Client should connect to federation via Tor

[elsirion]

For the e-cash system to provide the privacy guarantees it's capable of, user clients need to connect to the federation via Tor. They also need to open a new connection for each operation. This will require multiple changes:

• Connect websockets on-demand and introduce a notion of "sessions"
  • The session is opened to do one atomic operation from the user's perspective
  • The client makes all the necessary API calls that are linkable anyway
  • The session is closed
• Create a (potentially external/definitely new crate) implementation of FederationApi that uses Tor and maybe even bundles Tor (e.g. to run on Apple mobile devices)

[justinmoon]

After some initial investigation it doesn't seems jsonrpsee has any built-in support fox socks proxies, but I made an issue to ask for sure.

[jkitman]

If Arti isn't ready, will we need to run Tor as a separate process and use a Tor controller like https://github.com/teawithsand/torut ?

[justinmoon]

If Arti isn't ready, will we need to run Tor as a separate process and use a Tor controller like https://github.com/teawithsand/torut ?

That won't work on iOS because everything has to run in 1 process. For iOS we'll need something like libtor to spawn tor in our process

[elsirion]

@justinmoon the two aren't mutually exclusive. We will need libtor to start our tor daemon and something like torut to control it (e.g. create new cirucit for each operation).

[justinmoon]

it doesn't seems jsonrpsee has any built-in support fox socks proxies

Just did a little research on prior art etc:

• Here's a simple 3 year old crate the adds socks proxy to actix_web (not suggesting we change wss client)
• Tungstenite has a tracking issue for socks support
• CLI tool websocat can proxy through socks proxy
• reqwest proxy implementation. Here is the original PR that added SOCKS5 support which can give us a sense of how much work is involved ...

[elsirion]

Turns out it's actually trivial to implement SOCKS support for jsonrpsee: elsirion/jsonrpsee@8ec1b4a

I'd like to test it for our use case though before upstreaming. Local testing looks good so far though.

[maan2003]

What are opinions about using arti now that it is ready for production use (according to the developers)?

I am in favor of starting with arti and later implementing main tor client. Just because better docs will make it easier.

@elsirion

[justinmoon]

@maan2003: Does Arti implement a Tor client? Last I checked it was more focused on server side #15 (comment).

[maan2003]

Yes it does https://docs.rs/arti-client

UPD: ah, it does not supporting hidden services.

[maan2003]

Arti: missing features like on-demand circuit switching, general instability

update: circuit switching is now supported using IsolationToken

[justinmoon]

What are opinions about using arti

I think we would all prefer to use arti if possible.

[elsirion]

• We don't necessarily need hidden services at first. Right now all setups are Static IP+DNS+Let's Encrypt, that would work with arti+stream separation.
• How easy is arti to integrate with our JSONRpc library? I have a prototype for SOCKS5, that was rather straight forward. Before deciding we should build a PoC for that.

[maan2003]

arti also has hyper connector so the integration should be similar enough.

[V1C70RYG0D]

i want to contribute in this project ,
can anyone tell me what resources i should follow for this apart from the one given in SOB23 website , i am trying to cover them and building understanding of Fedimint.
Thanks !

[maan2003]

unassigning myself, because this is a SOB idea now.

[flipchan]

@justinmoon did this issue get solved? was proxy connections made possible with Jsonrpsee? I'm facing the same issue rn

[elsirion]

This issue was about server-server communication via Tor, which is no longer a priority, at least in the near future. The jsonrpsee work you are referring to is for server-client communication and wasn't investigated further, but afaik it worked. We are now focusing on using arti for that instead of an external Tor daemon via SOCKS though, see #2610.