oxen-io / session-desktop

Session Desktop - Onion routing based messenger
https://getsession.org
GNU General Public License v3.0
1.55k stars 197 forks source link

Add function p2p on Chat #1818

Open ghost opened 3 years ago

ghost commented 3 years ago

We have a blockchain network and a node, but there is no p2p communication, it would be better to integrate local communication based on client-client into the client

What will it give us? Unlimited transfer file size Audio / Video calls (no limits) Offline mode (wi-fi/ bluetooth) reduce the load on the network add security and respect for users

How to use it? For example, the user connects to loki in normal mode. If the user needs to talk to someone p2p, he simply turns on the p2p mode in the chat. The interlocutor receives a notification about switching to p2p mode (he has the right to choose whether to connect or not) If the interlocutor chooses to connect then a p2p connection is established

144 commented 3 years ago

image It's on TODO list.

source: https://oxen.io/roadmap

ghost commented 3 years ago

Oh the very nice) very wait this

Audio / Video p2p call not planned?

144 commented 3 years ago

Oh the very nice) very wait this

Audio / Video p2p call not planned?

Calls will be basically P2P but routed through Lokinet just like messages (on todo)

ghost commented 3 years ago

that is, I can be sure that my call will not be transferred to another node / server?

he will only be an interlocutor-an interlocutor right?

Lokinet will it only give out information for connecting 2 addresses? or other?

P.S it will be interesting to read about this in the blog :)

Thanks you answer

144 commented 3 years ago

that is, I can be sure that my call will not be transferred to another node / server?

he will only be an interlocutor-an interlocutor right?

Lokinet will it only give out information for connecting 2 addresses? or other?

P.S it will be interesting to read about this in the blog :)

Thanks you answer

Your call will be going to the person you are talking to through Lokinet to prevent IP exposure, call will be end to end encrypted and cannot be decrypted (by other parties) nor stored on nodes.

ghost commented 3 years ago

the audio call (in encrypted form) is transmitted via the loki network? or audio call data not use lokinet (only for connected user)

sometimes it is much more important not to hide the address (but to be sure that the audio call is not transmitted anywhere other than the interlocutor (even if it is encrypted)

example Tox use call only p2p (because user can hide ip use other software)

144 commented 3 years ago

the audio call (in encrypted form) is transmitted via the loki network? or audio call data not use lokinet (only for connected user)

sometimes it is much more important not to hide the address (but to be sure that the audio call is not transmitted anywhere other than the interlocutor (even if it is encrypted)

example Tox use call only p2p (because user can hide ip use other software)

Yes, call is transmitted only in encrypted form through Loki. It can't be decrypted by anyone but the person you are talking to. Tox is designed differently than Session, everything in it is p2p, however if you are talking to untrusted person you are risking your identity being revealed by leaking ip address.

ghost commented 3 years ago

it is debatable which is worse) leaking the address or saving an encrypted call with the ability to decrypt it at a later time (there is no encryption that cannot be decrypted, it is only a matter of time)

after all, someone can change the source code of the node and run it in such a way that it saves everything, this was done in the tor. that's why p2p is good. (Maybe I'm wrong)

it doesn't matter to me, I just want to show that there are worse scenarios and offer an idea

make 2 types of calls 1) via loki no (hiding your address) 2) p2p without hiding the address, but the data exchange is purely between client-client without the participation of the network

and user can switch this mode.

KeeJef commented 3 years ago

P2P chatting and voice calls cannot be done in the traditional P2P way, since we never want to expose the users IP address to their chat partner. So P2P for us means P2P through Lokinet, with each user establishing a .loki address. So basically all of this is waiting on Lokinet support in Session (currently we only have onion requests not Lokinet)

ghost commented 3 years ago

I probably just don't understand the search and communication process well.

but if the audio call is transmitted through the node (and not directly to the client) this may be more dangerous than an address leak (example tor fake node)

I'm not even talking about the fact that it's enough to find out the address simply by throwing a link to the chat that the user will follow.

Or a vulnerability in the chat that will be sooner or later. (A matter of time)

toomuchacid commented 3 years ago

I probably just don't understand the search and communication process well.

but if the audio call is transmitted through the node (and not directly to the client) this may be more dangerous than an address leak (example tor fake node)

I'm not even talking about the fact that it's enough to find out the address simply by throwing a link to the chat that the user will follow.

Or a vulnerability in the chat that will be sooner or later. (A matter of time)

In regards to a traitor node, that possibility is eliminated/mitigated by the Lokinet's crypto-economics model to prevent against Sybil attacks. Owning a Service Node on Lokinet requires OXEN$15,000 staked, look it up on the oxen.io FAQ. or here: [https://arxiv.org/pdf/2002.04609.pdf]

In regards to IP reveal, this whole project exists to solve the issue of identity reveal during online communication and to protect the IP address! If you want encrypted calling, use Signal. It's had that feature for years and everyone already uses it. Session was forked from Signal. Session aims at pushing the encrypted calls to the next level, being anonymous AND encrypted calls, and it's ALOT of work just to do that properly.

ghost commented 3 years ago

In regards to a traitor node, that possibility is eliminated/mitigated by the Lokinet's crypto-economics model to prevent against Sybil attacks. Owning a Service Node on Lokinet requires OXEN$15,000 staked, look it up on the oxen.io FAQ. or here: [https://arxiv.org/pdf/2002.04609.pdf]

In regards to IP reveal, this whole project exists to solve the issue of identity reveal during online communication and to protect the IP address! If you want encrypted calling, use Signal. It's had that feature for years and everyone already uses it. Session was forked from Signal. Session aims at pushing the encrypted calls to the next level, being anonymous AND encrypted calls, and it's ALOT of work just to do that properly.

I read the FAQ But do you really think that it's a problem for influential structures to get 15,000 coins? :) I'm even not talking about the fact that (hacker/gogovernment/other) can write a virus and capture these node (if you really want to)

yes, and it's great that the session tries to remain anonymous, but it's also about the security of the conversation (after all, information leakage is also important)

When I know that information is transmitted without a node, I am sure that it is purely between us.

When information goes through nodes (even with encryption) I can no longer be 101% sure that this will not be read/listened to

it's about audio/video calls

toomuchacid commented 3 years ago

Ok. You should read a networking textbook I think. There is no such thing as a direct P2P connection in the way you are referring to it, there are likely hundreds of servers/networks between your devices. Try this as an experiment in a command shell;[code] traceroute google.com /codeIt maps out the path your packets (encrypted or otherwise) have to take to get to where they're intended.If I've gone overboard with a simple explanation I apologize, it seems you are understandably concerned about your data's privacy but don't understand how a network like the internet works?All the best with your endeavour in this, it'll be worth it 😊 On Fri, Oct 1, 2021 at 7:18 am, xbvrhlmb @.***> wrote:

In regards to a traitor node, that possibility is eliminated/mitigated by the Lokinet's crypto-economics model to prevent against Sybil attacks. Owning a Service Node on Lokinet requires OXEN$15,000 staked, look it up on the oxen.io FAQ. or here: [https://arxiv.org/pdf/2002.04609.pdf] In regards to IP reveal, this whole project exists to solve the issue of identity reveal during online communication and to protect the IP address! If you want encrypted calling, use Signal. It's had that feature for years and everyone already uses it. Session was forked from Signal. Session aims at pushing the encrypted calls to the next level, being anonymous AND encrypted calls, and it's ALOT of work just to do that properly.

I read the FAQ But do you really think that it's a problem for influential structures to get 15,000 coins? :) I'm even not talking about the fact that (hacker/gogovernment/other) can write a virus and capture these node (if you really want to) yes, and it's great that the session tries to remain anonymous, but it's also about the security of the conversation (after all, information leakage is also important) When I know that information is transmitted without a node, I am sure that it is purely between us. When information goes through nodes (even with encryption) I can no longer be 101% sure that this will not be read/listened to it's about audio/video calls

—You are receiving this because you commented.Reply to this email directly, view it on GitHub, or unsubscribe.

ghost commented 3 years ago

Ok. You should read a networking textbook I think. There is no such thing as a direct P2P connection in the way you are referring to it, there are likely hundreds of servers/networks between your devices. Try this as an experiment in a command shell;[code] traceroute google.com /codeIt maps out the path your packets (encrypted or otherwise) have to take to get to where they're intended.If I've gone overboard with a simple explanation I apologize, it seems you are understandably concerned about your data's privacy but don't understand how a network like the internet works?All the best with your endeavour in this, it'll be worth it blush On Fri, Oct 1, 2021 at 7:18 am, xbvrhlmb @.***> wrote: In regards to a traitor node, that possibility is eliminated/mitigated by the Lokinet's crypto-economics model to prevent against Sybil attacks. Owning a Service Node on Lokinet requires OXEN$15,000 staked, look it up on the oxen.io FAQ. or here: [https://arxiv.org/pdf/2002.04609.pdf] In regards to IP reveal, this whole project exists to solve the issue of identity reveal during online communication and to protect the IP address! If you want encrypted calling, use Signal. It's had that feature for years and everyone already uses it. Session was forked from Signal. Session aims at pushing the encrypted calls to the next level, being anonymous AND encrypted calls, and it's ALOT of work just to do that properly. I read the FAQ But do you really think that it's a problem for influential structures to get 15,000 coins? :) I'm even not talking about the fact that (hacker/gogovernment/other) can write a virus and capture these node (if you really want to) yes, and it's great that the session tries to remain anonymous, but it's also about the security of the conversation (after all, information leakage is also important) When I know that information is transmitted without a node, I am sure that it is purely between us. When information goes through nodes (even with encryption) I can no longer be 101% sure that this will not be read/listened to it's about audio/video calls —You are receiving this because you commented.Reply to this email directly, view it on GitHub, or unsubscribe.


it is very unprofessional to conduct a dialogue and making hasty conclusions.

I understand the internet protocol perfectly and am well aware of routing and tracing. It was about the fact that we are talking specifically about Loki's Nodes.

I understand perfectly well that it is impossible to completely enable the transfer of p2p without third-party servers, we have encryption for this.

An example of an analogy can be given by the Tox protocol

nrdxp commented 1 year ago

there is no encryption that cannot be decrypted, it is only a matter of time

sure, but if you lose the only private key you've got plenty of time.

It's a shame the conversation has stalled here, because this would be a cool feature :slightly_smiling_face:

KeeJef commented 1 year ago

Session <> Lokinet integration is getting closer, P2P comms in Session over Lokinet is something we will definitely be looking at post Lokinet integration, has as number of positive benefits, like reducing overhead on storage servers