question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Use the tor network as transport network - for hole punching and protecting privacy

See original GitHub issue

“Welcome. LBRY takes privacy and choice seriously.”

This is the very first message that is shown when LBRY is first installed.

Privacy is hard to do right. A single bug or design flaw and your program leaks private data.

I would love if LBRY protected privacy so well, that even Burmese democracy activists could use this for activism without fear.

In Burma there is one ISP. And we can assume this ISP also has the resources to setup thousands of LBRY accounts and download every single LBRY video.

If this ISP with reasonable confidence can see which movie the activists are watching, it can mean prison time for the activists.

Does LBRY leak private data?

A simple ngrep will show that searches and requesting videos is sent in clear text:

T 192.168.1.33:36162 -> 51.89.41.46:50001 [AP] #454
  {"jsonrpc": "2.0", "method": "blockchain.claimtrie.resolve", "id": 108, "params": ["lbry://@PROSA"]}.                                           

T 192.168.1.33:36162 -> 51.89.41.46:50001 [AP] #9430
  {"jsonrpc": "2.0", "method": "blockchain.claimtrie.resolve", "id": 117, "params": ["lbry://@PROSA#c/Vacciner-dit-viftekort#3"]}.                

This is bad, because that can be seen by the ISP.

ngrep also reveals which blobs the activist requests:

T 192.168.1.33:45450 -> 51.210.220.149:5567 [AP] #95
  {"requested_blobs": ["77416e376ab458b77e5d9db01634ecb647c8ad6d20abc8f4a00abe196905fd15b0aef1447b388c9144cea0a4a9890a9a"], "lbrycrd_address": true, "blob_data_payment_rate": 0.0, "requested_blob": "77416e376ab458b77e5d9db01634ecb647c8ad6d20abc8f4a00abe196905fd15b0aef1447b388c9144cea0a4a9890a9a"}

If an attacker has downloaded all videos, he will also have a blob file called: 77416e376ab458b77e5d9db01634ecb647c8ad6d20abc8f4a00abe196905fd15b0aef1447b388c9144cea0a4a9890a9a and he will know which video it came from. Even if the content of the blob is encrypted.

This is bad, because we can assume the ISP has the resources to download all videos and record their blobfile names. Thus the ISP can identify which video the activist is watching.

Even if the whole transport is encrypted, the sender would be able to see which blob (and thus which video) a given IP-address requests. If the ISP had all blobs for all videos and many accounts, chances are the activists will request at least one blob from the ISP.

This is bad because the ISP knows who is using the IP-address.

On top of this the ISP can throttle access to LBRY nodes outside Burma and thus increase the chances of one of their accounts being used as blob supplier.

So it is pretty clear that LBRY is leaking private data.

Tor

Tor is best known for Tor-browser. This makes it possible to access web pages that are censored in your home country. It also makes it hard for your ISP to see what you are doing.

Tor bandwidth

You may have experienced Tor-browser as slow. This is mostly due to the final hop, where your traffic is sent through an exit node. There are few of these and they are often overloaded.

But if your tor traffic never leaves the tor network, there is plenty of bandwidth.

Use Tor Hidden Services

Two tor nodes can contact each other using Hidden Services. This traffic stays in the tor network and never touches an exit node.

Data from the sender is bounced around 3 times before hitting a rendevous point, after which data is bounced around 3 more times before reaching the receiver.This sounds slow, but in practice I experience a lag of around 500 ms: It is perfectly acceptable for running SSH through. By using multiple connections (e.g. by downloading multiple blobs in parallel) a throughput of 10 Mbps is no problem.

Setting up a hidden service is not hard: It is literally 2 lines in a config file. E.g. for ssh:

HiddenServiceDir /home/tor/hidden_service/
HiddenServicePort 22 127.0.0.1:22

Instead of accessing hosts like 12.189.124.107 LBRY will accessing hosts like imuqkh75wp2chf5av5esqyyzgdmn4in763vs7ilu2rikbcek6e7qfsqd.onion

No need to deal with hole punching

Another great feature of Tor Hidden Services is that you do not need to deal with port forwarding and hole punching. There is no problem in having multiple machines behind the same NAT wall, and two machines behind NAT walls can access each other.

If your ISP does not block access to Tor, you can be part of the network. And Tor excels in getting around ISPs that try to block Tor.

Distributing Tor with LBRY

Tor is free software, so you are allowed to distribute Tor along with LBRY. So there is no need for LBRY users also having to set up Tor.

Summary

Using the tor networks as transport for LBRY solves several problems:

  • It makes it harder to leak private data onto the physical network.
  • It makes it harder to see who is using LBRY.
  • It solves the hole punching problem.

On top of this you will be helping Tor: Tor is only safe to use if there are legitimate uses for Tor. If the only ones using Tor in Burma are democracy activists, it makes it easier for the government to identify those. But if millions of Burmese use it, then using Tor in itself will not raise a red flag. And it will be harder for Burmese government to shut down tor, because many users will complain. Just like the Burmese government cannot shut down the internet without causing massive problems for the legitimate internet use.

I hope LBRY will consider using Tor as the transport network.

Issue Analytics

  • State:open
  • Created 3 years ago
  • Reactions:9
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

5reactions
kauffjcommented, Mar 16, 2021

I’m re-opening this because I think there are valid improvements outside the scope of already filed tickets. This should probably be processed by @lyoshenka or @eukreign.

1reaction
ole-tangecommented, Dec 5, 2021

What I would sugest is using I2P network instead of Tor.

I2P would also be an option.

Personally, though, I find the bullet list (“Benefits of Tor over I2P” on https://geti2p.net/en/comparison/tor) would weigh in favor of Tor: e.g. “Has already solved some scaling issues I2P has yet to address”. And in general: Tor has a proven track record, which will likely lead to fewer surprises.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Tor security: Everything you need to know about ... - PortSwigger
Tor facilitates anonymized browsing by allowing traffic to pass onto or through the network through nodes that only know the immediately ...
Read more >
Securing web browsing: protecting the Tor network
The system works by connecting a user to the intended website over a sequence of encrypted connections through computers that sign up to ......
Read more >
An Empirical Study of the I2P Anonymity Network and its ...
ABSTRACT. Tor and I2P are well-known anonymity networks used by many individuals to protect their online privacy and anonymity. Tor's.
Read more >
Bitcoin Marketplace OpenBazaar Unveils Several Additions in ...
The transport layer was selected to allow UDP hole punching to provide ... OpenBazaar will integrate network-level privacy using Tor.
Read more >
How to detect if employees are using Tor?
Tor has bridges, which are relays that don't advertise as being on the Tor network, and thus might not show up on the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found