For more details on these methods please check the code repository and/or see the cloud service scripts section.
For more details on these methods please check the code repository and/or see the cloud service scripts section.
=== Distribution Channels
=== Distribution Channels
Ideally, a user should have various ways to contact !GetTor and receive
Ideally, a user should have various ways to contact GetTor and receive
the Tor Browser. This ''distribution channels'' should parse a request,
the Tor Browser. This _distribution channels_ should parse a request,
get the user's OS and language, ask for the links to the core module and
get the user's OS and language, ask for the links to the core module and
then send this info back to the user. Ideally, each distribution channel
then send this info back to the user. Ideally, each distribution channel
should be handled by a separate module. Currently, there is one distribution
should be handled by a separate module. Currently, there is one distribution
...
@@ -226,7 +226,7 @@ not finished (Twitter).
...
@@ -226,7 +226,7 @@ not finished (Twitter).
==== SMTP
==== SMTP
This modules is on charge of receive and reply requests via email. Back
This modules is on charge of receive and reply requests via email. Back
in 2008 when !GetTor was conceived, SMTP was the main and only distribution
in 2008 when GetTor was conceived, SMTP was the main and only distribution
channel. Requests were answered with the actual bundle as an attachment
channel. Requests were answered with the actual bundle as an attachment
instead of links. This approach was good, but the bundles started to get
instead of links. This approach was good, but the bundles started to get
larger in size to the point were it was no longer feasible to send it as
larger in size to the point were it was no longer feasible to send it as
...
@@ -234,33 +234,33 @@ an attachment (the current size of Tor Browser is ~40Mb).
...
@@ -234,33 +234,33 @@ an attachment (the current size of Tor Browser is ~40Mb).
There three scenarios involved in sending links via email:
There three scenarios involved in sending links via email:
* Listen for users' emails directed to !GetTor robot.
* Listen for users' emails directed to GetTor robot.
* Determine the type of request and get the necessary data to reply it.
* Determine the type of request and get the necessary data to reply it.
* Send back a reply to the user.
* Send back a reply to the user.
The first point is handled by the mail server provided by the Tor Project.
The first point is handled by the mail server provided by the Tor Project.
In addition, we use email forwarding to make sure we get all the emails
In addition, we use email forwarding to make sure we get all the emails
directed to !GetTor robot. For this a .forward like the following is used:
directed to GetTor robot. For this a .forward like the following is used:
{{{#!bash
```
|"python2.7 /path/to/gettor/smtp_process.py"
|"python2.7 /path/to/gettor/smtp_process.py"
}}}
```
With this, the only concern of the smtp_process.py script is to receive
With this, the only concern of the smtp_process.py script is to receive
emails fron the standard input and talk to the SMTP module to process it.
emails fron the standard input and talk to the SMTP module to process it.
The SMTP module has only one public method:
The SMTP module has only one public method:
{{{#!python
```
process_email(raw_msg)
process_email(raw_msg)
}}}
```
Where:
Where:
'''raw_msg''': String that represents the email received.
**raw_msg**: String that represents the email received.
A basic script for communicating with the SMTP module should look like this:
A basic script for communicating with the SMTP module should look like this:
{{{#!python
```
#!/usr/bin/env python
#!/usr/bin/env python
importsys
importsys
importgettor.smtp
importgettor.smtp
...
@@ -268,7 +268,7 @@ import gettor.smtp
...
@@ -268,7 +268,7 @@ import gettor.smtp
service=gettor.smtp.SMTP()
service=gettor.smtp.SMTP()
incoming=sys.stdin.read()
incoming=sys.stdin.read()
service.process_email(incoming)
service.process_email(incoming)
}}}
```
The other two points are handled by the SMTP module. The first step after
The other two points are handled by the SMTP module. The first step after
receiving a request is determine if the address is blacklisted. See the
receiving a request is determine if the address is blacklisted. See the
...
@@ -277,7 +277,7 @@ next step is to determine the type of request received.For now, there are
...
@@ -277,7 +277,7 @@ next step is to determine the type of request received.For now, there are
only two types of request that could be received: help and links. The decision
only two types of request that could be received: help and links. The decision
process to determine what type we have received is the following:
process to determine what type we have received is the following:
* Does the body of the message include the words ''windows'', ''linux'', or ''osx''?
* Does the body of the message include the words _windows_, _linux_, or _osx_?
If so, we have received a links request.
If so, we have received a links request.
* Any other case should be considered as a help request, including blank
* Any other case should be considered as a help request, including blank
emails.
emails.
...
@@ -303,54 +303,54 @@ To be redacted.
...
@@ -303,54 +303,54 @@ To be redacted.
=== Database
=== Database
The database module, as its name suggests, is in charge of interacting
The database module, as its name suggests, is in charge of interacting
with the !GetTor database. The current design is quite simple and satisfies
with the GetTor database. The current design is quite simple and satisfies
two needs:
two needs:
'''Add a request'''. For now it consists only in knowing how many requests we have received so far. No other data is collected.
**Add a request**. For now it consists only in knowing how many requests we have received so far. No other data is collected.
'''Add/delete/update a user'''. This allow us to know how many requests a single user has made and thus avoid any type of flood (see Blacklisting). For this purpose we collect the following data:
**Add/delete/update a user**. This allow us to know how many requests a single user has made and thus avoid any type of flood (see Blacklisting). For this purpose we collect the following data:
*''user'': 256 hash of the user address/account.
*_user_: 256 hash of the user address/account.
*''service'': string that represents the distribution method used by the user
*_service_: string that represents the distribution method used by the user
(e.g. SMTP).
(e.g. SMTP).
*''times'': number of requests received from the same user.
*_times_: number of requests received from the same user.
*''blocked'': boolean flag to know if user is permanently blacklisted.
*_blocked_: boolean flag to know if user is permanently blacklisted.
*''last_request'': timestamp that represents the last time a given user
*_last_request_: timestamp that represents the last time a given user
made a request from the same distribution channel.
made a request from the same distribution channel.
The initial design of the database module (during the revamp) considered a
The initial design of the database module (during the revamp) considered a
lot of data to be collected (type of request, language, os, etc.), but
lot of data to be collected (type of request, language, os, etc.), but
eventually we decided to keep just the necessary data to know how many
eventually we decided to keep just the necessary data to know how many
requests !GetTor has received and to avoid flood. The type of database
requests GetTor has received and to avoid flood. The type of database
choosen for this purpose was SQLite. You can check a sample database in
choosen for this purpose was SQLite. You can check a sample database in
the code repository (gettor.db).
the code repository (gettor.db).
=== Blacklisting
=== Blacklisting
The current blacklisting mechanism is quite simply and it's based on the data
The current blacklisting mechanism is quite simply and it's based on the data
collected by the 'users' table specified in !GetTor's database, plus some
collected by the 'users' table specified in GetTor's database, plus some
extra parameters defined in blacklist.cfg, which help us to stablish limits
extra parameters defined in blacklist.cfg, which help us to stablish limits
to avoid flood. The current mechanism depends on four parameters:
to avoid flood. The current mechanism depends on four parameters:
*'''user''': Hashed address/account of the user. It helps to identify malicious users.
***user**: Hashed address/account of the user. It helps to identify malicious users.
*'''service''': Service or distribution channel used by the user trying to contact !GetTor.
***service**: Service or distribution channel used by the user trying to contact GetTor.
*'''max_req''': Maximum number of requests per user ''and'' service allowed at the moment.
***max_req**: Maximum number of requests per user _and_ service allowed at the moment.
*'''wait_time''': Number of minutes a user should wait until she reaches '''max_req'''.
***wait_time**: Number of minutes a user should wait until she reaches **max_req**.
Both the '''user''' and '''service''' parameteres are obtained in real time
Both the **user** and **service** parameteres are obtained in real time
when !GetTor receives a request. The other two, '''max_req''' and '''wait_time'''
when GetTor receives a request. The other two, **max_req** and **wait_time**
are specified in blacklist.cfg. Each service module (e.g. SMTP) should be
are specified in blacklist.cfg. Each service module (e.g. SMTP) should be
in charge of specifying the path to this configuration file and interact
in charge of specifying the path to this configuration file and interact
with the !Blacklisting module according to that information. The current
with the !Blacklisting module according to that information. The current
mechanism also depends on the '''last_request''', '''times''', and '''blocked'''
mechanism also depends on the **last_request**, **times**, and **blocked**
fields of the database for the record associated with '''user''' and '''service'''.
fields of the database for the record associated with **user** and **service**.
With all of this, the decision algorithm can be described as follows:
With all of this, the decision algorithm can be described as follows:
{{{#!python
```
if blocked:
if blocked:
update_user_on_db(user, service, times+1, 1)
update_user_on_db(user, service, times+1, 1)
raise BlacklistError("Blocked user")
raise BlacklistError("Blocked user")
...
@@ -368,15 +368,15 @@ With all of this, the decision algorithm can be described as follows:
...
@@ -368,15 +368,15 @@ With all of this, the decision algorithm can be described as follows:
else:
else:
# adding up a request for user
# adding up a request for user
update_user_on_db(user, service, times+1, 0)
update_user_on_db(user, service, times+1, 0)
}}}
```
This simple mechanism helps us avoid malicious users from flooding one or
This simple mechanism helps us avoid malicious users from flooding one or
more services/distribution channels with infinite requests. As you may
more services/distribution channels with infinite requests. As you may
otice, if a user make a request before the '''wait_time''' has passed, then
otice, if a user make a request before the **wait_time** has passed, then
the user must wait another '''wait_time''' to make a request again, and
the user must wait another **wait_time** to make a request again, and
if a user make a request after she has reached the maximun number of requests
if a user make a request after she has reached the maximun number of requests
and waited '''wait_time''', then the counter of her requests is setted to
and waited **wait_time**, then the counter of her requests is setted to
one. You can check the {{{_is_blacklisted}}} method of the SMTP module to
one. You can check the `_is_blacklisted` method of the SMTP module to
see how a service should interact with the Blacklisting module.
see how a service should interact with the Blacklisting module.
This mechanism could certainly be improved. If you have any ideas/comments
This mechanism could certainly be improved. If you have any ideas/comments
...
@@ -384,7 +384,7 @@ about it, please tell us (ideally by filling a ticket :)
...
@@ -384,7 +384,7 @@ about it, please tell us (ideally by filling a ticket :)
=== Cloud Services
=== Cloud Services
For each service used by !GetTor to distribute the Tor Browser files there
For each service used by GetTor to distribute the Tor Browser files there
should be a script in charge of uploading such files according to the methods
should be a script in charge of uploading such files according to the methods
provided by the service used. Each one of these scripts must assume that the
provided by the service used. Each one of these scripts must assume that the
latest Tor Browser files has been downloaded (see Other Scripts) and contemplate the
latest Tor Browser files has been downloaded (see Other Scripts) and contemplate the
...
@@ -402,11 +402,11 @@ You can check the existing scripts for Dropbox and Google Drive to see the curre
...
@@ -402,11 +402,11 @@ You can check the existing scripts for Dropbox and Google Drive to see the curre
methods used to do the points listed above, specially 1, 3, 5, and 6. For more details
methods used to do the points listed above, specially 1, 3, 5, and 6. For more details
on how the links files are created and how the links are stored, check the documentation
on how the links files are created and how the links are stored, check the documentation
about the Core module. Below is a list of the current services/providers integrated
about the Core module. Below is a list of the current services/providers integrated
with !GetTor:
with GetTor:
*'''Dropbox''': Deployed. In use for a long time.
***Dropbox**: Deployed. In use for a long time.
*'''Google Drive''': Implemented, but not yet deployed.
***Google Drive**: Implemented, but not yet deployed.
*'''Github''': Implemented, but not yet deployed. This one should be especially useful to distribute the Tor Browser
***Github**: Implemented, but not yet deployed. This one should be especially useful to distribute the Tor Browser
in places where Dropbox and Google Drive are blocked (e.g. China).
in places where Dropbox and Google Drive are blocked (e.g. China).
If you have an idea for a new service that could be used (even if you don't know how to implement it),
If you have an idea for a new service that could be used (even if you don't know how to implement it),
...
@@ -416,9 +416,9 @@ please contact us (ideally by filling a ticket :).
...
@@ -416,9 +416,9 @@ please contact us (ideally by filling a ticket :).
Below is a list of scripts used for diverse and "smaller" tasks:
Below is a list of scripts used for diverse and "smaller" tasks:
*'''blacklist.py''': Handle blacklisting of users. Execute blacklist.py -h for more details.
***blacklist.py**: Handle blacklisting of users. Execute blacklist.py -h for more details.
*'''create_db.py''': Handle the creation of the SQLite database used by !GetTor for managing blacklisting of users and keep track of basic stats. Execute create_db.py -h for more details.
***create_db.py**: Handle the creation of the SQLite database used by GetTor for managing blacklisting of users and keep track of basic stats. Execute create_db.py -h for more details.
*'''stats.py''': Handle basic stats according to the information stored in the SQLite database. Execute stats.py -h for more details.
***stats.py**: Handle basic stats according to the information stored in the SQLite database. Execute stats.py -h for more details.
*'''fetch_latest_torbrowser.py''': Automate the download of Tor Browser files from Tor Project's website and upload of these files to the services used by !GetTor every time a new stable version of Tor Browser is available. Implemented, but not yet deployed. See the source file in the repository for more details.
***fetch_latest_torbrowser.py**: Automate the download of Tor Browser files from Tor Project's website and upload of these files to the services used by GetTor every time a new stable version of Tor Browser is available. Implemented, but not yet deployed. See the source file in the repository for more details.
