top | item 45494110

(no title)

lotharrr | 4 months ago

(author here)

Both sides connect to the "mailbox relay server" to perform key exchange and setup. That's a host named "relay.magic-wormhole.io".

If either side has a public IP address, the encrypted data is transferred directly (they exchange IP addresses through the encrypted pipe, and attempt to connect to all of them, so this also covers two peers on the same LAN). If neither do, they both connect to a public "transit helper" relay named "transit.magic-wormhole.io" which acts like a TURN server to get the encrypted bytes from one connection to the other. I run both services.

discuss

meejah|4 months ago

Note, too, that you may run your own "transit helper" (code: https://github.com/magic-wormhole/magic-wormhole-transit-rel... ) and then specify this via "wormhole --transit-helper tcp:<your host>:<port>" when doing a transfer.

You do need to run the helper on a public IP address, like a rented VPS for example.

BinaryIgor|4 months ago

So if I understand correctly, even if I use your relay, the relay relays encrypted data, never learning what I am sending?

meejah|4 months ago

Correct.

It does learn some metadata: the endpoints of the messages (unless you use Tor) and the number of bytes in those messages.