Release notes for v0.6.4

This release brings a new version of Retroshare optionally bundled with Tor, some security improvements, many GUI fixes, and an experimental Android version.

Tor-Only package

Since version 0.6.0, Retroshare is able to run over the Tor network, using a Tor hidden service to create a so-called “Hidden node” which IP is not visible even to friends of this node. The configuration of a hidden node however was not very easy, especially on windows. With version 0.6.4, we release a special version of Retroshare which bundles Tor and configures it automatically. As a result, creating a hidden node is now one click away.

How does it work? At start, RS launches Tor using a QProcess, and uses the socket-based control system of Tor to configure a hidden service. Then it configures itself to use that hidden service. To do this, we borrowed some code from the Ricochet project. After you created your node, Retro-Tor will temporarily display a status window. When the bootstrap reaches 100%, you’re good to go:

Running Retroshare over Tor has a number of definite advantages: it does not require firewall management (Tor does it for you); you do not need a DHT to find your friends (Tor does it for you), and whatever code is tied to ensuring security of your IP information is not needed anymore.  We thus removed IP filters.

We envision multiple use cases where this special “retro-tor” combination would be very useful. To list a few:

• while Retroshare would normally require that you only create connections to some trusted friends, Retro-Tor  allows you to safely connect to strangers, who cannot know your real identity (meaning your IP address and physical location) when they connect to you. Retro-Tor therefore allows you to easily test Retroshare by exchanging certificates with stangers from the internet in a way that is perfectly safe. If you’re happy with the software, you may turn to the “classical” Retroshare to create a network with trusted friends.
• your work or activity requires you to securely and very privately contact trusted persons, while being able to send large files, forum posts, or have a multi-party discussion? Then Retro-Tor is a valuable option.
• you want to anonymously share information/data (i.e. without ever revealing your identity and physical location to anyone)? Then create a hidden node with Retro-Tor and exchange certificates with interested people.

In the future, depending on the feedback we receive, we may unify the Tor only and vanilla Retroshare versions into a single package that will optionally run its own Tor. This will allow users to easily connect to hidden nodes and bridge between the two networks.

It is important to note that connections over Tor may take a little while to find their way, especially the first time. But they eventually always do if your friends are indeed online. Also, in this version, Retroshare will only start after Tor manages to bootstrap correctly.

Retro-Tor is available as an AppImage on linux, a zipped archive on windows, and a DMG archive on MacOS. It can also be compiled from the master branch using “CONFIG+=retrotor”, but the packages do not need you to install Tor as the executable is also in the packages. In is referred to in the download page as “Tor Only” version. Retroshare+Tor represent a significantly powerful tool that raises anonymity to a total new level. Use is responsively!

Experimental Android build

For the first time we offer a very experimental version of Retroshare on Android. This version only allows to connect to other peers and distant-chat your friends. This however constitutes a major step toward a more complete Android version since a lot of work was done to get our code base to compile and properly run on smartphones, and to create a Qml UI for it.

Security

We reviewed the security of the signed TLS handshake and made the following improvements:

1. the signature of certificates used to require a double hash. While not a security problem per se, this was an unfortunate design choice.
2. PGP signatures are now only possible in SHA1, SHA256 and SHA512 format. Certificates signed with another hash algorithm will be rejected.
3. SSL ids are now computed using a secure hash function. While not a critical security problem (since signatures are always checked), the previous method to produce SSL ids was not coming with a theoretical guaranty of how difficult it was to create a node/location pair that had the same SSL id than an existing node.

In order to make all these changes backward compatible, we adopt 2, and ship the code to handle 1+3 in version 0.6.4. In the next version, we’ll switch the default hashing algorithm to SHA256 and switch the way SSL ids are formed. Switches for these changes are at the end of retroshare.pri

Finally, hidden nodes do not accept nor pass any IP information through discovery. That means in particular that a hidden node that is friend to 2 normal nodes that trust each others will not transmit each other’s IPs. In addition to a security improvement, we think it is better that hidden nodes do not store any IP whatsoever since they will not use it anyway.

Improvements in GUI

We performed the following improvements on the GUI. To name a few:

• All downloads now use the “RsCollection” Dialog box, which allows to choose a destination directory, de-select some files, etc;
• links can encode (small) hierarchies of directories;
• file lists now are more efficient, and have a search function in tree mode;
• the keyring and download lists are now handled by a QAbstractItemModel, which makes them much more efficient when displaying many entries;
• chat lobbies are renamed into “chat rooms”;
• we added two kinds of links: chat room links, and identity links;
• log remembers the new forums/channels, and will not display them again when you restart.

Backend

• we added a cache in GxsGrpMeta (but not GxsMsgMeta), which improves a lot the speed of accessing group lists.
• we fixed a few bugs in channel permission sharing, and improved the update of GUI when new groups are published.

What’s next?

We have a good roadmap for 2018. Here’s some bits:

• If Tor+RS works fine, we may embed Tor in normal nodes as well so that people can easily create bridges between the Tor and non Tor networks;
• we may have plans to get rid of OpenPGP-SDK, which is a non elegant piece of C code, and may use elliptic curve cryptography in our certificates in replacement to RSA;
• in its current state, the serialization code only allows to serialize to binary format. We will extend it to handle JSON serialization, and if possible create an automated wrapper for API functions;
• IPv6 support;
• create a friend suggestion system to work in Retro-Tor. This will be a possible GSoC project;
• open plugin system to GXS;
• distant sync of GXS groups via tunnels
• re-implement the chat layer;
• re-design the network layer which has become a bit messy.

We need lots of help to get all these things done. If you want to help you’re welcome to do so. In particular, this year again, Retroshare will participate in Google Summer of Code, for which the topics are available on Freifunk’s projects page.

As usual, many thanks to all “non official” contributors to this great project, namely Phenom, sss for their pull requests, ghibli and ASmith  for feedback and testing, anmo for experimental packaging, and all others who helped in any way. Finally we express our infinite gratitude to the autors of the Ricochet project for their code to control Tor using sockets.

Packages: https://github.com/RetroShare/RetroShare/releases/tag/v0.6.4

Download page: http://retroshare.net/downloads.html