nextcloudpi
nextcloudpi copied to clipboard
nextcloud
Provide easy setup as a hidden tor service
Would it be possible to provide access to the NextcloudPi services from the wider internet as a hidden tor service?
Advantages I can see:
-
no need to set up port forwarding on the home router, ie easier to set up / can be set up when no control over the home router
-
safer (need SSH key to access the service node)
-
more anonymous (going through tor)
Is it a viable option to host a cloud service over Tor though? Does the Tor network offer the reliability and bandwidth you'd want from a service like Nextcloud?
I think so :) . In particular if we are thinking about some documents etc (agree that Nextcloud-over-Tor may not be the best way to manage raw images / videos, but pdf would be fine).
Hm... It could be a cool feature - although I think we need to give it some more thought.
- I'm afraid, that we might give users a false sense of anonymity if we support Tor. We would have to make an audit of the system to ensure it's not leaking identifiable data/information anywhere and I expect that we'll have to adjust a lot of things if that was our goal.
- NCP is targeted at less technically inclined users. Is it feasible for someone without IT administration experience to host a system that is required to satisfy very high privacy standards? If not, we have the same issue with a false sense of security/privacy as in 1.
- Lastly, what else would need to be adjusted? NCP offers a few additional services to NC. Should we disable them or provide them through Tor? Could any of them leak information about users?
To be honest, after giving this some thought I feel that it might be out of scope for the project. At least, it will certainly exceed our capacity in the near future...
I understand, and perfectly fine if this is outside of your scope and you do not have resources - but great to be able to discuss it a bit here if ok for you :) .
My 2 cents, but please note that I am not an expert, and feel free to correct me:
-
if you connect to a website through tor, and the DNS request (unlike the data themselves) does not go through Tor but through the "normal" DNS request service (as is unfortunately quite easy to happen), then you leak DNS - and I understand how this can be a privacy risk. But if you set up a Tor hidden service, you should have no DNS request to do, other than that of the Tor node you use to get into the Tor network; the fact that you connect to the Tor network will be visible anyways, since you will have direct connection to it. So I do not really see where some DNS data could be leaked. Of course this is only for DNS request, but I wonder if this applies in more or less the same way for other parts that can be sensitive? If I understand well this is the beauty of the tor hidden service - everything goes through the Tor network, as the node gets contacted by the Tor network and has no way to exchange information with the client in another way. Or am I missing something? :)
-
the interest of Tor hidden service is not only to allow privacy (though that would be really great), but also actually to make things easier, as this avoids the need to poke holes in firewalls / forward ports to make the RPi server available to the outside world. This is actually my main motivation, rather than privacy, for using a Tor hidden service: this way, I can deploy a NC server from anywhere and make it reachable to the internet, even if I cannot do any config on the router.
-
I am not familiar with NCP. Guess, if something like this could be implemented, that we would have to start somewhere anyways, even if with only partial support :) .