce the opportunities for an adversary to send uninvited data since the plugin will not
work through any other browser.
Is the data encrypted during transport?
Yes. encryption is handled implicitly by the Tor network.
Can reports I send be traced back to me?
No. None of the items we collect contain data that can be used to identify an individual user.
However if you enter PII into the comment box (which we advise against), it will be sent to the server.
Can I delete a report after sending it to the server?
No. All the reports are anonymous. Once the report reaches our database, we have no way of identifying who sent
what report and consequently no way of deleting it.