From glennon224 at gmail.com Sun Feb 10 21:40:27 2019 From: glennon224 at gmail.com (Dara Glennon) Date: Sun, 10 Feb 2019 21:40:27 +0000 Subject: [Tox Support] Does the tox protocol send the real external ip address Message-ID: Does the tox protocol send the real external ip address over the network even if the data is tunneled over tor. This can be an anonymization issue such as with bittorrent, the real external IP is sent over tor over the p2p protocol. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From adam at dc949.org Sun Feb 10 22:56:58 2019 From: adam at dc949.org (=?UTF-8?B?4pijQWRhbQ==?=) Date: Sun, 10 Feb 2019 16:56:58 -0600 Subject: [Tox Support] Does the tox protocol send the real external ip address In-Reply-To: References: Message-ID: <058fbfdc-4f9d-d28c-bdb7-6ef34bea5697@dc949.org> As far as I can tell the answer is "it's complicated", but I believe the answer is "no". Tox doesn't appear to use Tor by default, but it will use Tor if you use the SOCKS5 proxy. I'd encourage you to look into the links below to really understand how the system works so you can be confident that it actually meets your goals. The problem of peer finding is an interesting one in distributed chat systems which intend to conceal metadata. The way Tox does this is described here: https://github.com/TokTok/c-toxcore/blob/master/docs/Prevent_Tracking.txt The document never defines DHT, but it stands for Distributed Hash Table, which is an algorithm many different networks use to publish data in order for two nodes to find each other. Based on those documents, it looks like Tox does not force people to use Tor, but instead its own onion routing. Line 39 from the document linked above states that Bob is creating an onion, however Bob finds a bunch of random nodes prior to that. This doesn't seem to be a privacy concern because all an observer can tell is that a specific IP is using the Tox network. The observer doesn't necessarily know who that person is (as identified by their public key). In other words, there's no way to prove that the person using Tox from that IP is Person X. Whether or not this is an acceptable level of anonymization or not is subjective, but at the end of the day the sender's computer has to send packets if it wants to communicate, so most people consider the ability to link a specific communication to a identity (username, first/last name, long term cryptographic key, etc.) a problem. It is possible to use Tox over Tor via the SOCKS5 proxy option. See: https://github.com/TokTok/c-toxcore/issues/475 Another thing which may be of interest to you is that it is possible to find peers on the same LAN as you, in which case the packets will not go over Tor (but nor will the go over the Internet). This is not "the real external ip address", so it doesn't directly apply to your question, but it's something I thought you may want to be aware of. My guess is that this code is not used if you're going through a SOCKS5 proxy, but I haven't confirmed that myself. If you want to see the code which sends out messages to the broadcast address on the LAN, it's here: https://github.com/TokTok/c-toxcore/blob/master/toxcore/LAN_discovery.c#L229 On 2/10/19 3:40 PM, Dara Glennon wrote: > Does the tox protocol send the real external ip address over the network > even if the data is tunneled over tor. This can be an anonymization > issue such as with bittorrent, the real external IP is sent over tor > over the p2p protocol.  > Thanks > > _______________________________________________ > Support mailing list > Support at lists.tox.chat > https://lists.tox.chat/listinfo/support >