Tox over Tor
parent
1b956831db
commit
146a54ff7e
@ -5,10 +5,10 @@ From: https://github.com/TokTok/c-toxcore/issues/419
|
||||
I don't think indistinguishable message bytes and sizes are going to
|
||||
make any difference when they are sent over a network of so few bootstrap nodes.
|
||||
And anyone operating in a hostile environment is probably already
|
||||
running Tox over Tor, which works well.
|
||||
running Tox over [Tor](https://www.torproject.org/download), which works well.
|
||||
|
||||
Did the reports of blocking in China include blocking over Tor? Tor
|
||||
itself has implemented pluggable transport mechanisms that are
|
||||
Did the reports of blocking in China include blocking over Tor?
|
||||
Tor itself has implemented pluggable transport mechanisms that are
|
||||
continuously being improved, and these include ways to make the
|
||||
traffic look like another protocol like HTTP or whatever:
|
||||
<https://snowflake.torproject.org/>
|
||||
@ -23,7 +23,8 @@ to encourage bootstrap node operators to also run a Tor client to serve
|
||||
the BS node over Onionv3. This is the only way I can see dealing with the
|
||||
fact that Tox is a network of so few bootstrap nodes. If the Tox nodebase was
|
||||
improved to serve BS nodes, and OnionV3 relays, it would be much more resilient.
|
||||
I'm assuming the adversaries cannot block .onion addresses within Tor.
|
||||
I'm assuming the adversaries cannot block .onion addresses within Tor,
|
||||
which I think is a valid assumption.
|
||||
|
||||
There is a way of configuring a Tor client to uniquely assign a
|
||||
life-of-the-tor-instance IPv4 address from a predefined private range
|
||||
@ -31,12 +32,12 @@ life-of-the-tor-instance IPv4 address from a predefined private range
|
||||
```AutomapHostsOnResolve 1```. So Tox could use OnionV3 BS nodes in a
|
||||
properly configured Tor with just some properly configured BS hosts lists
|
||||
(if enough BS nodes provided OnionV3 addresses). Then we could leave
|
||||
the heavy lifting of the cat-and-mouse games of pluggable transports etc.
|
||||
to Tor (or i2p), and not try to chase them ourselves.
|
||||
the heavy lifting of the
|
||||
[cat-and-mouse games](https://github.com/guardianproject/orbot/issues/742)
|
||||
of pluggable transports etc. to Tor, and not try to chase them ourselves.
|
||||
|
||||
If you have such a list of onion addresses, the Tor user, who is running
|
||||
a Tor instance anyway to connect with the Tox client, adds this to the
|
||||
```/etc/tor/torrc```
|
||||
If you have such a list of onion addresses, the Tor user, who is running a Tor
|
||||
instance anyway to connect with the Tox client, adds this to the ```/etc/tor/torrc```
|
||||
```
|
||||
VirtualAddrNetworkIPv4 172.16.0.0/12
|
||||
AutomapHostsOnResolve 1
|
||||
@ -48,18 +49,31 @@ does this and puts these addresses into his ```DHTnodes.json``` and boostraps hi
|
||||
Tox client over Tor Onions. This works with libtoxcore is it is today, as long as
|
||||
your client doesn't suffer from the dreaded deranged-hard-coded-bs syndrome.
|
||||
|
||||
These steps would be automated by a simple bash or Python script,
|
||||
perhaps a Python script wrapped into an exe for Windows. These addresses are
|
||||
good for life of the Tor instance, and the script would need rerunning when Tor
|
||||
is restarted. You can also get the IPv4 address of each Onion BS node,
|
||||
(for-life-of-the-tor-instance which is usually long enough)
|
||||
in Python using the Tor stem library.
|
||||
These steps would be automated by a simple bash or Python script, perhaps a
|
||||
Python script wrapped into an exe for Windows/Android. These addresses are
|
||||
good for life of the Tor instance, and the script would need rerunning
|
||||
when Tor is restarted. You can also get the IPv4 address of each Onion BS node,
|
||||
(for-life-of-the-tor-instance which is usually long enough) in
|
||||
Python using the Tor stem library.
|
||||
|
||||
The best thing we can do is to make these instructions available with
|
||||
Tox downloads, and to ensure that all distributions of Tox come with
|
||||
```tor-resolve``` on all platforms. I doubt it comes with
|
||||
[Orbot on Android](https://github.com/guardianproject/orbot/releases)
|
||||
and I doubt it comes with [Tor](https://www.torproject.org/download/) or
|
||||
[Torbrowser on Windows](https://www.torproject.org/download/).
|
||||
We could ask the maintainers of
|
||||
[TRIfA](https://f-droid.org/en/packages/com.zoffcc.applications.trifa/) and
|
||||
[aTOX](https://f-droid.org/en/packages/ltd.evilcorp.atox) to include
|
||||
it in their distributions, and it would be simple for us to compile a version
|
||||
of ```tor-resolve``` for our packages to make sure it is available to our users.
|
||||
It's a static utility that rarely changes.
|
||||
|
||||
I've tried this but it's currently impossible to test as there is no equivalent
|
||||
to the ```other/fun/bootstrap_node_info.py``` script for TCP connections.
|
||||
For UDP you can send a packet of len 78 with the magic first bytes and get a
|
||||
version and MOTD reply. Not so for TCP (
|
||||
in fact if you do send such a packet to the TCP it send the BS node into an
|
||||
version and MOTD reply. Not so for TCP (in fact if you do send such a packet
|
||||
to the TCP it send the BS node into an
|
||||
[infinite loop for which it neverrecovers](https://github.com/TokTok/c-toxcore/issues/2332)).
|
||||
So we need a simple fix to the TCP_server code to at least look for a
|
||||
special packet like this and be nice and send a simple nice reply like
|
||||
@ -75,3 +89,4 @@ how much resiliance we need. s/China/Iran/Syria/Russia/GDR
|
||||
* https://www.lifesitenews.com/news/biden-executive-order-allows-spying-on-americans-to-assess-political-instability-climate-threats/
|
||||
|
||||
Up: [[DDosSmallNumberOfBSNodes]]
|
||||
|
||||
|
@ -32,7 +32,7 @@ configuration:
|
||||
# Tox hidden service configuration.
|
||||
HiddenServiceDir /var/lib/tor/tox-hsv3/
|
||||
HiddenServicePort 3389 127.0.0.1:3389
|
||||
HiddenServicePort 3389 127.0.0.1:33446
|
||||
HiddenServicePort 33446 127.0.0.1:33446
|
||||
```
|
||||
assuming your Tor lib directory os ```/var/lib/tor```. In that subdirectory
|
||||
you will find a file named ```hostname``` which is the ```.onion``` name
|
||||
|
Loading…
Reference in New Issue
Block a user