Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

(author here)

Both sides connect to the "mailbox relay server" to perform key exchange and setup. That's a host named "relay.magic-wormhole.io".

If either side has a public IP address, the encrypted data is transferred directly (they exchange IP addresses through the encrypted pipe, and attempt to connect to all of them, so this also covers two peers on the same LAN). If neither do, they both connect to a public "transit helper" relay named "transit.magic-wormhole.io" which acts like a TURN server to get the encrypted bytes from one connection to the other. I run both services.



Note, too, that you may run your own "transit helper" (code: https://github.com/magic-wormhole/magic-wormhole-transit-rel... ) and then specify this via "wormhole --transit-helper tcp:<your host>:<port>" when doing a transfer.

You do need to run the helper on a public IP address, like a rented VPS for example.


So if I understand correctly, even if I use your relay, the relay relays encrypted data, never learning what I am sending?


Correct.

It does learn some metadata: the endpoints of the messages (unless you use Tor) and the number of bytes in those messages.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: