TOSBack.org

In June 2009, EFF launched TOSBack.org (source code), a "terms of service" tracker for Facebook, Google, eBay, and other major websites; government sites it tracks include Whitehouse.gov, Recovery.gov, and Data.gov. TOSBack provides a real-time feed of changes and updates to more than three dozen polices from the Internet's most popular online services. Clicking on an update brings you to a side-by-side before-and-after comparison, highlighting what has been removed from the policy and what has been added. In doing so, TOSBack helps Americans flag changes in the websites they use every day and trust with their personal information.

We plan to improve the site in the following ways:

  • Accuracy: We plan to improve the system's ability to distinguish between meaningful changes and cosmetic changes, and to reduce its susceptibility to false positives.
  • Tagging: We plan to distinguish between different kinds of TOS updates. Users will be able to mark TOS updates as relating to particular issues, or as posessing other qualities.
  • Annotation: Bloggers, academics and others will be able to permalink to specific paragraphs of specific Terms Of Service, allowing for a more granular degree of community interaction with the documents.
  • Usability: We plan to implement design improvents so that the TOS changes are easier to understand and follow.

Useful skills for Summer Of Code applicants: LAMP application development, UI/UX design, Knowledge of or interest in sophisticated wordwise "diff"-ing algorithms.

Our Vote Live

EFF's Total Election Awareness (TEA) project provides information to voters and rigorously tracks problems in United States elections. On Election Day 2008, a year-long collaboration between EFF and the Election Protection Coalition came to fruition when OurVoteLive.org, powered by the TEA codebase, helped thousands of hotline operators and legal response teams document and respond in real time to over 86,000 calls to the 866-OUR-VOTE voter-assistance hotline. The OurVoteLive.org website now contains a database of voting-related inquiries, problems, and discrepancies recorded during this effort, all visible to and searchable by the general public.

Since then, Our Vote Live has been used in the 2009 gubernatorial elections in Virginia and New Jersey, as well as municipal elections in Philadelphia and New Orleans.

For the 2010 midterm elections, we plan to make the following improvements:

  • Scalability: The current system became sluggish when faced with the massive amount of traffic it received on election day 2008. We plan to fix this with improvements to TEA's software and hardware.
  • Usability: We plan to build informative and creative visualizations of TEA's data to improve the public's real-time understanding of what occurs on election day.
  • Automation: We plan to make it simpler to deploy customized instances of TEA. We hope this will allow the software to be easily used in election-monitoring efforts by groups other than EPC.

Useful skills for Summer Of Code applicants: LAMP application development, Python/Django, Google App Engine, UI/UX Design, Data Visualization/Presentation, Database management

Switzerland

Switzerland is a network neutrality testing system. It is designed to detect and report forged, modified and dropped packets at the IP layer. It is effective at detecting forged Reset packets like those that were used by Comcast and other ISPs against P2P networks, and also for diagnosing many of the unexpected behaviours that routers and firewalls sometimes exhibit. Possible Switzerland-related projects include:

  • Implement a new algorithm for matching TCP connections and other flows. The one Switzerland currently uses is highly imperfect, using masked hashes of initial packets. It fails in cases where NAT routers modify the initial packet, where the initial packet is dropped, and during port scans through NATs where there is insufficient entropy in the packets.

    A heuristic flow matching algorithm, that relied on timing information and knowledge about what other flows are on the network, could work much better.

  • Automatically generate test traffic. Switzerland is a passive testing system: it tests traffic that happens to flow between client computers, but does not generate any itself. Many users expect Switzerland to perform tests automatically, and in order to achieve that, we should include code to generate traffic in order to achieve that. This could include simple web client/server pairs, SSH, TLS and VPN exchanges, and BitTorrent and other P2P protocols.

  • Implement a more efficient packet capture framework. Moving captured packets from the PCAP API into a Python program efficiently, and with 100% reliability, is not entirely trivial. Switzerland currently has a passable solution to this problem, but it is not adequate for fast networks. We need to upgrade this.

Useful skills for Summer Of Code applicants: Python, a strong understanding of network protocols or enthusiasm to learn about them.