This release brings a new version of Retroshare optionally bundled with Tor, some security improvements, many GUI fixes, and an experimental Android version.
Tor-Only package
Since version 0.6.0, Retroshare is able to run over the Tor network, using a Tor hidden service to create a so-called “Hidden node” which IP is not visible even to friends of this node. The configuration of a hidden node however was not very easy, especially on windows. With version 0.6.4, we release a special version of Retroshare which bundles Tor and configures it automatically. As a result, creating a hidden node is now one click away.
How does it work? At start, RS launches Tor using a QProcess, and uses the socket-based control system of Tor to configure a hidden service. Then it configures itself to use that hidden service. To do this, we borrowed some code from the Ricochet project. After you created your node, Retro-Tor will temporarily display a status window. When the bootstrap reaches 100%, you’re good to go:
Running Retroshare over Tor has a number of definite advantages: it does not require firewall management (Tor does it for you); you do not need a DHT to find your friends (Tor does it for you), and whatever code is tied to ensuring security of your IP information is not needed anymore. We thus removed IP filters.
We envision multiple use cases where this special “retro-tor” combination would be very useful. To list a few:
while Retroshare would normally require that you only create connections to some trusted friends, Retro-Tor allows you to safely connect to strangers, who cannot know your real identity (meaning your IP address and physical location) when they connect to you. Retro-Tor therefore allows you to easily test Retroshare by exchanging certificates with stangers from the internet in a way that is perfectly safe. If you’re happy with the software, you may turn to the “classical” Retroshare to create a network with trusted friends.
your work or activity requires you to securely and very privately contact trusted persons, while being able to send large files, forum posts, or have a multi-party discussion? Then Retro-Tor is a valuable option.
you want to anonymously share information/data (i.e. without ever revealing your identity and physical location to anyone)? Then create a hidden node with Retro-Tor and exchange certificates with interested people.
In the future, depending on the feedback we receive, we may unify the Tor only and vanilla Retroshare versions into a single package that will optionally run its own Tor. This will allow users to easily connect to hidden nodes and bridge between the two networks.
It is important to note that connections over Tor may take a little while to find their way, especially the first time. But they eventually always do if your friends are indeed online. Also, in this version, Retroshare will only start after Tor manages to bootstrap correctly.
Retro-Tor is available as an AppImage on linux, a zipped archive on windows, and a DMG archive on MacOS. It can also be compiled from the master branch using “CONFIG+=retrotor”, but the packages do not need you to install Tor as the executable is also in the packages. In is referred to in the download page as “Tor Only” version. Retroshare+Tor represent a significantly powerful tool that raises anonymity to a total new level. Use is responsively!
Experimental Android build
For the first time we offer a very experimental version of Retroshare on Android. This version only allows to connect to other peers and distant-chat your friends. This however constitutes a major step toward a more complete Android version since a lot of work was done to get our code base to compile and properly run on smartphones, and to create a Qml UI for it.
Security
We reviewed the security of the signed TLS handshake and made the following improvements:
the signature of certificates used to require a double hash. While not a security problem per se, this was an unfortunate design choice.
PGP signatures are now only possible in SHA1, SHA256 and SHA512 format. Certificates signed with another hash algorithm will be rejected.
SSL ids are now computed using a secure hash function. While not a critical security problem (since signatures are always checked), the previous method to produce SSL ids was not coming with a theoretical guaranty of how difficult it was to create a node/location pair that had the same SSL id than an existing node.
In order to make all these changes backward compatible, we adopt 2, and ship the code to handle 1+3 in version 0.6.4. In the next version, we’ll switch the default hashing algorithm to SHA256 and switch the way SSL ids are formed. Switches for these changes are at the end of retroshare.pri
Finally, hidden nodes do not accept nor pass any IP information through discovery. That means in particular that a hidden node that is friend to 2 normal nodes that trust each others will not transmit each other’s IPs. In addition to a security improvement, we think it is better that hidden nodes do not store any IP whatsoever since they will not use it anyway.
Improvements in GUI
We performed the following improvements on the GUI. To name a few:
All downloads now use the “RsCollection” Dialog box, which allows to choose a destination directory, de-select some files, etc;
links can encode (small) hierarchies of directories;
file lists now are more efficient, and have a search function in tree mode;
the keyring and download lists are now handled by a QAbstractItemModel, which makes them much more efficient when displaying many entries;
chat lobbies are renamed into “chat rooms”;
we added two kinds of links: chat room links, and identity links;
log remembers the new forums/channels, and will not display them again when you restart.
Backend
we added a cache in GxsGrpMeta (but not GxsMsgMeta), which improves a lot the speed of accessing group lists.
we fixed a few bugs in channel permission sharing, and improved the update of GUI when new groups are published.
