[tor-dev] Hacks to reduce Tor's initial download on slow Internet, sacrificing privacy?

Mike Perry mikeperry at torproject.org
Mon May 8 20:55:55 UTC 2023 


On 5/3/23 17:24, Holmes Wilson wrote:
> Hi everyone,
> 
> Is there a way right now to get Tor hidden service functionality 
> (hosting a hidden service, connecting to hidden services) on a 
> connection where the Internet is so slow and unreliable that the initial 
> download of network information currently takes ~forever, provided one 
> is willing to sacrifice metadata protection?
> 
> Is there a way to download, say, 100x less network information on 
> startup and still effectively host and connect to hidden services? Or is 
> there a way to hardcode network information with the client, since that 
> can be installed before going into the slow Internet zone, from a CDN 
> that is less impacted, or from a source on the local network? (I read 
> that this is how Tor worked in the past?)
> 
> The context is the following:
> 
> I have a p2p messaging app that uses Tor and hidden services (Quiet) in 
> a way similar to Ricochet or Onionshare. I'm going to a conference where 
> last year the Internet was so slow that Tor's initial download of 
> network information took too long and kept timing out, rendering Quiet 
> unusable. The Internet was, however, fairly reliable and usable for e.g. 
> web browsing and messaging. I'd like to be able to use Quiet at this 
> conference. It would be used purely as a demo for a few days, and we 
> could warn everyone that our use of Tor did not offer its typical 
> security properties. (Then in future years we might support p2p 
> connectivity over local wifi, like Briar does!)
> 
> My understanding is that the network information download step is to 
> protect users against epistemic attacks. My intuition is that for 
> situations where this doesn't matter there is some way to use Tor with a 
> small subset of the network information and that the initial download 
> could be skipped.
> 
> Is this true? What's the best way to do it in the Tor client we ship?

If you include a Tor data directory with a fresh set of the cached 
microdesc consensus and microdesc descriptor documents in your app 
distribution, and *also* hack REASONABLY_LIVE_TIME in 
src/feature/nodelist/networkstatus.c to be as long as you expect that 
release to be published, I think this gets you what you want.

The default is 24 hours, which means that clients will accept these 
cached documents for up to 24 hours as valid, before blocking everything 
to download a new one.

So you can hack this value to be much higher (at the cost of increased 
risk to clients from being fed a stale consensus continually), and 
refresh your download files to include new documents, once per time window.

I think this will work, but I would not be surprised if you hit a few 
other "safety" checks that are elsewhere in the codebase, other than 
that #define, that you also have to change.

> (I'm familiar with the Walking Onions paper, but looking for something 
> that is ready now. There isn't already an implementation of Walking 
> Onions, is there?)

No. Also arti-relay impl will mean fewer relays in the consensus, 
because of multicore support. It will also probably mean better 
consensus diff support. But that isn't done either.


-- 
Mike Perry

More information about the tor-dev mailing list