I dont understand why my other comment was flagged. The Tor Project does not reccomend using Arti just yet. If you think that is outdated see the following article published on 04.03.24, which also states the following
There are still some rough edges and missing security features, so we don't (yet) recommend Arti onion services for production use, or for any purpose that requires privacy.
This is hacker news. We hack. Even though it’s still a work in progress, we can experiment and try new things. API changes are not expected, the code you write now should work in the future when it comes out of the experimental phase.
Second paragraph of linked page already states: "Until Arti is more mature, we recommend it for experimental use only."
It is one of five sentences on the page - not some hidden message. Not sure what your point is? The flagged comment stated that it is "not real project". `Not finished` and `not real` are two different things.
Do you have any insight into crypto ecosystem or just troll here?
First of all, zcash is focused on private payments and Tor helps its users to stay anonymous while using third party wallets, etc. It's their dependency and relevant privacy project so they decide to support it. But this is nothing new, crypto ecosystem has been contributing to Tor for a decade, starting in Silk Road era. Many privacy related project have anon contributors only funded in crypto. It's literally FOSS native payment method.
These days, public goods funding of free and open software is one of the most active areas in crypto scene. They activate individual donors and organizations/DAOs to donate towards impactful non-profit projects. Quadratic funding platforms like Gitcoin are used to funnel millions of dollars to FOSS.
As much as I dislike cryptocurrency, you're being unfair here. Some people of that crowd have privacy as central principle, Tor is then more than clearly related.
Most cryptobros are very pro open source and pro privacy, it's the whole reason they're trying to amass resources in crypto, to make it stronger and also to direct others to build up more resilient systems.
Re: the flagged comment about Arti not being a real project
It is a real project and it works well. I've been building some stuff on top of it in my free time and it's generally stable. There are a few footguns in their API (namely the DataStream not flushing writes automatically) but they're actively working on everything.
I’d be genuinely interested in seeing what people are building on top of this.
Especially to see some concrete code examples, as I find those easier to learn from than the current state of the docs. Especially with regard to footguns mentioned!
I’ve had a few ideas, mostly porting older projects I built in Python using the Stem library. I feel like Arti is going to be much cleaner for embedding in applications than having to also bundle the correct Tor binary… manage running it as a subprocess… etc
I’m still in the process of experimentation. An example of the flushing thing is that you can’t simply pass the DataStream/connection directly into crates like fast-socks5 which depend on implicit behavior by the TCPStream struct which implements the AsyncReader/Writer traits which don’t require it. I had to manually add a bunch of flushes after each write chunk.
Another thing is that some features have been partially implemented but not configurable (basically dead code for now) such as ephemeral hidden services. I spent a good few days forking and implementing that myself and am in contact with the devs to see how it could be implemented/merged in a cleaner way.
Some of my code:
https://gitlab.torproject.org/acheong08/arti/-/compare/main....
I wanted a socks5 proxy over a hidden service to securely expose my machine in a firewall without owning any servers in between or having to mess with port forwarding.
Now working on a new pluggable transport to tunnel tor connections over syncthing relays.
Mostly just for fun, nothing actually too useful yet
Tor isn't a money transmitter, but also, they were indicted more for the fact they actively sought out sanctioned individuals in marketing/dev outreach
> Until Arti is more mature, we recommend it for experimental use only.
Helps to read the entire context. This means that it likely hasn't had a security audit yet, and may de-anonymize you due to a bug. It doesn't mean it's abandonware.
the link posted by tromp is to the readme from 3 years ago. you should read the latest readme before making assumptions about the quality of arti today
I don't think holding the current state of the project to a version of the README from three years ago is even remotely anywhere near a good faith comparison.
If it’s a mistake, then it’s in good faith, right? Maybe the README no longer literally says “learning Rust as I go along”, but it definitely did in the one I looked at quickly (yes, from tromp’s comment)
That said... is it really “really real” if it’s still experimental 3 years later?
[1] https://gitlab.torproject.org/tpo/core/arti/-/blob/850a3c3b6...
https://en.wikipedia.org/wiki/Arti_(Hinduism)
This is hacker news. We hack. Even though it’s still a work in progress, we can experiment and try new things. API changes are not expected, the code you write now should work in the future when it comes out of the experimental phase.
? Do you think only "hackers" read hn ?
It is one of five sentences on the page - not some hidden message. Not sure what your point is? The flagged comment stated that it is "not real project". `Not finished` and `not real` are two different things.
> The flagged comment stated that it is "not real project". `Not finished` and `not real` are two different things.
My comment said none of those things.
These days, public goods funding of free and open software is one of the most active areas in crypto scene. They activate individual donors and organizations/DAOs to donate towards impactful non-profit projects. Quadratic funding platforms like Gitcoin are used to funnel millions of dollars to FOSS.
https://zcash.readthedocs.io/en/latest/rtd_pages/tor.html
It is a real project and it works well. I've been building some stuff on top of it in my free time and it's generally stable. There are a few footguns in their API (namely the DataStream not flushing writes automatically) but they're actively working on everything.
Especially to see some concrete code examples, as I find those easier to learn from than the current state of the docs. Especially with regard to footguns mentioned!
I’ve had a few ideas, mostly porting older projects I built in Python using the Stem library. I feel like Arti is going to be much cleaner for embedding in applications than having to also bundle the correct Tor binary… manage running it as a subprocess… etc
Another thing is that some features have been partially implemented but not configurable (basically dead code for now) such as ephemeral hidden services. I spent a good few days forking and implementing that myself and am in contact with the devs to see how it could be implemented/merged in a cleaner way. Some of my code: https://gitlab.torproject.org/acheong08/arti/-/compare/main....
I wanted a socks5 proxy over a hidden service to securely expose my machine in a firewall without owning any servers in between or having to mess with port forwarding.
Now working on a new pluggable transport to tunnel tor connections over syncthing relays.
Mostly just for fun, nothing actually too useful yet
Like the recent S wallet people the minute your software is used for anything illegal you risk extradition.
it is not a Real Project, it’s someone trying an experimental implementation of a tor client
Helps to read the entire context. This means that it likely hasn't had a security audit yet, and may de-anonymize you due to a bug. It doesn't mean it's abandonware.
That said... is it really “really real” if it’s still experimental 3 years later?