[tahoe-lafs-trac-stream] [Tahoe-LAFS] #517: make tahoe Tor- and I2P-friendly

Tahoe-LAFS trac at tahoe-lafs.org
Mon Aug 29 23:17:27 UTC 2016 

#517: make tahoe Tor- and I2P-friendly
-------------------------+-------------------------------------------------
     Reporter:  warner   |      Owner:  warner
         Type:           |     Status:  new
  enhancement            |
     Priority:  minor    |  Milestone:  1.13.0
    Component:  code-    |    Version:  1.2.0
  network                |   Keywords:  privacy anonymity anti-censorship
   Resolution:           |  i2p tor-protocol usability
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by warner):

 With the landing of #2788 yesterday, I think we've finished most of the
 work of this ticket. I've re-read the history, and I think this is the set
 of related tickets (not all of which need to be finished to declare
 success, but they should all be examined to be sure):

 * #1942: google chart in WUI leaks information
 * #1010: anonymous client mode (tahoe.cfg `anonymous=true` safety flag)
 * #2384: randomized client IDs
 * #2490: anonymous-friendly create-node/create-client
 * #2491: synchronous node startup
 * #2773: create-node --location/--port/--hostname
 * #2794: move controlport/logport to separate Tub
 * #68: introless
 * #467: static upload server selection

 Remaining work that should be done before the 1.12.0 release:

 * #2815: document how to manually configure a tahoe server on an .onion
 address (#2490 will be the automatic form of this, related to #2773)
 * #2816: make sure `tub.location` can be empty, and make `tub.port=
 (empty)` mean "don't listen". This is for clients. Maybe make the `tahoe
 create-client` initial `tahoe.cfg` file use `tub.port=(empty)`.
 * maybe resolve #1942 (the google-chart leak from the WUI page), or as a
 temporary measure, make `anonymous=true` disable that chart (stop serving
 the IMG tag that renders it)
 * #1010: define/implement the `anonymous=true` safety flag, specifically
 how much it ought to constrain, and whether it should allow running a
 server or not. For sure it should require:
   * `[node]tub.location=` does not contain AUTO (even by default)
   * `[connections]tcp=tor` is set
   * maybe we should implement #2384 (randomized client IDs) and require
 it, but this is a deeper question of whether we're being anonymous or
 pseudonymous, and whether we're trying to hide linkability from the
 servers too, or just the internet as large
   * maybe constrain `tub.location` to advertise an .onion/.i2p hint, to
 protect a user against accidentally manually typing their real IP address
 into that
   * maybe constrain `tor.socks_port` to point at localhost
   * maybe require `tub.port=` is empty? for clients this is what you want,
 but for servers that run behind Tor, `tub.port=` will listen on localhost,
 and that's fine

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/517#comment:89>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list