Tox over Tor

ToxAndTorInChinaAndIran.md

@@ -5,10 +5,10 @@ From: https://github.com/TokTok/c-toxcore/issues/419
 I don't think indistinguishable message bytes and sizes are going to
 make any difference when they are sent over a network of so few bootstrap nodes.
 And anyone operating in a hostile environment is probably already
-running Tox over Tor, which works well.
+running Tox over [Tor](https://www.torproject.org/download), which works well.
 
-Did the reports of blocking in China include blocking over Tor? Tor
+Did the reports of blocking in China include blocking over Tor?
-itself has implemented pluggable transport mechanisms that are
+Tor itself has implemented pluggable transport mechanisms that are
 continuously being improved, and these include ways to make the
 traffic look like another protocol like HTTP or whatever:
 <https://snowflake.torproject.org/> 
@@ -23,7 +23,8 @@ to encourage bootstrap node operators to also run a Tor client to serve
 the BS node over Onionv3. This is the only way I can see dealing with the
 fact that Tox is a network of so few bootstrap nodes. If the Tox nodebase was
 improved to serve BS nodes, and OnionV3 relays, it would be much more resilient.
-I'm assuming the adversaries cannot block .onion addresses within Tor.
+I'm assuming the adversaries cannot block .onion addresses within Tor,
+which I think is a valid assumption.
 
 There is a way of configuring a Tor client to uniquely assign a
 life-of-the-tor-instance IPv4 address from a predefined private range
@@ -31,12 +32,12 @@ life-of-the-tor-instance IPv4 address from a predefined private range
 ```AutomapHostsOnResolve 1```.  So Tox could use OnionV3 BS nodes in a
 properly configured Tor with just some properly configured BS hosts lists
 (if enough BS nodes provided OnionV3 addresses). Then we could leave
-the heavy lifting of the cat-and-mouse games of pluggable transports etc.
+the heavy lifting of the
-to Tor (or i2p), and not try to chase them ourselves.
+[cat-and-mouse games](https://github.com/guardianproject/orbot/issues/742)
+of pluggable transports etc. to Tor, and not try to chase them ourselves.
 
-If you have such a list of onion addresses, the Tor user, who is running
+If you have such a list of onion addresses, the Tor user, who is running a Tor
-a Tor instance anyway to connect with the Tox client, adds this to the
+instance anyway to connect with the Tox client, adds this to the ```/etc/tor/torrc```
-```/etc/tor/torrc```
 ```
 VirtualAddrNetworkIPv4 172.16.0.0/12
 AutomapHostsOnResolve 1
@@ -48,18 +49,31 @@ does this and puts these addresses into his ```DHTnodes.json``` and boostraps hi
 Tox client over Tor Onions. This works with libtoxcore is it is today, as long as
 your client doesn't suffer from the dreaded deranged-hard-coded-bs syndrome.
 
-These steps would be automated by a simple bash or Python script,
+These steps would be automated by a simple bash or Python script, perhaps a
-perhaps a Python script wrapped into an exe for Windows. These addresses are
+Python script wrapped into an exe for Windows/Android. These addresses are
-good for life of the Tor instance, and the script would need rerunning when Tor
+good for life of the Tor instance, and the script would need rerunning
-is restarted. You can also get the IPv4 address of each Onion BS node,
+when Tor is restarted. You can also get the IPv4 address of each Onion BS node,
-(for-life-of-the-tor-instance which is usually long enough)
+(for-life-of-the-tor-instance which is usually long enough) in
-in Python using the Tor stem library.
+Python using the Tor stem library.
+
+The best thing we can do is to make these instructions available with
+Tox downloads, and to ensure that all distributions of Tox come with
+```tor-resolve``` on all platforms. I doubt it comes with
+[Orbot on Android](https://github.com/guardianproject/orbot/releases)
+and I doubt it comes with [Tor](https://www.torproject.org/download/) or
+[Torbrowser on Windows](https://www.torproject.org/download/).
+We could ask the maintainers of
+[TRIfA](https://f-droid.org/en/packages/com.zoffcc.applications.trifa/) and
+[aTOX](https://f-droid.org/en/packages/ltd.evilcorp.atox) to include
+it in their distributions, and it would be simple for us to compile a version
+of ```tor-resolve``` for our packages to make sure it is available to our users.
+It's a static utility that rarely changes.
 
 I've tried this but it's currently impossible to test as there is no equivalent
 to the ```other/fun/bootstrap_node_info.py``` script for TCP connections.
 For UDP you can send a packet of len 78 with the magic first bytes and get a
-version and MOTD reply. Not so for TCP (
+version and MOTD reply. Not so for TCP (in fact if you do send such a packet
-in fact if you do send such a packet to the TCP it send the BS node into an
+to the TCP it send the BS node into an
 [infinite loop for which it neverrecovers](https://github.com/TokTok/c-toxcore/issues/2332)).
 So we need a simple fix to the TCP_server code to at least look for a
 special packet like this and be nice and send a simple nice reply like
@@ -75,3 +89,4 @@ how much resiliance we need. s/China/Iran/Syria/Russia/GDR
 * https://www.lifesitenews.com/news/biden-executive-order-allows-spying-on-americans-to-assess-political-instability-climate-threats/
 
 Up: [[DDosSmallNumberOfBSNodes]]
+

ToxNetworkResilience.md

@@ -32,7 +32,7 @@ configuration:
 # Tox hidden service configuration.
 HiddenServiceDir /var/lib/tor/tox-hsv3/
 HiddenServicePort 3389 127.0.0.1:3389
-HiddenServicePort 3389 127.0.0.1:33446
+HiddenServicePort 33446 127.0.0.1:33446
 ```
 assuming your Tor lib directory os ```/var/lib/tor```. In that subdirectory
 you will find a file named ```hostname``` which is the ```.onion``` name