For better privacy and security, it's possible to connect to many IRC services
using SSL. Many IRC servers are also available through Tor. SSL support is
common, but clients other than the not-very-user-friendly XChat - and maybe
GNOME XChat too, never tried - have support for connecting to IRC through Tor.
XChat will always remain necessary, as long as it has features other clients
don't have. Maybe other features are less critical (I'm not a Tor/IRC expert),
but adding Tor support will allow me and other Tor users to access IRC through
the running Tor service.
How it could work: Make it possible to add Onion addresses of Tor hidden
services when choosing a server, and connect to them if Tor is running on
Then desktop clients like Gnome's Polari can easily connect through Tor. This may apply to Jabber/XMPP too, or any service which can operate through Tor.
Does Tor have a C API that doesn't rely on LD_PRELOAD hacks like torsocks? Applying LD_PRELOAD hacks to D-Bus services is tricky.
Is there a use-case for using Tor on a system, but not using iptables redirection to funnel all non-Tor traffic through it (which would solve this system-wide)?
Since Idle uses GSocketClient, which calls into GProxyResolver plugins, one way to do this might be for someone who understands Tor (I don't!) to implement a GProxyResolver which, when placed on the search path, directs all GLib-originated TCP and DNS-over-UDP through Tor. It could probably even be a GSimpleProxyResolver subclass.
Having done that, refining that proof-of-concept to 'reduce the Tor "proxy" to low priority so it isn't used by default, and only use it for selected accounts' would be fairly easy.
That approach could also work for non-Telepathy services.
I have no idea if usage of iptables can help, I never worked with network related development. All I know is the steps done by the user when wishing to use Tor for web browsing and e-mail (i.e. defining a proxy and using SOCKS). If there's a system-wide solution which Telepathy can make use of, I'll happily file a bug in the appropriate place (e.g. GNOME's network settings manager).
If you configure a system-wide SOCKS5 proxy (which could be Tor) in GNOME 3, I think telepathy-idle will already use it?
I guess it will, but I don't want to have a single setting for everything. For example, Gnome's browser Epiphany uses this setting too, and probably other Gnome apps. But I want to be able to use IRC through Tor, and at the same time browse in Epiphany without Tor, or use Jabber without Tor.
For system-wide settings to work, they need to allow different clients to have their own settings. As far as I know, GNOME's settings let you set a single system-wide proxy for everything (unless you use a 3rd party app which ignores the settings and has its own, like Thunderbird and Firefox).
(In reply to comment #5)
> I guess it will, but I don't want to have a single setting for everything.
Ah, I see. In that case, I think this is basically the same as the SOCKS form of Bug #12376. Here is one possible implementation plan:
* add a socks5-proxy string setting to IdleProtocol
(or if the proxy to be used for Tor is predictable, it just could be a
boolean use-tor-proxy setting)
* pass that information through the IdleConnection to the IdleServerConnection
* in IdleServerConnection, use g_socket_client_set_proxy_resolver()
to point the GSocketClient to a GSimpleProxyResolver configured for
that SOCKS proxy
* adjust the UI in Empathy (actually in telepathy-account-widgets these days)
to expose that setting
That way, it'd automatically be a per-account option.
I don't think any of the Telepathy maintainers are likely to do that any time soon, but we'd welcome patches.
Another possibility would be to extend GNOME's general proxying support to allow more elaborate configuration - "use proxy A only for connections to port 6667" - but I suspect its maintainers would reject that, and with good reason.
(In reply to comment #5)
> But I want to be able to use IRC through Tor, and at the
> same time browse in Epiphany without Tor, or use Jabber without Tor.
Being a bit of a devil's advocate, because sometimes a maintainer's job is to say "no" until a better solution is found: why is it desirable to be anonymous on IRC, but not on Jabber or the web?
Tor doesn't provide end-to-end security in the same way that SSL or a VPN can: without Tor your local ISP (plus all hops from them to the destination) can read and alter your unencrypted messages, whereas with Tor, an unknown and quite possibly malicious exit node (plus all hops from them to the destination) can read and alter your unencrypted messages.
SSL gives you integrity, privacy and (if implemented well) perfect forward secrecy; SSL-over-Tor attempts to add anonymity to that (although secure anonymity is really, really hard). As far as I can see, Tor without SSL only provides anonymity, and a limited amount of that.
-- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/telepathy/telepathy-idle/issues/46.