While adding tor support I noticed that my pub would accept and start replicating with non-tor servers. While this is fine in some cases, in others this could be really bad. I was thinking of a way to implement this so that it can be configured. I se...
%X8x24yrm8XGuuiPJpoHPPbFLjM8sPaHYWF2ocZfqMMI=.sha256While adding tor support I noticed that my pub would accept and start replicating with non-tor servers. While this is fine in some cases, in others this could be really bad. I was thinking of a way to implement this so that it can be configured. I see that ferment can be made to run its own app server that has special rules for replication. I'm not sure if this should be part of a replicate rewrite that Dominic has been talking about or not.
one way, would be to make the tor multiserver connection also intercept the other protocols (net, at least, and just reject websockets?) I think that would work
That would be one way. Would you accept such a patch?
I was just thinking of something more general, but thinking more about it I think we are over in the whole group concept thing. We should be careful with a false sense of security.
@arj sure, it should be a config option.
can you elaborate on "we are over in the whole group concept thing. We should be careful with a false sense of security."?
Cool! I'll work on that.
What I mean is in a gossping network you shouldn't let replication settings decide who can see what. Its very easy to fuck up. You need stronger guarantees such as encrypted messages. You know starting up a network and having all nodes running with this tor only setting, but then someone forgets to set the flag and all of the sudden the messages are everywhere :toilet:
Yes, absolutely! This would just be a feature to allow tor users to maintain the anonymity that tor provides.
@Dominic @arj Yes, it is not a matter of "closed user groups". I may only want to communicate with other network users over fc00 or tor (or even just specific network interfaces on a multi-homed system) for my own safety/security/sanity. Such options should be available.
I've been meaning to dig into the gossip side of things more. I'm interested in having an --offline flag for times when I want to interact with my feed, but not have it propogate (using a flimsy data plan).
@Dominic I finally got around to this.
I pushed a branch (offline-mode) to scuttlebot (via git-ssb). It was a super easy fix.
@ansuz can you make a pr?
I was about to, but I wasn't sure which branch to compare against.
master
one thing is that there's still a TODO translate. I'm not sure what the policy is regarding translation of commandline stuff.
Couldn't find secret-stack on git-ssb so has to use github https://github.com/ssbc/secret-stack/pull/12. Anyway, it was really easy after all. Only problem is telling people that it exists :)
Built with git-ssb-web