Share key via QR code.

[laosb]

The weakest part of inviting somebody onboard is sharing the key. People tends to share the key via some unencrypted IM or even SMS, which means censors may directly get the key, causing attacks.

I’m suggesting adding QR code sharing, which is perfect for face-to-face sharing, fast, easy and secure.

[jab]

QR codes have usability downsides too, e.g. they're not human read-/writeable. But for secure face-to-face sharing, it's not necessary to introduce a whole new encoding format, only to expose the system sharing UI for the link. On iOS and macOS for example, you can long-press (or right-click) on any link until the context menu appears, choose "Share...", and then choose your nearby friend when they show up as an Airdrop recipient as long as they're within p2p Bluetooth or p2p WiFi range (no need to be connected to the same (or any) WiFi network). According to https://en.wikipedia.org/wiki/AirDrop#Security_and_privacy Airdrop is end-to-end encrypted. Not sure Android has something quite equivalent (it looks like Nearby sharing is not encrypted?) but things like Signal disappearing messages – also available from the system sharing UI if Signal is installed – also provide a good alternative. So perhaps just some UI tweaks could address the issue at root here of "facilitate secure face-to-face sharing".

[what-name]

I agree with laosb. If I want to give a key to a friend, he/she has to get it through a service that usually cannot be trusted and since there is no password required once one has a key, I don't really like doing it.
2. Outline uses Amazon servers to share keys. These servers are NOT reachable from China w/o VPN. QR code would be a great solution.

[4044ever]

I agree with laosb, there should be QR code option.

@krrisztian
Last time I tested in China the key site could be accessed from China without VPN. Will test again in a few days. Seems still unblocked:

https://www.greatfirewallofchina.org/index.php?siteurl=https%3A%2F%2Fs3.amazonaws.com

[jab]

@4044ever Glad to hear that the Amazon S3 invite page was unblocked for you in China!

I'm sure the team is aware that the invite page may not always be accessible to all users in China, has discussed alternatives, and will continue to consider additional options.

That being said, why is sending a QR code (of a SIP002 URI) over an untrusted channel any safer than just copy/pasting the URI? QR encoding provides no secrecy. A capable adversary must be assumed to be able to read the contents of a QR code sent over an untrusted channel just as readily as they could read the URI encoded in it.

Given that, the URI seems strictly superior, because:

1. It can be copy/pasted anywhere with a text input.
2. You can therefore move it between apps on the same device much more easily. e.g. You can copy a URI that a friend sent you in a Signal message, then switch over to Outline, where it detects the URI on the clipboard and lets you add the server automatically. By contrast, to add a server on your phone via QR code, you need a second device displaying the QR code so you can scan it with your phone.
3. Desktop OSes – as well as iOS before the latest version – do not have a QR code reader built-in. So these users now have another app to install. And it's still always going to be awkward on desktop.
4. QR codes are not human readable. In the case that you would recognize the IP and port in the URI or even the base64 payload and could therefore tell differing ones apart, you would lose all recognizability once encoded as a QR code.
5. In the case that the Outline client is installed already, it registers itself as the default handler for ss:// links. So the user can just click an ss:// link to open it in Outline and add the server automatically. By contrast, if the user scans a QR code with an arbitrary QR code reader (rather than one built into Outline), there's no guarantee it will open in Outline even if Outline is already installed.

So I think a better plan is to give the server admin user an escape hatch in the UI like the following. This addresses the "can't access S3" problem without giving up so many of the benefits of the existing interaction design. Imagine the below in a textbox the admin user could edit if desired, change the language it's translated into, and then copy/paste to their invitees:

Sharing with someone who can't access this Amazon page?
Copy/paste the following message to them instead:

You are invited to use my Outline server to get access to the open internet!

Follow these instructions to download the Outline app for your platform:
    https://github.com/Jigsaw-Code/outline-invite#instructions-zh

And here is the access code you'll need to add my server (as the instructions above explain):
    ss://YWVzLT01234nY206dGVzdA==@192.168.100.1:8888

Note the use of a GitHub project README for the fallback instructions page. On GitHub the experience is worse because you can't do dynamic stuff (like detect the user's platform and language, and display the corresponding translations and download link). But GitHub is more painful to block than S3 and has remained unblocked in China, so it's a better backup to share with someone who can't access S3.

Let's also remember that the concepts of the access code and the instructions page are separate (though related), rather than conflating them. In other words, "just use a QR code" is not a solution to the problem that the S3 page solves. Neither QR codes nor access code links provide download and installation instructions in the user's language. But the GitHub page-based backup flow above does.

[laosb]

The Qr code proposal is mainly for offline exchanging. You can’t use signal or most other encrypted IM in China. In most conditions we try to pass the key offline (almost the only secure way to exchange in China). You don’t want to save a file and transfer through Bluetooth, or even by typing a hash manually.

[jab]

@laosb As mentioned it looks like Airdrop is end-to-end encrypted (so still secure even if it's over Bluetooth). And plenty of high-quality free software OCR libraries (not to mention cloud services) have been around for long enough that there must be some app where you can point your camera at a URL to scan it with as much ease as you can scan a QR code. If Outline really needed some kind of scanning functionality built in, would you agree that URL scanning would satisfy the requirements you've proposed?

[laosb]

Fine but not worth doing this for just configuring Outline. I will just create a fork then. Thanks for what you’ve done.

[trevj]

@laosb Many thanks for using Outline and for the feedback. I can't say when or if it will happen but we haven't ruled out QR codes as a sharing mechanism - I can see them coming in useful in several situations.

[iShift]

@trevj also if you can support QR codes - connecting on iOS can be mush easily - iOS read QR from Camera app and you can open link (from qr) getoutline.com/connect/hash with same content as now on amazon. but (!) if user have app on they iPhone - that link opens in app, not in browser => if some country block your site but user have app - all can happen.

[trevj]

Related:
#83

[what-name]

I recently discovered that when you set up a new server and get presented the Invitation link in that window, you can actually scroll down (Manager v1.2.2) and it will tell you the "raw" access code too. Still not the easiest as I would not want to share my access codes on WeChat (China) but better than nothing.

[what-name]

last comment is still valid. Outline Manager shows directly the ss:// link. Can copy&paste it to send to end user/friend. You can delete the ss:// part and send it through WeChat without an issue.

QR Code would be great but imo too much work for too small of a use case now.
Consider issue closed?