Facilitate sharing of keys and client binaries behind internet restrictions

[shakiba]

What would you like the app to enable you to do?

Currently installing a client and sharing server configs with a new device behind internet restrictions is not easy. I have a few suggestions for making it easier:

• Proxying Outline client downloads over Outline servers
• Using readable short urls for an invitation page hosted on the server (for example 142.251.32.110/YPCU8T7KGN)
• Using QR code in Outline clients (and manager) to share server configs, and client apps download links
• Using Access Request or something similar to WiFi WPS to allow a new client connect to a server without a key

Describe alternatives you've considered
Sometimes there is no alternative. A new device needs to already have a secure messaging app and/or a proxy/vpn tool installed.

Additional context

[daniellacosse]

Great ideas! A couple of questions on our end:

• Do you mean a link that's the literal download location of the client binary? Or a link to the app store location? The former I think would only really be for Android (hard to scan codes on desktop, apple doesn't support sideloading in most places)
• How do you propose people fetch outline clients and keys over a connection that could potentially be restricted (with the exception of the WiFi/LAN transfer)? Put another way: in your situation, is it a UX issue or is it a network issue?

Also, I put up a PR last week that allows providers to turn on sharing, it's a start: #1836

[shakiba]

Hi, thanks for picking this up!

• Yes, my suggestion was related to android sideloading.

• My suggestion is fetching it from the server itself via a temporary short url. I assumed access to the server is not restricted, otherwise the server would not be useful anyway? You would just communicate the short url verbally, so it’s helpful when you start on a device from scratch.

Your PR is a great start, thanks for your work!

[daniellacosse]

Hi, thanks for picking this up!

• Yes, my suggestion was related to android sideloading.
• My suggestion is fetching it from the server itself via a temporary short url. I assumed access to the server is not restricted, otherwise the server would not be useful anyway? You would just communicate the short url verbally, so it’s helpful when you start on a device from scratch.

Your PR is a great start, thanks for your work!

I guess if it's a separate service with a separate IP address that rotates, maybe that's okay? What do you think @fortuna

[shakiba]

Why a separate IP? If it needs to be not discoverable, how about making path after the IP a random and rotating token?

[daniellacosse]

In that scenario the IP is still leaked. If someone goes to the authorities saying "I got a key from x.x.x.x/<random>" then the authorities just have to block x.x.x.x

[fortuna]

@shakiba just send people to the download links directly: https://www.reddit.com/r/outlinevpn/wiki/index/download_links/
We keep them on s3.amazonaws.com domain, so it's not blockable without blocking all of Amazon S3.

I don't understand the QR code idea. If you can send a QR code, you can send a link.

[daniellacosse]

The idea behind the QR code is people can share in person without having to go over the network. You're in the same room, you pull up the QR code on your phone and your friend scans it.

…

On Tue, Feb 13, 2024 at 8:05 PM Vinicius Fortuna ***@***.***> wrote: @shakiba <https://github.com/shakiba> just send people to the download links directly: https://www.reddit.com/r/outlinevpn/wiki/index/download_links/ We keep them on s3.amazonaws.com domain, so it's not blockable without blocking all of Amazon S3. I don't understand the QR code idea. If you can send a QR code, you can send a link. — Reply to this email directly, view it on GitHub <#1832 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA4V5VFMPS4YPBQ43W63N6DYTQEVNAVCNFSM6AAAAABCYMA4ASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBSHEZTANRUGM> . You are receiving this because you were assigned.Message ID: ***@***.***>

[shakiba]

The idea behind the QR code is people can share in person without having to go over the network. You're in the same room, you pull up the QR code on your phone and your friend scans it.

Yup, QR code and short url are helpful to set up a new device that has restricted connectivity.

In that scenario the IP is still leaked. If someone goes to the authorities saying "I got a key from x.x.x.x/" then the authorities just have to block x.x.x.x

I may be missing something here, please feel free to correct me: my understanding is that when you invite someone you share the server ip address with them, so a short url to an invitation page doesn't increase the risk.

[daniellacosse]

The idea behind the QR code is people can share in person without having to go over the network. You're in the same room, you pull up the QR code on your phone and your friend scans it.

Yup, QR code and short url are helpful to set up a new device that has restricted connectivity.

In that scenario the IP is still leaked. If someone goes to the authorities saying "I got a key from x.x.x.x/" then the authorities just have to block x.x.x.x

I may be missing something here, please feel free to correct me: my understanding is that when you invite someone you share the server ip address with them, so a short url to an invitation page doesn't increase the risk.

I guess I don't quite understand what your proposal buys. Why not use a dynamic key?

[shakiba]

Dynamic config is actually critical for updating configs, but for the first setup it’s not helpful. Eventually there are alternatives ways, but currently onboarding a new device is not very smooth.

[daniellacosse]

Please tell us more about where the friction is in that setup path!

…

On Thu, Feb 15, 2024, 10:16 AM Ali Shakiba ***@***.***> wrote: Dynamic config is actually critical for updating configs, but for the first setup it’s not helpful. Eventually there are alternatives ways, but currently onboarding a new device is not very smooth. — Reply to this email directly, view it on GitHub <#1832 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA4V5VAPRM2A26V4H2LMOSDYTYRDLAVCNFSM6AAAAABCYMA4ASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBWGMYDAOJUGY> . You are receiving this because you were assigned.Message ID: ***@***.***>

[shakiba]

Passing the direct download link to the new device, then sharing the configs with the new client (all with very limited internet access).

[daniellacosse]

Ah, so your proposal is to send the html invite from the server, is that right?

[shakiba]

No. My suggestion is showing invitation when they visit ‘server-ip/readable-short-token’ (and potentially expire token after a limited time).

The workaround is making a public online doc, and then using another service to make a short url or a QR code to the doc.

[daniellacosse]

@fortuna didn't you use an appscript to make something like this?

[fortuna]

Yes. Code here: https://github.com/fortuna/OutlineDistribution
Proof of concept: https://my.freeoutlineserver.net/

[shakiba]

Very cool, it would be great if this is integrated into Outline manager and server