-
-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Anonymous homeservers (Tor/I2P support): Modifying the federation system #1277
Comments
You don't need a separate mechanism for keeping track of known Matrix servers, since you can just have the user input the url to the matrix homeserver they want to connect to, e.g. |
support for Tor/I2P homeservers would be perfect for people who do not want to/can not buy a domain |
Thanks for raising this issue. 😍 I would also like to see this implemented, does anyone know the status of the Tor-support issue? Is this planned? |
Since it already works as-is in my PoC (matrix-org/synapse#5152 (comment)), I don't think the federation system needs bigger changes. Make note that federations need to work in both directions in any use case, so no tricky workarounds can exist over simply enabling Synapse to integrate automatically with existing Tor SOCKS, DNS and non-SSL instances as I suggested in my editorial. Concluding, you may wish to close this ticket now. |
I think it's worth waiting until a more workable solution is found. As you pointed out yourself, you disabled a few security features to get it to work. |
Security is a process, not a feature. In this case, as TOR uses its own domain name system, the following question arises:
As such, I don't see anything wrong in disabling SSL for onion<->onion federations. The only issue is that if such a homeserver also handles clearnet connections, impairing certificate checks for those may hurt. This is fixable by recognizing .onion hostnames and simply doing what I did with those only. Which means we only need a few steps forward (a small grep, a small if), not many steps backwards or waiting for another year or so. |
Moving it here from element-hq/synapse#7088 as apparently the synapse devs can't do anything about it since it requires some actual protocol changes: to whoever that wants to work on this : add .onion support for matrix servers to federate as an opt-in feature, no need for i2p (userbase is too small) i'll pay whoever successfully implements this in matrix protocol + synapse server and merges it with 5 Monero (XMR) (meaning 750 euros)take the usecase where i have a matrix server at home, at whateverlink.onion with port 8448 ONLY accessible over the onion link through tor alone, and with just that it needs to be able to federate to other servers, and over tor. exactly what was described above :
Point is, i shouldnt have to pay for a VPS, and a domain with port 8448 forwarded, to be able to federate somewhere. (maybe add a server setting somewhere to prevent abuse, fine by me if that's the concern) detailing the idea a little further, by default your matrix synapse server doesn't come equipped with the capability to access a potential matrix server through tor. So you would need a server setting mentionning the SOCKS5 proxy (by default 127.0.0.1:9050 for tor connections), and for the onion nodes, they'd need to access the clearnet nodes through tor (meaning through the socks proxy)
There, to prevent abuse on the clearnet matrix servers, i guess you would have the 2 following settings:
So you would have the following ecosystems: 1) the clearnet ecosystem of nodes federating with each otherrequirement per clearnet node :
2) the clearnet w/ optional onion ecosystem:requirement per clearnet node:
requirement per onion node :
and to federate to the clearnet, it would require a clearnet node to also have access to a tor socks proxy, and to have enabled the setting that they allow federation from onion nodes (opt-in due to the abuse potential of course) 3) purely onion ecosystem (no clearnet at all)requirement per onion node :
and the nodes would federate with each other, no clearnet needed at all, just matrix servers with tor connectivity. EDIT AS OF 05/10/2024: it looks like noone in matrix seems to take that seriously, so i'm cancelling the bounty. I have moved my entire community from matrix to SimpleX, where onion support is already there. Besides, matrix has become a mess and is apparently going nowhere anonymity-wise and deniability-wise. Until you guys catch up to the standard that SimpleX has achieved, i'm not going back there. |
Also consider GNUnet longterm, and I don't think the userbase matters all that much, people will use what is available. |
Suggestion
What would you like to see in Matrix? If your idea is vaguely complete enough, we
recommend submitting an MSC instead.
To accomplish this, the federation system would need to be modified, we probably also want to do this in a way that the Matrix homeserver doesn't need a Tor/I2P proxy running (because not everyone would be comfortable with that).
In that case, the connection from Tor to Matrix (clearnet) is only possible on reverse (Tor to Matrix clearnet works) (Matrix clearnet to Tor doesn't work).
Possible ideas:
Related non-duplicate issues:
The text was updated successfully, but these errors were encountered: