We cannot rely on Tor if this environment turns more adversarial. Feels like a major weak point.

My biggest concern is the sovereign onion only lightning network which currently relies on reliable Tor uptime otherwise funds are at risk.

@mattodell what are the pitfalls of tor, and what is the alternative?

@skankhunt42 @mattodell

centralized authority nodes, if some are taken out by ddos and the authority nodes don’t reach consensus 3 times in a row, the network is affected

@jon @skankhunt42 @mattodell I wonder if adding fidelity bonds to authority nodes to increase their number and, eventually, LN payments to relay nodes to incentivize them to route traffic, could help scaling the Tor network

@gugou_daktulios @jon @skankhunt42 feels like part of the solution, question is actual implementation

@jon @mattodell reckon a new internet 2.0 can be built on top of LN?

@mattodell I heard about Locha Mesh - is this still a thing? Some mesh network that does not need Internet?

@mattodell It doesn't need reliable Tor uptime. Just a bit of uptime once every 2 weeks should be enough...

@mattodell @shinobimonkey @kekcoin don’t watchtowers just watch the chain? Then maybe still clearnet (or Tor v2 addresses) but via bitcoin network

@mattodell @kekcoin No they wouldn't. Nodes don't have to pick one or the other, and as long as it has your last channel state you're fine.

@mattodell @kekcoin It can connect to Tor to get updates, and clearnet to watch chain and respond. Tor going down would not affect its ability to safeguard users.

@shinobimonkey @mattodell @kekcoin But that would either not help with punishing cheating or create e deanonymization attack vector. You still need to transmit the punishment transaction somehow.

@sebx2a @shinobimonkey @mattodell Why? The watchtower can be accessible over Tor or plain net. It can watch the blockchain for you and punish cheating over plainnet when Tor is down, you can make new txes and tell watchtwoer about it over Tor when it's up.

@kekcoin @shinobimonkey @mattodell You are right, I got confused in the thread. With watchtowers that's not a problem, I assumed only lightning over Tor but incoming bitcoind traffic via cleanser.

@mattodell You would have to switch to IP, breaking your privacy.

@j12d exactly, thats not ideal, especially in an environment that turns even more adversarial

@mattodell you know, I’m not so sure. My tor only node was sending and receiving funds throughout the day yesterday during the periods it was reported down. I’d have to double check the logs but I didn’t see any issues. Pretty sure it’s V3.

@cycryptr I didn't lose any funds and have multiple Tor v3 only lightning nodes but the concern stands. The threat model relies on Tor reliability and I don't think that's a reasonable assumption if you have a decent amount of coin on your nodes.

@mattodell For sure, I totally get that. I'm just questioning why my node seemed to be okay during the V3 downtime. Maybe once the peers are connected, it's okay? Idk.

@cycryptr @mattodell I have 2 v3 onion nodes that also continued to route through the downtime. Of course, I couldn't get to RTL 😑

@spencerdupre @mattodell Just confirmed with Alex from LL. The tor issue seems to be a connection issue but if you're already connected, no problem. @yegorpetrov said his new channel is having issues. So I think it makes sense.

So funds safu in this case, just don't get knocked offline.

@cycryptr @mattodell @yegorpetrov Makes sense. To make an onion site, you must have a rendezvous point. To have a rendezvous point, you must be able to look it up in the directory. The directories were DDOSed. So if you already had connections you were good.

@mattodell I'm assuming we can't set our nodes without TOR, but run them over a VPN instead?

@AgentHODL @mattodell vpn is fine but requires a trusted party and also has networking setup overhead and can cause remote access difficulty

@AgentHODL @mattodell
You have to trust the VPN provider not to spy on your traffic. With Tor, there are middle hops that hide the destination from the guard node (the node you connect from) and the origin form the exit node (the node where your connection goes to the onion service or the clearnet website).

@gugou_daktulios @AgentHODL If environment turns more adversarial then I assume major hosted VPNs will get squeezed pretty early on.

@AndrewRyan @mattodell @gugou_daktulios @AgentHODL
Self hosted VPN's in reputable datacenters. Node has static route through the VPN. We could also start our own hosted VPN services

@hellstew @AndrewRyan @mattodell @AgentHODL the reputable datacenter can still snoop on your traffic and link it to your IP address. Tor is really unreplaceable right now

@mattodell I think it would be better to improve /pour resources into Tor development than to replace it entirely. We need an anonymity set as large as possible to protect privacy... already Tor network users are so few that in some countries Tor user (which cannot be easily hidden from the ISP) very likely implies a Bitcoin user

@mattodell Tor is super flakey the past two days. This is really concerning.

@mattodell I'd like to see more research/development into I2P.

@mattodell Yes, I also don't like any single point of failures. And Tor network itself can be a single point of failure. That's why I was testing I2P IRC (Irc2P) some time ago for JoinMarket as an alternative. There was some problems, and there was other priorities at the time, so didn't end in a PR, hope to get back to that at some point.

Sign in to participate in the conversation
Bitcoin Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!