search

emersion / hydroxide

A third-party, open-source ProtonMail CardDAV, IMAP and SMTP bridge
MIT License
1.58k stars 122 forks source link

Tor stream isolation support #266

Open 1cho1ce opened 10 months ago

1cho1ce commented 10 months ago

Right now if hydroxide has multiple accounts then connection to all of them will go through the same Tor circuit and it'll cause identity correlation. Using HTTPS_PROXY or torsocks won't help here and stream isolation should be implemented inside hydroxide so all new connections will use a fresh circuit, rather than possibly re-using an existing circuit. This could be implemented using this package when hydroxide is started with -tor 127.0.0.1:9050 option: https://pkg.go.dev/github.com/lightningnetwork/lnd/tor

emersion commented 4 months ago

I don't believe plumbing Tor/proxy support to each and every program that uses TCP is a good way forward. I would recommend setting up a system-wide transparent proxy instead (TransPort in Tor config), which makes Tor work similarly to VPNs.