Open sneurlax opened 9 months ago
sneurlax
commented
9 months ago Or we can use C tor. MagicalBitcoin/libtor-sys worked fine, why not just regress for it?
The hurdle is making sure cargokit still works for a libtor-sys-based tor (tor_ffi_plugin) package
sneurlax
commented
9 months ago See https://github.com/Foundation-Devices/tor/pull/16 for enabling the option to build with onion service support
sneurlax
commented
9 months ago See https://github.com/Foundation-Devices/tor/issues/15#issuecomment-1727284123 for an argument why (AIUI) it's safer to enable onion services than use clearnet requests
Following the link leads to the page titled Arti 1.1.6 is released: Now you can connect* to Onion Services!
*: Note that this feature is not yet as secure as the equivalent feature in the C tor implementation, and as such you probably shouldn't use it for security-sensitive purposes. (Our implementation is missing the “vanguards-lite 16” feature that C tor uses to prevent guard discovery 15 attacks.) For this reason, the feature is (for now) disabled by default. To turn it on, you can enable it on the command line (arti -o address_filter.allow_onion_addrs=true proxy) or edit your arti.toml configuration file (set allow_onion_addrs = true in the section [address_filter]).
The second link is to the arti changelog which shows that 1.1.7 and 1.1.8 both had onion-service related upgrades, but did not add guard discovery mitigations. Neither the 1.1.7 nor the 1.1.8 blog posts mention safety- or privacy-related fixes or mitigations.
sneurlax
commented
9 months ago I have been instructed to wait for arti to enable onion services by default
sneurlax
commented
2 months ago
See https://gitlab.torproject.org/tpo/core/arti/-/blob/main/README.md#hidden-service-onion-service-client-support: