Opened 2 months ago

Last modified 8 weeks ago

#32623 needs_information enhancement

Tor Browser should support ENS

Reported by: bryguy Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor27-can

Description

New Feature Proposal

Tor Browser should recognize, process and follow ENS (see https://docs.ens.domains) links formatted as such:

ens://name.eth

or simply:

name.eth

Note that name is a sequence of one or more labels internally separated by a period.

ENS enables anyone with access to Internet to interact with Ethereum blockchain and register a name to end in .eth. Anyone can remain anonymous if they take care of their Ethereum address/es.

ENS has a text record type. An owner might provide a .onion URL for this. Tor Browser could automatically resolve an ENS name and lookup its text record - if that ends in .onion then Tor Browser could follow the link.

Registration is an open and fair process. Names are inexpensive: ~ $5/yr for a name of 5 characters and up.

Any name owner can make subdomains and register new names therein.

Such a capability would enable Tor users to optionally enjoy DNS-like convenience of using <readable>.eth names instead of <encodedhash>.onion strings.

Suggested Scope

  • Add a new protocol handler that recognizes ens:// and .eth urls, similar to the way an existing protocol handler recognizes http:// today.
  • Enable the user to specify a number of .onions known to provide RESTful ENS-to-onion lookup service. Tor Browser should use a random-round-robin approach to select one such .onion for each query. The implementation might occasionally cross-check the results of any query from multiple .onions as a public service to expose miscreant .onion operators.
  • Tor project should publish a new standard syntax for ENS name-to-onion and name-search RESTful queries.
  • Tor project should implement one such ENS nameserver. We suggest that eff.org and perhaps other privacy-supportive organizations may wish to do the same.
  • Tor project should buy an ENS name and renew it yearly for a minimum of five years. We suggest torproject.eth
  • Tor project could set up a custom Registrar smart contract and sell subdomains under .torproject.eth to offset costs of running the ENS nameserver.
  • Tor project could subdomain and sell names to raise donations for specific projects and initiatives. For example, Tor project might register killcaptchas.torproject.eth and enable donors to purchase names under that if they wish to support such an initiative.
  • Tor Browser should support an ENS-search capability that scans the blockchain for all names within a user-specified .eth domain.

Motivations

  • Improve Tor Browser and network user-experience by providing "anonymous names" capability
  • Support a Tor-search capability without requiring centralized .onions. An ENS-to-onion nameserver might implement an additional query to return all registered names within a given subdomain.
  • Disrupt IANA's monopoly on Internet names
  • Support anonymous Internet usage
  • Save internet users the significant costs of registering and renewing DNS names. A tld might require a $200k fee to IANA just to process a proposal. A country domain can cost $50/yr and a web-commerce certificate can cost $100's to obtain and similar to renew each year.

Challenges and Risks

  • This proposal changes Tor Browser code. Although plugins and extensions are well-understood, this incurs some risk and potential future expense for maintenance and support.
  • ENS might not become popular enough. It caters to a small set of users who are comfortable with Tor and Ethereum.
  • The price of Ethereum may increase and make ENS too expensive to use.
  • The owner of .eth may increase the cost of renewal. While the community would migrate away to a similar service, this would again require Tor Browser to update.
  • Few users may hear about ens:// urls and accept that they work with the same level of anonymity granted by Tor.
  • Ethereum may disappear someday (unlikely, but you never know)
  • Blockchain tech invites attention from governments and other organizations that feel threatened by it.

Child Tickets

Change History (5)

comment:1 Changed 2 months ago by pili

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team
Sponsor: Sponsor27-can

Thank you for the enhancement request.

Please be patient with us while we discuss this, it may take us a while to get around to it :)

comment:2 Changed 8 weeks ago by asn

Status: newneeds_information

Hello, thanks for the feature request.

Personally, while generally interested in ENS, its potential and the underlying protocol, I find the undocumented backdoor that is detailed here extremely troubling: https://mailarchive.ietf.org/arch/msg/dnsop/E0dKXu1yQJ2npRmxq2R64i9yuUo
and pretty much a strong blocker for any integration.

Particularly the fact that this backdo^Wfeature is undocumented is the worst part of it, since I really don't know how it works or what strenghts it gives to the adversary.

If this is actually documented somewhere, I'd appreciate links and resources to that effect.

Last edited 8 weeks ago by asn (previous) (diff)

comment:3 Changed 8 weeks ago by bryguy

Thanks for considering this request.

The mailarchive linked content could be interpreted to mean that the ENS smart contracts are owned by a multisig Ethereum private key requiring 4 of 7 signatures in order to be used. Either that, or the private key was sharded into 7 parts.

Convincing four root-ENS-holders to override a situation caused by the ENS smart contracts working as expected would, and should, be difficult or impossible to arrange. Doing so even once might imply a burden of censhorship on those individuals and centralize the service.

comment:4 in reply to:  3 Changed 8 weeks ago by asn

Replying to bryguy:

Thanks for considering this request.

The mailarchive linked content could be interpreted to mean that the ENS smart contracts are owned by a multisig Ethereum private key requiring 4 of 7 signatures in order to be used. Either that, or the private key was sharded into 7 parts.

Convincing four root-ENS-holders to override a situation caused by the ENS smart contracts working as expected would, and should, be difficult or impossible to arrange. Doing so even once might imply a burden of censhorship on those individuals and centralize the service.

Hello there,

wWhat you are saying above does not make me feel better about this particular undocumented "feature".

comment:5 Changed 8 weeks ago by bryguy

Thanks @asn

I may misunderstand, but the concern about a "backdoor" may really be a question about decentralized ownership of a blockchain resource - in this case ownership of the root domain ".eth". So instead of control by one IANA in DNS, the ENS service is owned by 7 Ethereum devs - if that is indeed the case, sorry I am not an expert.

The code for the smart contracts as deployed on mainnet seems legit. Only the owner of a node can update it - no backdoor I can see.

ENS seems to have some advantages to DNS, albeit with the risks cited in the ticket about ENS and Ethereum and this being relatively new. I doubt ENS could turn evil - they will have competition. Ethereum crashing doubtful too.

Hope TorBrowser considers this idea further. Cheers mates.

Note: See TracTickets for help on using tickets.