-
Notifications
You must be signed in to change notification settings - Fork 564
Tor hidden service #48
Comments
will do |
@poma @pertsev can any of you guys do something? It's a big problem. It's impossible to use tornado through tor right now because of gas oracles. Both EGS and gas-oracle URLs hit cloudflare, which requests captcha for tor users. Even worse: after submitting captcha, the URLs would still be unavailable, perhaps because state of the captcha submission is not saved to cookies or something. After gas oracles fail, it's not possible to withdraw funds. The relays keep responding with "fee too low". Ability to disable gas oracles and set gas price manually would do the trick. |
@paulmillr, for now, you can use "New Tor Circuit for this site" option to change the exit node. Most of them work well. |
@pertsev using new tor circuit doesn't solve the issue. Note that i'm not using Tor browser - it cannot guarantee security on Whonix/Qubes level. The issue is reproducible 100% of the time. |
If you need security on such level, I would recommend ditching UI and using a command line client from this repo. This way you will have a full control on what is happening behind the scenes. For best opsec you don't even want to query gas price oracles and relayers online status which UI does by default. |
Thanks, I was not aware of this. Perhaps you should add url to CLI somewhere on the website for those who are in similar position. |
It is somewhat poorly documented at the moment, we will be comfortable with adding links to it after it gets some polish |
Tornado.cash is now available at tornado6e6p6rkgw.onion but it still sends requests to gas price oracles and rpc outside tor so its usefulness is limited |
@poma thank you for the hidden service! To follow security best practices, do you think you could switch to Tor hidden service version 3? And would it be possible that, only for the onion site, the Tornado server fetches current gas prices and relayer offers and passes it on to the user, so that there are no clearnet requests? |
Even better, we can fetch gas prices through eth node via chainlink, and relayers can also have .onion endpoints. And by the way, you can specify your own preferred eth node. So it's possible to bring it down to zero cleaner requests in a decentralized way without any tornado servers. |
We will look into v3 but most likely yes |
if yall could just fetch the gas prices from onchain data or enable an input for gwei that would be great. rn can't use it because the gas price is too low and gets rejected by all relayers. |
Could you deploy a Tor hidden service (preferably version 3) so that Tornado is reachable via an onion address? This would make the transfer layer less prone to surveillance and through that increase the quality of the anonymity sets.
The text was updated successfully, but these errors were encountered: