[tahoe-lafs-trac-stream] [tahoe-lafs] #517: make tahoe Tor- and I2P-friendly

tahoe-lafs trac at tahoe-lafs.org
Sun Jan 26 00:41:34 UTC 2014 

#517: make tahoe Tor- and I2P-friendly
-------------------------+-------------------------------------------------
     Reporter:  warner   |      Owner:  ioerror
         Type:           |     Status:  new
  enhancement            |  Milestone:  undecided
     Priority:  minor    |    Version:  1.2.0
    Component:  code-    |   Keywords:  easy privacy anonymity anti-
  network                |  censorship i2p tor
   Resolution:           |
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by leif):

 Currently Tahoe is usable with tor via the usewithtor/torsocks LD_PRELOAD
 tool, but it would be nice to have less hacky proxy support built-in.

 Over at http://foolscap.lothar.com/trac/ticket/217 david415 is working on
 adding twisted endpoint support to foolscap. Once that is done, I was
 initially thinking that Tahoe should load (as yet unwritten) twisted
 plugins which register the txsocksx library as endpoints called "socks"
 and "tor" (the latter of which would automatically use the tor socks port
 9050, and perhaps also fall back to the other common tor port 9150). After
 simply loading these plugins, we could use furls in the form of
 "tor:foo.onion:nnnn" or
 "socks:example.com:nnnn:sockshost=127.0.0.1:socksport=9050". However,
 there are two problems with this approach:
 * It would only allow a user to use tor when furls in announcements
 received from the introducer tell it to.
 * In the case that the whole grid is expected to be using tor: furls,
 anyone could announce a non-tor storage furl which would cause clients to
 connect without tor and reveal their IP address.

 So, endpoint support alone is not enough to make Tahoe tor-friendly. But,
 I still think adding endpoints to foolscap seems like the correct thing to
 do.

 My current thought is that Tahoe should have an "always_use_tor" option
 which causes all furls to be rewritten as tor: endpoints before being
 passed to foolscap. If this option is not enabled, tor connections will be
 made if a tor endpoint is used, but not otherwise. So, users of mixed tor
 /non-tor grids can leave it disabled if they prefer faster connections to
 non-tor nodes.

 This is almost enough, but still leaves a problem for users who want to
 connect via Tor to all storage nodes *except* for their own. I think the
 solution here is to use david415's introducerless branch and add a new
 per-server option to make exceptions to the always_use_tor directive.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/517#comment:15>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list