Cybersecurity

9596 readers

42 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

WebRTC and Onion Routing Question (programming.dev)

submitted 2 months ago by xoron@programming.dev to c/cybersecurity@sh.itjust.works

2 comments fedilink hide all child comments

I wanted to investigate about onion routing when using WebRTC.

Im using PeerJS in my app. It allows peers to use any crypto-random string to connect to the peerjs-server (the connection broker). To improve NAT traversal, im using metered.ca TURN servers, which also helps to reduce IP leaking, you can use your own api key which can enable a relay-mode for a fully proxied connection.

For onion routing, i guess i need more nodes, which is tricky given in a p2p connection, messages cant be sent when the peer is offline.

I came across Trystero and it supports multiple strategies. In particular i see the default strategy is Nostr... This could be better for secure signalling, but in the end, the webrtc connection is working correctly by aiming for fewer nodes between peers - so that isnt onion routing.

SimpleX-chat seems to have something it calls 2-hop-onion-message-routing. This seems to rely on some managed SMP servers. This is different to my current architecture, but this could ba a reasonable approach.

In a WebRTC connection, would there be a benefit to onion routing?

It seems to require more infrastructure and network traffic... and can no longer be considered a P2P connection. The tradeoff might be anonymity. Maybe "anonymity" cannot be possible in a WebRTC connection.

Can the general advice here be to "use a trusted VPN"?

you are viewing a single comment's thread
view the rest of the comments

[–] planish@sh.itjust.works 3 points 2 months ago (1 children)

Can the general advice here be to “use a trusted VPN”?

Probably not, but what's the threat model here?

As I understand it, you only really need the central signaling server in webrtc for discovering the first peer, and I think you can exchange peers after that to get more peers.

I'm pretty sure you can get Tor-style onion routing over WebRTC within browsers. But you are right that given the average lifetime of a page, churn in the peer pool will be a potential problem for reliability.

[–] xoron@programming.dev 0 points 2 months ago

threat model

It's client side JavaScript. I think a webrtc connections is reasonably audited and encrypted. When using webrtc, ip addresses have to be shared. If the IP address could be hidden, it would improve "privacy" on my app.

It would be ideal if I could find a way to interface with the tor network with Client-Side JavaScript. I've come across something interesting here which id like to investigate further. https://github.com/Ayms/node-Tor