-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Facilitate sharing of keys and client binaries behind internet restrictions #1832
Comments
Great ideas! A couple of questions on our end:
Also, I put up a PR last week that allows providers to turn on sharing, it's a start: #1836 |
Hi, thanks for picking this up!
Your PR is a great start, thanks for your work! |
I guess if it's a separate service with a separate IP address that rotates, maybe that's okay? What do you think @fortuna |
Why a separate IP? If it needs to be not discoverable, how about making path after the IP a random and rotating token? |
In that scenario the IP is still leaked. If someone goes to the authorities saying "I got a key from |
@shakiba just send people to the download links directly: https://www.reddit.com/r/outlinevpn/wiki/index/download_links/ I don't understand the QR code idea. If you can send a QR code, you can send a link. |
The idea behind the QR code is people can share in person without having to
go over the network. You're in the same room, you pull up the QR code on
your phone and your friend scans it.
…On Tue, Feb 13, 2024 at 8:05 PM Vinicius Fortuna ***@***.***> wrote:
@shakiba <https://github.com/shakiba> just send people to the download
links directly:
https://www.reddit.com/r/outlinevpn/wiki/index/download_links/
We keep them on s3.amazonaws.com domain, so it's not blockable without
blocking all of Amazon S3.
I don't understand the QR code idea. If you can send a QR code, you can
send a link.
—
Reply to this email directly, view it on GitHub
<#1832 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA4V5VFMPS4YPBQ43W63N6DYTQEVNAVCNFSM6AAAAABCYMA4ASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBSHEZTANRUGM>
.
You are receiving this because you were assigned.Message ID:
***@***.***>
|
Yup, QR code and short url are helpful to set up a new device that has restricted connectivity.
I may be missing something here, please feel free to correct me: my understanding is that when you invite someone you share the server ip address with them, so a short url to an invitation page doesn't increase the risk. |
I guess I don't quite understand what your proposal buys. Why not use a dynamic key? |
Dynamic config is actually critical for updating configs, but for the first setup it’s not helpful. Eventually there are alternatives ways, but currently onboarding a new device is not very smooth. |
Please tell us more about where the friction is in that setup path!
…On Thu, Feb 15, 2024, 10:16 AM Ali Shakiba ***@***.***> wrote:
Dynamic config is actually critical for updating configs, but for the
first setup it’s not helpful. Eventually there are alternatives ways, but
currently onboarding a new device is not very smooth.
—
Reply to this email directly, view it on GitHub
<#1832 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA4V5VAPRM2A26V4H2LMOSDYTYRDLAVCNFSM6AAAAABCYMA4ASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBWGMYDAOJUGY>
.
You are receiving this because you were assigned.Message ID:
***@***.***>
|
Passing the direct download link to the new device, then sharing the configs with the new client (all with very limited internet access). |
Ah, so your proposal is to send the html invite from the server, is that right? |
No. My suggestion is showing invitation when they visit ‘server-ip/readable-short-token’ (and potentially expire token after a limited time). The workaround is making a public online doc, and then using another service to make a short url or a QR code to the doc. |
@fortuna didn't you use an appscript to make something like this? |
Yes. Code here: https://github.com/fortuna/OutlineDistribution |
Very cool, it would be great if this is integrated into Outline manager and server |
What would you like the app to enable you to do?
Currently installing a client and sharing server configs with a new device behind internet restrictions is not easy. I have a few suggestions for making it easier:
Describe alternatives you've considered
Sometimes there is no alternative. A new device needs to already have a secure messaging app and/or a proxy/vpn tool installed.
Additional context
The text was updated successfully, but these errors were encountered: