doc: reflect the current status of Tor support. #20091
Conversation
Craft a more elaborate description of what those options in regards to tor or network traffic do. Some wording is picked from laanwj review in # 19358.
|
|
||
| -onion=ip:port Set the proxy server to use for Tor onion services. You do not | ||
| need to set this if it's the same as -proxy. You can use -noonion | ||
| need to set this if it's the same as -proxy. You can use -onion=0 | ||
| to explicitly disable access to onion services. |
There was a problem hiding this comment.
why changing from -noonion here?
There was a problem hiding this comment.
hmm, i must check my logs what -noonion did in comparison to -onion=0 its probably a tautology with the same effect.or there was an edge issue i forgot. I will check.
There was a problem hiding this comment.
@gmaxwell tyi; the diff was the log line
Command-line arg: onion=false if -nonion
vs Command-line arg: onion="0" if -onion=0 .
So since we compare in code like this
if (onionArg == "0") { // Handle -noonion/-onion=0
I was wary that some compiler might not set onionArg to "0"; if
m_settings.command_line_options == false instead of "0"
I might be over cautious here?
There was a problem hiding this comment.
Arguments all uniformly support nofoo and foo=0 as being equivalent.
| to explicitly disable access to onion services. | ||
| Note: Only the -proxy option will set the proxy used for DNS requests. | ||
| With this option these will not route over Tor. | ||
| So please use -proxy if you have privacy concerns with this. |
There was a problem hiding this comment.
This seems out of place. If no proxy is set then all traffic, except traffic going to hidden services, is in the clear. This edit makes it sound otherwise.
There was a problem hiding this comment.
Its more about Tor options doc than anything else, please hint wording alternatives..
Please note we try to highlight here that -onion in contrast to -proxy sets no name proxy and also up till now the default Tor proxy that would be created in torcontrol is also a leaking ip over DNS ip4/6 calls and will probably leak the onion when seeding at first start.
The internal nameproxy to try to route all allowed traffic over Tor is only used if -proxy is defined.
edit@saibato Most might just want to get as connected as possible and might not care much, but since more and more use there full node to gain privacy, i thought we should highlight those config implications a bit more.
There was a problem hiding this comment.
I'm having a hard time following you. Onion related requests are not leaked when you set -onion.
| Onion outbound connections will be enabled when you use the -proxy | ||
| or the -onion option. | ||
| Please use -noonion or -onion=0 if you want to be sure to have no | ||
| outbound onion connections over the default proxy or your defined proxy.. | ||
|
|
There was a problem hiding this comment.
"set of general allowed network types" seems wordy and doesn't appear to add anything over the original text.
If onlynet=ipv4 still makes onion connections, that sounds like a bug to me. Is there any discussion about this?
There was a problem hiding this comment.
thx!. A bug , yup and the bug has ̶e̶v̶e̶n̶ ̶d̶e̶e̶p̶e̶r̶ onions and layers of head scratching, some fix in #19358 sarcastic hacker style ;-) review more than welcome.
There was a problem hiding this comment.
@Saibato your use of double tilde for mdash (I think that's what you mean?) makes it look like you strike out your own words, which I don't think you intended.
There was a problem hiding this comment.
I don't think you intended
;-) like it, that u noticed. 👍 was a try to high light without adjectives, while not saying even more harsh words about what happened all those years (was kind of a privacy strike through), since overall slow reaction and some disbelieve, my say it nice clock has almost reached zero
|
Even when changing documentation, please make targeted changes and motivate clearly why you make every change. Don't just change lines all over the document with a two-line PR message and the only information to "reflect the current status of Tor support". No one can follow you here. I'm closing this. |
|
@laanwj this PR was to highlight this issue itself and to have some discussion, we had that and now its clear where positions on this are and what the next steps will be, thx for review and your insight and engagement, Its not your fault, but i guess u now better prepared for the waves and deeper discussions. we all make mistakes and i guess your effort to fix them is an outstanding example how to do such things, with a wink and smile. |
This is striped from #19358 to reflect the current behavior and
implications of the Tor implementation in core.