Hacker News new | past | comments | ask | show | jobs | submit login

> Anonymity: Full Tor network support with .onion hidden services instead of ipv4 addresses

How does this track with the Tor Project's advice to avoid using BitTorrent over Tor [1]? I can imagine that a savvy project is developed with awareness of what the problems are and works around them, but I don't see it addressed.

[1] https://blog.torproject.org/blog/bittorrent-over-tor-isnt-go...




Tor Project doesn't like people pushing HD video through its relays, because that degrades performance for other users. Torrent clients are very good at saturating links.

This project is about hosting generally. But if it were used for HD video streaming, Tor Project would be just as unhappy.


The linked article refers to three ways bittorrent can deanonymise you behind Tor.

That's a privacy concern, not a load problem.


Yeah, but you can deal with that, if you know what you're doing. If you use Whonix, or roll your own Tor gateway, leaks around Tor aren't an issue. UDP is the hardest thing to deal with. I mean, with proper Tor/userland isolation, leaks don't happen. So all UDP just gets dropped. If you want UDP, you need to use OnionCat or tunnel a VPN through Tor.


> Yeah, but you can deal with that, if you know what you're doing.

I think it's fairly clear at this point that ZeroNet isn't testing to make sure that this is the case.

Their TorManager [0] is basically a wrapper around the tor executable, and runs a fairly vanilla config.

So yes, leaks or attacks via bittorrent are actually an issue here.

[0] https://github.com/HelloZeroNet/ZeroNet/blob/master/src/Tor/...


> leaks or attacks via bittorrent are actually an issue here.

Its protocol is a different one.

https://zeronet.readthedocs.io/en/latest/help_zeronet/networ...


ZeroNet doesn't use the torrent protocol for distributing file. It uses its own TCP service for that so avoids the issues of tunnelling UDP over TCP. Its use of "bittorrent" technology is limited to the protocol for mapping ZeroNet site addresses to IP/Onion addresses.


So will ZeroNet map addresses to immanent Tor onion addresses, which are much longer? That change will screw OnionCat, sadly enough.

Also, I wonder if MPTCP would play nice with ZeroNet. MPTCP works very well With OnionCat. I could create TCP streams with hundreds of subflows over all possible combinations of multiple OnionCat addresses.

https://ipfs.io/ipfs/QmUDV2KHrAgs84oUc7z9zQmZ3whx1NB6YDPv8ZR...

https://ipfs.io/ipfs/QmSp8p6d3Gxxq1mCVG85jFHMax8pSBzdAyBL2jZ...


I'm also suspicious, since they say that your blockchain address is used for authentication - couldn't colluding websites track your public key and use it to track you between websites?


Seems like that's only for publishing new content, not for merely browsing.

Though I guess unless you create a new identity for every site you want to post a comment on, your comments on one site could be proven to be posted by the same person as your comments on another site.


Presumably since they're using BIP32, they create a new address for every website you visit.


ZeroNet doesn't use the torrent protocol for distributing files. It uses its own file service that is exposed via a port to receive file requests and send files. It uses torrent trackers for mapping ZeroNet site addresses to IP or Onion addresses.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: