Wiki

Clone wiki

mod_onions / Home

Introduction

A large percentage of the major chat networks (MSN Messenger, AIM, Facebook chat) is run by large companies. They usually offer encryption of some form (at the very least, during login), but this only encrypts the connection to their server, they still can read everything their users talk about. This can be seen as a problem, especially when governments try to get direct access to this data.

OTR can help to combat this, however, it only hides what users talk about, not the fact that they are talking, and with whom.

Tor can be used to make it very hard to trace your connection back to you. But even if you are using Tor, all your friends are using Tor and you all use OTR, the server still knows this: there's a group of people who try to hide where they are connecting from and what they are talking about. They can see how often users talk to each other, and at what time of the day.

Distributed chat: XMPP

The XMPP protocol allows servers to federate: users on different servers can chat with each other. This means everyone can set up their own server in a short amount of time. Running your own server allows you privacy a public server will never offer you: you, and only you, can see your own contact list.

However, running an XMPP server that can effectively federate requires a domain name, it doesn't work with just IP addresses. This not only reduces your privacy (you need to sign up for the domain name, pay for it, etc.), but it also means the domain name could be seized, which could take over all traffic to the server.

Hidden servers

Normally, users use Tor as a proxy between their computer and a server, making it hard for the server, or anyone intercepting the user's traffic, to see from/to where they are connecting. However, Tor also has a way to run a server with such protection: a hidden service. A hidden service uses a hostname ending in .onion, which users using Tor can connect directly to (it never leaves the Tor network). The Tor network makes it very hard to determine the real IP address the hidden service runs on.

We can easily combine the two: run an XMPP server as a hidden service works quite well. This can be done with a standard XMPP server, for example Prosody, without any changes. However, running a federated network over Tor is not as easy: the server needs to understand that all outgoing connections to .onion addresses should go into a SOCKS5 proxy.

That's exactly what this module is made for.

Updated