TOR enabled/capable NXT clients
Issue #33
new
After the discussion of using SSL for privacy (Issue #30), it seems a good idea to have clients that have built-in support to work over TOR.
Comments (20)
-
reporter
-
reporter
It seems pretty easy for client developers to offer the option to route all traffic through TOR.
**
Simple implementation: Assumes user already runs tor and port 9050 is listening on localhost. The client would simply need to route all requests to NRS nodes through the local tor socks proxy.
Estimated effort for implementation: 2 hours of work
Advanced implementation: Tor.exe and the necessary dlls (just as an example for Windows) are distributed with the client. If the user opts to use the tor network and there is no proxy listening on port 9050 on localhost, the NXT client automatically starts tor.exe and routes all traffic through the tor network.
Estimated effort for implementation: 4 hours of work
**
We could make a bounty for any client developer who implements easy support for TOR in his client (multiple fixed payments). My idea would be to make it so attractive that all client developers bite and anonymity through TOR would be perceived as a NXT feature.
Disclaimer: As a client developer I would probably profit myself from such a bounty. If this is a show stopper, depending on the details of such a bounty, I would probably be willing to exclude myself from it.
We should discuss if it would be worthwhile to generally have anonymity through TOR in NXT clients.
We should probably discuss if this is InfCom stuff. We came here from a request to fund an SSL certificate, so I'd say yes. While not directly connected to infrastructure, having a general tor support in clients would solve problems, that InfCom would otherwise have to deal with.
-
reporter
- marked as proposal
-
reporter
I've implemented support for Tor in my client as a proof-of concept. It was really easy.
If we create a bounty, I'm fine with exluding myself/my client from it.
-
reporter
- marked as critical
-
Do we need to create a bounty or just post how you solved it in your client and encourage others to ToR enable??
-
reporter
I don't need to post how it's done. There is enough info available with a simple Google search and my explanation would be very specific to my development envirnoment/framework.
I would encourage developers to read https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO though, regarding security/privacy issues when implementing Tor.
Regarding encouraging developers to actually do it: How could we achieve that? ;-)
-
Ok so when you post the Wiki about the privacy and SSL decision and using ToR - why not add this link and a reference to the client that already supports it (yours) and we can close this too... If people are using your client and there is a demand for others to support ToR then they will do it.
-
reporter
I guess this brings us back to the question if InfCom should be an active or passive committee. We could folllow the "demand will handle it" approach with all issues we have, but I would like to see InfCom take an active role. If we agree that something is useful for NXT, we should make a bounty to get it.
My proposal was that I think easy Tor support for NXT clients will solve problems that InfCom would need to solve otherwise, be good for NXT in general and I would like to have anonymity through TOR be perceived as a genuine NXT feature.
We need to discuss this, I think.
-
reporter
Can we get this decided please? I'm fine with not having this bounty, but let's get this issue closed.
My proposal:
- 10.000 NXT for any client developer who adds support for routing communication between the client and the NRS core through the Tor network. The implementation can rely on the Tor software already being installed/running on the end user computer.
- 20.000 NXT for any client developer who adds support for routing communication between the client and the NRS core through the Tor network with no additional Tor software installation necessary.
- The maximum bounty for a client is 20.000 NXT.
- The Tor support should be optional and it should be possible for the end user to enable/disable it.
- The implementation should follow the rules outlines in: https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
- Only NXT clients can get the bounty that were announced in a BTT thread before March 22nd 2014.
- The "NXT Solaris" client/client developer is not eligible for this bounty.
- Before client developers start their implementation, they should confirm with InfCom if their client is eligible for this bounty.
The rationale for the last point is that there are "clients" with no real end user benefit or very specialized clients that only have a limited number of NXT features implemented. I think it makes no sense in giving out bounties to "clients" that are not at all used. Apart from that I don't want to limit the number of entries for this bounty.
I'd expect to see around 5 applications for this bounty and I expect a max. sum for this bounty of 100.000 NXT (but of course it could be less or more).
-
Don't you think we need anonymity solutions inside the network first (i.e. mixing) before we worry about layering it ontop? Until then it seems like a moot point, no?
-
Getting TOR implemented on all clients will be a nice feature, certainly for the more paranoid among us. Again, look on this as expanding our available tool kit, not setting technical policy for all of NXT
I'm going to vote that we should issue the bounty proposal from Marcus as it is, and to throw 10kNxt at Marcus for the TOR implementation in Solaris, if it works ;-)
I would like to have an outside volunteer (or two) to test/bug hunt the TOR implementations before we release funds.
Can I have some "Hell, yeahs" on this: Marcus is excluded,btw, so I need 2 more yes votes before I post this as an official bounty.
-
reporter
It stands that my client/I should be excluded from this bounty. I won't take the bounty for the Tor implementation.
-
Fair enough, i just wanted to make sure that we had a completely open bounty offer. I'd have grabbed the 10k with both hands, so I wanted to give u a chance to profit from your work.
-
reporter
I see your effort and appreciate your proposal. However, for me it's currently more important to get into a neutral position and taking this bounty wouldn't help.
-
@marcus03 Admiring your integrity, and getting it preserved in black+white for future reference. ferment, chanc3r, chuckOne: Can I have a vote or 2 on this bounty proposal?
chanc3r: are you solidly against offering a TOR implementation bounty ?
-
Not against it - i am for it... Just would like to see the method the bounty client uses published in the wiki so other clients can do it.
-
@chanc3r Duly noted, if we approve bounty that will be a condition.
-
if any of the existing clients use JLP's NRS via java, note that java command line inherently supports proxy use set by command line. See Wiki for more info.
But note, that unless your application SPECIFICALLY solves the DNS issue of sending DNS requests for your app over tor, then your OS will leak DNS requests over the regular network connection and not through the tor proxy. (this includes the NRS packages that JLP releases. DNS will leak through)
-
Also, dont just set this tor up and call it good. The user needs to be educated on how to be 100% secure with tor. Using it from the same place all the time wont cut it.
- Log in to comment
I will take a look what is needed for this from a client developer perspective and how far the integration can go (no 3rd party software package installed?).