From d3c624946333188d352786159ed30b022b137408 Mon Sep 17 00:00:00 2001 From: emdee Date: Wed, 12 Oct 2022 18:08:39 +0000 Subject: [PATCH] Iran --- DDosSmallNumberOfBSNodes.md | 2 +- MultiDeviceAnnouncementsPOC.md | 18 +++++ ...orInChina.md => ToxAndTorInChinaAndIran.md | 19 +++--- ToxComparedWithOtherIm.md | 3 + ToxMultiDevice.md | 68 +++++++++++-------- ToxNetworkResilience.md | 2 +- 6 files changed, 73 insertions(+), 39 deletions(-) rename ToxAndTorInChina.md => ToxAndTorInChinaAndIran.md (81%) diff --git a/DDosSmallNumberOfBSNodes.md b/DDosSmallNumberOfBSNodes.md index 9afffba..396f953 100644 --- a/DDosSmallNumberOfBSNodes.md +++ b/DDosSmallNumberOfBSNodes.md @@ -7,4 +7,4 @@ As the network is now, the number of nodes is very small, and all well known. So Tox is vulnerable to being completely taken down by blocking a small number of nodes. -See: [[ToxAndTorInChina]] +See: [[ToxAndTorInChinaAndIran]] diff --git a/MultiDeviceAnnouncementsPOC.md b/MultiDeviceAnnouncementsPOC.md index 7a56885..e7d98f0 100644 --- a/MultiDeviceAnnouncementsPOC.md +++ b/MultiDeviceAnnouncementsPOC.md @@ -19,6 +19,22 @@ using so that others can communicate to the device he is currently using. The POC ignores the problem of history sync that this creates. Others can address that later perhaps with tools like rsync. +## Background + +When it comes to multi-device support, at the present time we are +lagging behind well-known centralized messenger systems. A few +examples are Google Hangouts, Facebook Messenger, and Skype. Every one +of these syncs messages to every device which connects to their +network. If you need an address, number, or entire friend list it’s a +simple login away. [[ToxMultiDevice]] + +Not the goal of this project but an important benefit, Multi-Device +support would solve some of the issues sharing a ToxID: it would allow +the clients to connect with mobile devices (NFC, QR codes, other) and +be available anywhere. + +## First Steps + The idea is to firstly define a PersonaID, much like a ToxPk that stays permanent across his devices, and maps the Person to the active ToxPk. @@ -182,6 +198,8 @@ under 1007 chars, then it can be set as your status message on all of your devices. The status message is visible to all of your friends so they all have a copy of the latest blob all of the time. +3. If the blog.gz is less than 1000 chars, could it fit in a QR code? + In fact we could do #2 first to get things going, and then do #1, which is more changes to the code, although a lot of the code could be morphed from the avatar code. Or you could push a blob as a file if diff --git a/ToxAndTorInChina.md b/ToxAndTorInChinaAndIran.md similarity index 81% rename from ToxAndTorInChina.md rename to ToxAndTorInChinaAndIran.md index d38dee9..8d84215 100644 --- a/ToxAndTorInChina.md +++ b/ToxAndTorInChinaAndIran.md @@ -32,7 +32,7 @@ To even try out this approach I think you need to fix the issue of not resolving the IP address of the targets when you are in front of a SOCKS5 proxy (Tor). But maybe there's another way: you could contact each of the OnionV3 BS nodes outside of Tox and get the -IPv4 address of each Onion BS node, for- life-of-the-tor-instance +IPv4 address of each Onion BS node, for-life-of-the-tor-instance which is usually long enough, in Python using the Tor stem library. Then you could use these IPv4 addresses as your BS nodes, as long as your client didn't suffer from the dreaded deranged-hard-coded-bs syndrome. @@ -41,16 +41,19 @@ I've tried this but it's currently impossible to test as there is no equivalent to the ```other/fun/bootstrap_node_info.py``` script for TCP connections. For UDP you can send a packet of len 78 with the magic first bytes and get a version and MOTD reply. Not so for TCP ( -in fact if you do send such a packet to the TCP it send the BS node -into an [infinite loop for which it never -recovers](https://github.com/TokTok/c-toxcore/issues/2332)). So we -need a simple fix to the TCP_server code to at least look for a +in fact if you do send such a packet to the TCP it send the BS node into an +[infinite loop for which it neverrecovers](https://github.com/TokTok/c-toxcore/issues/2332)). +So we need a simple fix to the TCP_server code to at least look for a special packet like this and be nice and send a simple nice reply like -the UDP case. Raised as -https://github.com/TokTok/c-toxcore/issues/2331 +the UDP case. Raised as https://github.com/TokTok/c-toxcore/issues/2331 We should not kid ourselves that we don't all live in China or Iran - the planet is in a loc$down and I think we might quickly find out just -how much resiliance we need. +how much resiliance we need. s/China/Iran/Syria/Russia/ + +* https://www.themoscowtimes.com/2021/12/07/why-the-kremlin-blocking-tor-is-a-big-deal-a75751 +* https://www.wired.com/story/russia-block-tor-censorship/ +* https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook + Up: [[DDosSmallNumberOfBSNodes]] diff --git a/ToxComparedWithOtherIm.md b/ToxComparedWithOtherIm.md index 7c568f0..47f904f 100644 --- a/ToxComparedWithOtherIm.md +++ b/ToxComparedWithOtherIm.md @@ -53,6 +53,9 @@ Features: Centralized systems make it easy to MITM the E2E crypto, so unless they are open source, they can't be trustworthy. +It is *much* harder to Tox over Tor than to block services like +WhatsApp which relay on centralized servers. + ### WhatsApp * https://www.sott.net/article/472864-Telegram-CEO-issues-warning-about-WhatsApp-security diff --git a/ToxMultiDevice.md b/ToxMultiDevice.md index 12482e4..d2aa266 100644 --- a/ToxMultiDevice.md +++ b/ToxMultiDevice.md @@ -32,7 +32,6 @@ ToxID’s are difficult to share without having an existing textual communication connection (anything you can copy from or paste to). Sharing ToxID’s in other ways is problematic. - When it comes to multi-device support, at the present time we are lagging behind well-known centralized messenger systems. A few examples are Google Hangouts, Facebook Messenger, and Skype. Every one @@ -40,25 +39,27 @@ of these syncs messages to every device which connects to their network. If you need an address, number, or entire friend list it’s a simple login away. - -Not the goal of this project but an important benefit, Multi-Device support would solve some of the issues sharing a ToxID: it would allow the clients to connect with mobile devices (NFC, QR codes, other) and be available anywhere. +Not the goal of this project but an important benefit, Multi-Device +support would solve some of the issues sharing a ToxID: it would allow +the clients to connect with mobile devices (NFC, QR codes, other) and +be available anywhere. ## Prerequisites ### Data Syncing (Friends and Messages): -Devices may go online and offline. It’s required that an online device be able to keep other devices in the “device group” in sync, Updating both friends and messages.[a][^1][b][^2] +Devices may go online and offline. It’s required that an online device be able to keep other devices in the “device group” in sync, Updating both friends and messages.(a)[^1](b)[^2] ### Contact Syncing Contacts (called friends in the Toxcore API) are synced across all devices using a transactional method. As a pair the devices decide -which will have the primary role, and which will take -secondary. Throughout the entire syncing process, the primary device -will send it’s data, followed by a “done” packet. The secondary will -then send its data, followed by its own “done” packet. The primary -device will then send a “commit” packet, and will then commit the data -from temporary storage, into active use. Once receiving the “commit” +which will have the primary role, and which will take secondary. +hroughout the entire syncing process, the primary device will send +it’s data, followed by a “done” packet. The secondary will then send +its data, followed by its own “done” packet. The primary device will +then send a “commit” packet, and will then commit the data from +temporary storage, into active use. Once receiving the “commit” packet, the secondary device will do the same. Either Client can send an Error packet at either time, which will then @@ -108,8 +109,15 @@ Security and safety is the primary concern, however this needs to be tempered wi ### Device IDs -Device IDs need to be unique and never changing. On each connect, each client should query each friend they connect to, to verify if they support multi-device AND are in a group. This can be done by asking for the deviceID at ```__device0```. If there is a device at that address; then enumerate for each other device. -Devices will be found by the string_to_id service using the protected `__device[0-9]+` group. (Toxcore must protect strings that start with two underscores such as “__[string]”, and not allow a client to use them in the string_to_id API.) +Device IDs need to be unique and never changing. On each connect, each +client should query each friend they connect to, to verify if they +support multi-device AND are in a group. This can be done by asking +for the deviceID at ```__device0```. If there is a device at that +address; then enumerate for each other device. Devices will be found +by the string_to_id service using the protected `__device[0-9]+` +group. (Toxcore must protect strings that start with two underscores +such as “__[string]”, and not allow a client to use them in the +string_to_id API.) Starting with ```__device0```, the client will attempt to resolve the @@ -153,7 +161,10 @@ friend/contact list, and the selected amount of history text history to the new device. -A max limit of devices will need to be chosen later to limit worst case usage of enumerating devices. (Additional protocol requirements will be detailed later, i.a. security limitations, verifiable, master device, slave device, deauthed devices.) +A max limit of devices will need to be chosen later to limit worst +case usage of enumerating devices. (Additional protocol requirements +will be detailed later, i.a. security limitations, verifiable, master +device, slave device, deauthed devices.) ## Message sending @@ -170,8 +181,8 @@ received the message, and may stop. This will protect the sender from having to maintain a list of who needs what message, and leave the additional data syncing up to the receiving client. - -It is considered the job of the receiving client to keep all the other devices in sync with the rest of the group. +It is considered the job of the receiving client to keep all the other +devices in sync with the rest of the group. ### Alternatives Considered @@ -195,7 +206,7 @@ Effective and secure history syncing across devices. How to add a user to your contact list -* By Primary ToxID[f][^6][g][^7] +* By Primary ToxID(f)[^6](g)[^7] * By any deviceID * Something else? @@ -253,8 +264,6 @@ Conversations that need to be added to the spec: ``` - - ### Feature Requests: (Requested publicly, no suggestions have been reviewed or accepted yet.) @@ -266,30 +275,30 @@ Conversations that need to be added to the spec: ## Footnotes -* [a][^1] Does this design document define a way in which friends (and perhaps groups) are to be synced? And how would friend/group syncing work across multi-devices that don't have a common time base? +* (a)[^1] Does this design document define a way in which friends (and perhaps groups) are to be synced? And how would friend/group syncing work across multi-devices that don't have a common time base? -* [b][^2] I haven't fully decided on the final spec for this question. +* (b)[^2] I haven't fully decided on the final spec for this question. Currently my plan is to retain information about changes as a numerical delta, and use the largest delta. But as I haven't started on this section, really I have no idea. -* [c][^3] What about in the case of an A/V call? Does that get broadcast to call connected clients or only the last 3? A tox client running on a mobile device that had not sent a user-generated message missing a call would be bad. +* (c)[^3] What about in the case of an A/V call? Does that get broadcast to call connected clients or only the last 3? A tox client running on a mobile device that had not sent a user-generated message missing a call would be bad. -* [d][^4] I'm likely to drop that idea in total. +* (d)[^4] I'm likely to drop that idea in total. Currently toxcore sends everything to all devices. -* [e][^5] With other services such as Discord, when a call comes in depending on what is on, I could have two PCs, a laptop and cellphone all ring, but whatever device I answer on obviously gets the call. +* (e)[^5] With other services such as Discord, when a call comes in depending on what is on, I could have two PCs, a laptop and cellphone all ring, but whatever device I answer on obviously gets the call. -* [f][^6] how is primary toxID different from any other ID? which device is the primary one? as far as I understood they are all equal. +* (f)[^6] how is primary toxID different from any other ID? which device is the primary one? as far as I understood they are all equal. -* [g][^7] I'm not sure there's going to be anything like a primary ID in the final source. When discussing it, the idea of a master device came up as a security tool. But the longer I consider it, the less I think it'll help at all +* (g)[^7] I'm not sure there's going to be anything like a primary ID in the final source. When discussing it, the idea of a master device came up as a security tool. But the longer I consider it, the less I think it'll help at all -* [h][^8] Does it make sense to think about sending the file to both +* (h)[^8] Does it make sense to think about sending the file to both clients, if the user accepts on multiple devices? Especially for bigger files or multiple recipients a P2P protocol (e.g. torrent) may be useful. -* [i][^9] Yeah, I've given that a little thought. The current idea +* (i)[^9] Yeah, I've given that a little thought. The current idea floating around has been to implement something torrent like inside group chats. Maybe we could use that as well? As far as multiple devices, what I think is best is transfer the file to the first to @@ -297,7 +306,7 @@ Currently toxcore sends everything to all devices. way the sender doesn't have to spend the extra data for the receivers convenience. -* [j][^10] I like that idea. Especially if one thinks about those users +* (j)[^10] I like that idea. Especially if one thinks about those users on a phone with limited traffic. You wouldn't want to use all your available data just so others can sync. You could add a button on top of lets say a picture saying "sync with my other devices" to @@ -305,4 +314,5 @@ Currently toxcore sends everything to all devices. just sending it once should be a lot easier. I'd consider media sync between my devices as a nice-to-have. -* [k][^11] Could it be a good idea to allow sync incomplete downloaded files from device A to device B and then start downloading from device B +* (k)[^11] Could it be a good idea to allow sync incomplete downloaded + files from device A to device B and then start downloading from device B diff --git a/ToxNetworkResilience.md b/ToxNetworkResilience.md index f3eda65..c469ab9 100644 --- a/ToxNetworkResilience.md +++ b/ToxNetworkResilience.md @@ -23,7 +23,7 @@ If you are not running over Tor and are on a stable connection, try it. Every BSnode operator who wants to help the network be resilient in places like Iran should run a Tor server that provides the node as an -onionV3 service; see [[ToxAndTorInChina]]. +onionV3 service; see [[ToxAndTorInChinaAndIran]]. If you run a bootstrap node, you can run a Tor Ononv3 gateway to the node by simply adding the following lines to your ```torrc```