Send in your ideas. Deadline June 1, 2024
Source code :
Vendor stores
Nix Flake
Theme fund: NGI0 PET
Start: 2019-04
End: 2019-04


Implementation of Tor protocols for inside webpages

Node-Tor is an open source project and the only existing implementation of the Tor protocol in Javascript. That gives it the unique property to not just run on a server or desktop, but also inside a regular webbrowser itself as a standalone secure webapp. It must not be misunderstood for just a re-implementation of Tor network nodes: the goal is much wider, because it allows any project related to privacy/security enhancement to implement the Tor protocol in their nodes and/or inside a web page. The browser client acts as a standalone node itself communicating via web interfaces such as Websockets with servers or through WebRTC with other browsers. The use of Javascript allows to reduce very significantly the code and libraries (prone to security breaches), simplifying the integration for developers (like removing the need to maintain installation packages since standard web interfaces can be used), simplifying the use for users. This offers a lot of potential for increasing security and privacy for everybody, since the technology can be accessed from any place and any device that has a browser or can run Javascript, including mobile devices.

Why does this actually matter to end users?

On the internet, every computer by design gets a unique number - a so called internet protocol address (or for short IP address). This address is used to send information from your computer to the other computer you want to communicate with, and of course back. Unlike a traditional radio, you often need to send messages to receive messages on the internet. Computers are a great engineering achievement but they are certainly not magic, and thus they need to be able to somehow find each other. The IP address makes this possible. Unfortunately, the fact that every computer has a unique number opens up the possibility of abuse by dishonest actors. Because even though it is none of their business, breaking privacy is a profitable business. If they link what you do on the left side of the internet to what you do on the right side of the internet, they can create a profile and sell this to the highest bidder - with any bad luck to people that want to use it for nefarious purposes.

While work is under way to replace the design of the internet within the Next Generation Internet initiative, there are multiple ways to avoid your IP address being tracked on the current internet. A popular method to attempt to anonymise ones internet presence is to use the Tor network. Tor is a network of millions of computers and users that send messages among each other to confuse someone watching internet traffic. To use Tor, normally you have to install a specific bit of software on your computer that runs a service in the back end. Installing and maintaining that software does require some technical skill and the rights to install software on the computer you are using, which for instance at work or in schools may not apply. So not all users can equally benefit from this.

Of course, having such software on your computer could be an argument in some countries to prosecute you. But installing it over and over again, is also not an option and requires even more technical skill - not to mention putting users at risk of installing some malware if their skills are limited. Using a so called live medium (like a thumbdrive or a CD) requires you to close every application you are running, and spend minutes rebooting the computer, every time you want to anonymously interact with some website. What if the burden of providing Tor access could be moved to someone offering a service on the world wide web? That way you could protect any interaction of all users with say a specific website, without the users needing to install anything. Node-Tor is a re-implementation of a part of the Tor protocol. It operates all but invisible to the user, and connects the user to the Tor network directly from the web browser - no configuration needed. This allows entirely new use cases for anonymisation.

Run by Nais - Informatique Telecom

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.