Closed zugz closed 5 years ago
I have seen the document describing issues with onion in your https://github.com/zugz/tox-onionPathsProposal repo and also seen your ToxCon slides on it, and I have to agree that the onion doesn't protect user's IP address and their friends' long term keys sufficiently enough. A determined attacker with the right knowledge and resources to host enough dht onion nodes should be able to get this information from the onion according to your findings.
In the light of the known vulnerabilities in the onion (see https://github.com/TokTok/c-toxcore/issues/1152 ), I think we should avoid claiming too much for it.