Support Tor-hidden homeservers

[Ekleog]

Recently, the US government asked Twitter for the real identity of one of its users, I think. This raised a question in my mind: is Matrix safer than Twitter for this use case? Will an individual holding a HS for a small group of people be more efficient than Twitter in suing a government in response, to protect his users?

Unfortunately, I don't think so, as size is required to make governments flex, would it be just to pay legal costs.

In order to better protect the users, a technical solution could be put in place to actually protect HS admins from being "blackmailed" (I don't know the actual term for a government forcing one to deliver information) into giving away information about its users. Even the users using Tor is not enough, as private messages could be reached this way, etc.

I think this calls for running some matrix servers as Tor hidden services.

The main issue we identified is that not all matrix instances run a Tor client. A potential solution is to change the protocol so that designated Tor bridges relay messages from/to the Tor network. Each matrix server would be configured to use one (or more?) such bridge(s), to get the message updates from Tor. As I don't know the details of the protocol, I don't know whether this means the server would have to trust the Tor bridge relatively to the name of the source server, but I'm not sure it matters much.

This would most likely require a protocol addition to support Tor bridges, but I'd think it's worth it, for privacy and security reasons.

What do you think about it?

[ara4n]

Agreed that being able to host Matrix homeservers as Tor hidden services would be very desirable (which would in turn force their clients to be on Tor). Some people have done this already, although I don't know the details. Leaving this bug open to gather intel on what's involved.

[rsip22]

I'm not sure if specifying Tor bridges to connect would be the way to go, but this is definitely something worth looking into.

Edit:
This might be a way to start:

• https://www.torproject.org/docs/faq.html.en#TBBSocksPort

• https://www.torproject.org/docs/faq.html.en#ServerClient

• https://www.torproject.org/docs/faq.html.en#AccessHiddenServices

[rugk]

I'm not sure if specifying Tor bridges to connect would be the way to go

No, because you should left Tor to decide what bridges it connects to.
You may just need SOCKS proxy support and can then tunnel all outgoing traffic to Tor.

For in going client traffic it needs a reverse proxy anyway, so Tor hidden services (or, Onion services, or how they call them now) would be a way to go for that. Instructions on how to

Ingoing server traffic could be problematic though, don't know how this is best done.

[richvdh]

my understanding is that synapse works fine as a tor service, though of course it will only federate with other matrix servers which have a Tor client. Extending the protocol such that matrix servers which do not have a Tor client can route to those which run as hidden services is a matter for matrix-doc; if anybody wants to propose spec changes for how it might work, please raise an MSC in matrix-doc.

[Thatoo]

I guess this related to #5152
Has any work on it ever been done?