Update our disclaimers and limitations sections.
This commit is contained in:
parent
5a4db67b16
commit
134c04a67a
30
README.md
30
README.md
|
@ -50,18 +50,18 @@ needlessly hard to understand and improve.
|
|||
Arti is a work-in-progress. It can connect to the Tor network, bootstrap a
|
||||
view of the Tor directory, and make anonymized connections over the network.
|
||||
|
||||
Arti is currently missing some features that are required for good privacy,
|
||||
and is therefore vulnerable to a lot of attacks that do not yet affect the
|
||||
Tor network. Therefore, **you should probably not use Arti in production**
|
||||
if you want any kind of privacy at all.
|
||||
We're not _aware_ of any critical security features missing in Arti; but
|
||||
however, since Arti is comparatively new software, you should probably be
|
||||
cautious about using it in production.
|
||||
|
||||
There are absolutely no guarantees about API stability yet: if you write code
|
||||
that uses Arti, you should expect that
|
||||
There are no guarantees about API stability yet: if you write code
|
||||
that uses Arti, you should expect it to break with future versions. If you
|
||||
write an a configuration file for Arti, it might stop working in the future.
|
||||
|
||||
## Trying it out today
|
||||
|
||||
Arti can act as a SOCKS proxy that uses the Tor network. (Not a very
|
||||
secure or anonymous one!) It knows how to download directory
|
||||
Arti can act as a SOCKS proxy that uses the Tor network.
|
||||
It knows how to download directory
|
||||
information and how to load it from cache, but it doesn't try to
|
||||
download more than one directory per run.
|
||||
|
||||
|
@ -70,8 +70,8 @@ SOCKS proxy on port 9150.
|
|||
|
||||
% cargo run --release
|
||||
|
||||
Again, do not use this program yet if you need anonymity, privacy, security,
|
||||
or stability.
|
||||
Again, do not use this program yet if you seriously need anonymity, privacy,
|
||||
security, or stability.
|
||||
|
||||
## Minimum supported Rust Version
|
||||
|
||||
|
@ -99,11 +99,11 @@ get our project manager to sign off on them.
|
|||
|
||||
* Arti 0.0.1: Minimal Secure Client (Goal: end of October 2021??)
|
||||
* Target audience: **developers**
|
||||
* [ ] Guard support
|
||||
* [ ] Stream Isolation
|
||||
* [ ] High test coverage
|
||||
* [ ] Draft APIs for basic usage
|
||||
* [ ] Code cleanups
|
||||
* [x] Guard support
|
||||
* [x] Stream Isolation
|
||||
* [x] High test coverage
|
||||
* [x] Draft APIs for basic usage
|
||||
* [x] Code cleanups
|
||||
* [and more...](https://gitlab.torproject.org/tpo/core/arti/-/milestones/6)
|
||||
|
||||
* Arti 0.1.0: Okay for experimental embedding (Goal: Mid March, 2022??)
|
||||
|
|
|
@ -16,24 +16,15 @@ It is the highest-level library crate in
|
|||
Arti, and the one that nearly all client-only programs should use.
|
||||
Most of its functionality is provided by lower-level crates in Arti.
|
||||
|
||||
### ⚠️️ Warnings ⚠️
|
||||
️
|
||||
**Do not expect ANY privacy from this code yet.**
|
||||
### ⚠ Warnings ⚠
|
||||
|
||||
Arti is a work in progress, and there are currently certain
|
||||
missing features that _will_ make it far less private than the
|
||||
standard Tor implementation. In fact, the absence of these makes
|
||||
Arti clients vulnerable to certain classes of well known attacks
|
||||
that the standard Tor implementation defends against.
|
||||
Note that Arti is a work in progress; although we've tried to
|
||||
write all the critical security components, you probably shouldn't
|
||||
use Arti in production until it's a bit more mature.
|
||||
|
||||
At present, do not expect Arti to give you _any privacy at all_. (We'll
|
||||
remove or soften this warning once we're more confident in our privacy.)
|
||||
|
||||
**Do not use this code in production yet.**
|
||||
|
||||
All of the APIs for this crate, and for Arti in general, are not
|
||||
the least bit stable. If you use this code, please expect your
|
||||
software to break on a regular basis.
|
||||
Also note that all of the APIs for this crate, and for Arti in
|
||||
general, are not the least bit stable. If you use this code,
|
||||
please expect your software to break on a regular basis.
|
||||
|
||||
### Design considerations, privacy considerations.
|
||||
|
||||
|
|
|
@ -14,24 +14,15 @@
|
|||
//! Arti, and the one that nearly all client-only programs should use.
|
||||
//! Most of its functionality is provided by lower-level crates in Arti.
|
||||
//!
|
||||
//! ## ⚠️️ Warnings ⚠️
|
||||
//! ️
|
||||
//! **Do not expect ANY privacy from this code yet.**
|
||||
//! ## ⚠ Warnings ⚠
|
||||
//!
|
||||
//! Arti is a work in progress, and there are currently certain
|
||||
//! missing features that _will_ make it far less private than the
|
||||
//! standard Tor implementation. In fact, the absence of these makes
|
||||
//! Arti clients vulnerable to certain classes of well known attacks
|
||||
//! that the standard Tor implementation defends against.
|
||||
//! Note that Arti is a work in progress; although we've tried to
|
||||
//! write all the critical security components, you probably shouldn't
|
||||
//! use Arti in production until it's a bit more mature.
|
||||
//!
|
||||
//! At present, do not expect Arti to give you _any privacy at all_. (We'll
|
||||
//! remove or soften this warning once we're more confident in our privacy.)
|
||||
//!
|
||||
//! **Do not use this code in production yet.**
|
||||
//!
|
||||
//! All of the APIs for this crate, and for Arti in general, are not
|
||||
//! the least bit stable. If you use this code, please expect your
|
||||
//! software to break on a regular basis.
|
||||
//! Also note that all of the APIs for this crate, and for Arti in
|
||||
//! general, are not the least bit stable. If you use this code,
|
||||
//! please expect your software to break on a regular basis.
|
||||
//!
|
||||
//! ## Design considerations, privacy considerations.
|
||||
//!
|
||||
|
|
|
@ -7,10 +7,9 @@ This crate is the primary command-line interface for
|
|||
implement [Tor](https://www.torproject.org/) in Rust.
|
||||
Many other crates in Arti depend on it.
|
||||
|
||||
⚠️**WARNING**: Arti is not yet a secure or complete Tor implementation!
|
||||
If you use it, you should expect that it _will_ harm your privacy.
|
||||
For now, if you have actual privacy or security needs, please use
|
||||
the C implementation of Tor instead. ⚠️
|
||||
Note that Arti is a work in progress; although we've tried to
|
||||
write all the critical security components, you probably shouldn't
|
||||
use Arti in production until it's a bit more mature.
|
||||
|
||||
More documentation will follow as this program improves. For now,
|
||||
just know that it can run as a simple SOCKS proxy over the Tor network.
|
||||
|
@ -52,7 +51,6 @@ to disable tokio.
|
|||
There are many missing features. Among them: there's no onion
|
||||
service support yet. There's no anti-censorship support. You
|
||||
can't be a relay. There isn't any kind of proxy besides SOCKS.
|
||||
Resolve-over-SOCKS isn't implemented yet.
|
||||
|
||||
See the [README
|
||||
file](https://gitlab.torproject.org/tpo/core/arti/-/blob/main/README.md)
|
||||
|
|
|
@ -5,10 +5,9 @@
|
|||
//! implement [Tor](https://www.torproject.org/) in Rust.
|
||||
//! Many other crates in Arti depend on it.
|
||||
//!
|
||||
//! ⚠️**WARNING**: Arti is not yet a secure or complete Tor implementation!
|
||||
//! If you use it, you should expect that it _will_ harm your privacy.
|
||||
//! For now, if you have actual privacy or security needs, please use
|
||||
//! the C implementation of Tor instead. ⚠️
|
||||
//! Note that Arti is a work in progress; although we've tried to
|
||||
//! write all the critical security components, you probably shouldn't
|
||||
//! use Arti in production until it's a bit more mature.
|
||||
//!
|
||||
//! More documentation will follow as this program improves. For now,
|
||||
//! just know that it can run as a simple SOCKS proxy over the Tor network.
|
||||
|
@ -50,7 +49,6 @@
|
|||
//! There are many missing features. Among them: there's no onion
|
||||
//! service support yet. There's no anti-censorship support. You
|
||||
//! can't be a relay. There isn't any kind of proxy besides SOCKS.
|
||||
//! Resolve-over-SOCKS isn't implemented yet.
|
||||
//!
|
||||
//! See the [README
|
||||
//! file](https://gitlab.torproject.org/tpo/core/arti/-/blob/main/README.md)
|
||||
|
|
|
@ -59,13 +59,4 @@ packed into a single RELAY cell.
|
|||
The distinction between RelayCell and RelayMsg is meant in part
|
||||
to future-proof arti against these proposals if they are adopted.
|
||||
|
||||
## Limitations
|
||||
|
||||
There aren't any tests.
|
||||
|
||||
There isn't enough documentation.
|
||||
|
||||
This is the first part of the project I started working on, and
|
||||
probably reflects the most naive understanding of Rust.
|
||||
|
||||
License: MIT OR Apache-2.0
|
||||
|
|
|
@ -56,15 +56,6 @@
|
|||
//!
|
||||
//! The distinction between RelayCell and RelayMsg is meant in part
|
||||
//! to future-proof arti against these proposals if they are adopted.
|
||||
//!
|
||||
//! # Limitations
|
||||
//!
|
||||
//! There aren't any tests.
|
||||
//!
|
||||
//! There isn't enough documentation.
|
||||
//!
|
||||
//! This is the first part of the project I started working on, and
|
||||
//! probably reflects the most naive understanding of Rust.
|
||||
|
||||
#![deny(missing_docs)]
|
||||
#![warn(noop_method_call)]
|
||||
|
|
|
@ -22,8 +22,4 @@ But for now, this `tor-circmgr` code is extremely preliminary; its
|
|||
data structures are all pretty bad, and it's likely that the API
|
||||
is wrong too.
|
||||
|
||||
The path generation code in this crate is missing a colossal
|
||||
number of features that you'd probably want in production: the
|
||||
paths it generates should not be considered secure.
|
||||
|
||||
License: MIT OR Apache-2.0
|
||||
|
|
|
@ -19,10 +19,6 @@
|
|||
//! But for now, this `tor-circmgr` code is extremely preliminary; its
|
||||
//! data structures are all pretty bad, and it's likely that the API
|
||||
//! is wrong too.
|
||||
//!
|
||||
//! The path generation code in this crate is missing a colossal
|
||||
//! number of features that you'd probably want in production: the
|
||||
//! paths it generates should not be considered secure.
|
||||
|
||||
#![deny(missing_docs)]
|
||||
#![warn(noop_method_call)]
|
||||
|
|
|
@ -82,6 +82,7 @@ below) and comments and internal documentation in this crate.
|
|||
|
||||
* Our circuit blocking algorithm is simplified from the one that Tor uses.
|
||||
See comments in `GuardSet::circ_usability_status` for more information.
|
||||
See also [proposal 337](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/337-simpler-guard-usability.md).
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -80,6 +80,7 @@
|
|||
//!
|
||||
//! * Our circuit blocking algorithm is simplified from the one that Tor uses.
|
||||
//! See comments in `GuardSet::circ_usability_status` for more information.
|
||||
//! See also [proposal 337](https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/337-simpler-guard-usability.md).
|
||||
//!
|
||||
//! # References
|
||||
//!
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
//! Implements the ntor handshake, as used in modern Tor.
|
||||
//!
|
||||
//! # Limitations
|
||||
//!
|
||||
//! These functions should be extensible to work with the ntor variant
|
||||
//! used in v3 hidden services; but right now they aren't.
|
||||
|
||||
use super::KeyGenerator;
|
||||
use crate::util::ct;
|
||||
|
|
|
@ -7,10 +7,7 @@
|
|||
//!
|
||||
//! # Limitations
|
||||
//!
|
||||
//! TODO: This should eventually expose a bytes-oriented type rather than a
|
||||
//! cell-oriented type.
|
||||
//!
|
||||
//! XXXX TODO: There is no fairness, rate-limiting, or flow control.
|
||||
//! There is no fairness, rate-limiting, or flow control.
|
||||
|
||||
mod data;
|
||||
mod raw;
|
||||
|
|
Loading…
Reference in New Issue