Discussion | .onion Service

[ghbjklhv]

Objective: Enable .onion PeerTube instance (+ documentation) Why?: IP anonymity is very important. How?: PeerTube already works over TOR, the final step would be to enable a .onion website. It may be possible to still communicate with clearnet instances, considering TOR works as an outproxy. But doesn't TOR recommend against BitTorrent?: Most BitTorrent clients really suck at implementing proxies. It all depends on how you implement things, for instance, ZeroNet supports TOR.

---

Want to support this issue? Post a bounty on it! We accept bounties via BountySource.

[Houkime]

I am not a Peertube developer but normally instances (i.e. servers) are not considered features. Especially with federated software where you are supposed to setup your own instance. Feature might be adding tor-specific support to make .onion instance possible or easier.

I am interested in this topic. What are current actual problems with setting up torified peertube instance? Maybe besides the fact that it is TypeScript which is a bad idea over tor, and clients are still a problem.

[ghbjklhv]

I am not a Peertube developer but normally instances (i.e. servers) are not considered features. Especially with federated software where you are supposed to setup your own instance. Feature might be adding tor-specific support to make .onion instance possible or easier.

@Houkime No dilemma, I'll edit my post to fix this and avoid confusion. :)

What are current actual problems with setting up torified peertube instance?

I remember reading a while back that there was an issue with SSL being required to follow users. .onion servers use HTTP. Can't find the source to verify though.

This link may be of interest: https://www.reddit.com/r/PeerTube/comments/byb4nb/onion_peertube_instance/

[Houkime]

So this is basically a continuation of https://github.com/Chocobozzz/PeerTube/issues/1569 which is still open and which revealed a roadblock for tor-clearnet federation being that a Peertube instance is not supposed to be a proxy for other instances so there could be no "gateway to Tor" Peertube instance?

Or this is supposed to be more specific to a case of a solitary non-federated instance or federated-with-other-hidden-services scenario?

[ghbjklhv]

@Houkime IP is a big issue in BitTorrent. My goal was to create a discussion on using TOR to help fix this and further anonymity. This is already done in other areas like Mastadon: http://halcyonkqnyqlwho3kpalgs2uumntusy3kxulc7gkzfr3q7ybexukcyd.onion/

Or this is supposed to be more specific to a case of a solitary non-federated instance or federated-with-other-hidden-services scenario?

How or if .onion instances would communicate with clearnet is part of the discussion portion of this thread.

[Chocobozzz]

Hi,

Is this not the same discussion than https://github.com/Chocobozzz/PeerTube/issues/1569?

[Jorropo]

First :

Why?: IP anonymity is very important.

That not what tor provide. (if you real search for that try i2p, that still not perfect but still way better) then is it possible ? Quite : Torbrowser (and i2p) doesn't support webrtc currently so this isn't possible to do p2p in browser so this will be only streaming from node to browser (redundancy is still possible). Then federation ? For that you need 4 things, your hidden service provider (i2p, tor, ...) to redirect traffic to your node, that currently is fully compatible with peertube if you do a good configuration with your nginx, (I've allready tried). Then makes peertube actualy use this by first broadcasting the bech 32 or onion address instead of regular domain (may works). And finaly allow the server to connect to your hidden service provider for his request. That done via using a proxy, http://localhost:4444 for i2p or socks5://localhost:9050 for tor (not implemented). And also allow http in federation (i2p and tor works without that).

So the question, is would you a same federation for all hidden service provider and clearnet ? or would you a federation by network. that will determine how hard it will be.

• 1 federation by network is easy as adding proxy and proxy support to activity pub (maybe allready in activity pub so we just have to add this to the config).
• 1 big federation is way more complicated since activity pub doesn't support a nodes with more address and a proxy selector for chosing the right one, could be also done by having an instances of activity pub for each network (but still very hard).

EDIT: If you setup this for i2p you shouldn't use http://localhost:4444 for your peertube. You should create an other http proxy wich use the same key as your peertube service and not using shared tunnels for peertube.

[Jorropo]

@Chocobozzz I as I understand this isn't totaly the same, this is more about allowing http and .onion tld in the address. So not a full duplicate.

[Houkime]

While WebRTC per se may be a problem, if one makes a more dedicated client to fetch and download magnets from a hidden instance it might be ok. In such case i2p makes for an inherently better choice of provider because the torrent support in i2p is builtin from start with snark. However bandwidth is more of a problem with i2p then with tor.

[Jorropo]

@Houkime

In such case i2p makes for an inherently better choice of provider because the torrent support in i2p is builtin from start with snark.

i2p is very good but this slow and they doesn't realy care about "compatibility", i2p is been made to work with some plugin using a java guideline, with some remade of basics protocols (like tcp), not even an http api to control the router, that have been done through a custom protocol, Also torrent isn't made in the browser but through the java node. Making peertube compatible with i2p torrent is likly possible as making webrtc in tor or i2p. (because again i2psnark isn't made for in browser work).

An other way simpler could be to devlop a peertube client to integrate as plugin for i2p (that hard, and long).

[trymeouteh]

Would be great for a peertube server to be able to talk to onion sites and allow anyone with a peertube account on the clear web to watch and connect to a video on an onion site.

[gtsop]

Really interested in this. What I want to accomplish is use Peertube as a video hosting and streaming platform just for my own content, optionally accessed through an onion service. I personally don't need to make use of other features (eg talking to other instances).

Researching this topic I found this very interesting comment from this reddit AMA:

AFAIK PeerTube uses BitTorrent, which is cool! However, many ISPs restrict BitTorrent (some even puts users on a blacklist for using BitTorrent), and the Tor Project strongly recommends against using BitTorrent with Tor. So:

Will there be a way to nicely use PeerTube if I use Tor, and can I expect PeerTube to only work if my Internet connection allows BitTorrent?

And the answer was:

PeerTube actually uses BitTorrent over WebRTC via a library called WebTorrent. ISPs won't be able to restrict it without stochastic traffic identification, which is costly and will harm QoS for other legitimate uses of the web.

As Tor fobids file-sharing usages, the way to go at the moment is to deactivate WebRTC for peertube sites at the browser level. In the future it will be to use the soon-to-be-developped opt-out of WebTorrent from within the PeerTube interface.

Note that the Tor Browser disables WebRTC, so by just using it you are compliant with Tor's ToS and only using PeerTube's HTTP fallback!

I am specifically interested in this last sentence:

Note that the Tor Browser disables WebRTC, so by just using it you are compliant with Tor's ToS and only using PeerTube's HTTP fallback!`

I am neither a tor expert nor a p2p expert. But what I understand by this is I can expect users to visit my peertube instance on clearnet, using the Tor browser and be secure (meaning the security/anonymity benefits of Tor) . I would expect their security wouldn't be compromised if they accessed the same instance via an onion service. Do you think this assumption is correct?

Edit: fixed formatting.

[rigelk]

Hi @gstop,

Yes, my comment still stands, and Tor Browser is preserving your users' privacy even here.

[gtsop]

Yes, my comment still stands, and Tor Browser is preserving your users' privacy even here.

@rigelk So doesn't that answer the OP's main question re using Tor and BitTorrent? It looks like the answer is "It's fine because Tor Browser won't use WebRTC and will fallback to standard http"

So what remains to be done for the purpose of this ticket is probably getting some documentation on the topic?