to remain secure from outside observers is the main goal, the i2p network is much more secure than tor or a vpn, though it does a good job protecting you from others on the network too.
- 0 Posts
- 30 Comments
Joined 2 years ago
Cake day: March 28th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
as a darknet it’s more secure than tor, but less people use it so less anonymous. the benefits are really for using in-network services there, not so much for accessing the clearnet, though you’ll find clearnet things bridged to i2p
2·1 year agodefinitely opens up another surface for attack, could see flooding namespace, sibyl, hijacking consensus mechanism somehow, lots of very bad content would surface too which some of the current “curators” try to dampen. Consensus mechanism would be tricky to get right
non maliciously this is occasionally a problem. different registrars have different rules, some will delete a name after so long the destination is dead, others wont. so registrars will let you register an abandoned name with a new destination, but some wont. But local address books will default to the older destination over the newer one.
i think it was done this way so there could be no one thing declaring google.i2p goes to a destination, locally you decide. wouldn’t be a bad idea to incorporate some sort of cert though, a lot of that work would fall to the registrars to agree i’d think, like on expiring names.
i think the idea of using dht for this so it’s more like a network consensus thing has come up, but there’s reasons not to do this.
behold. LEAF
I haven’t used stormycloud much but i haven’t heard there being issues with them. I’ve preferred using outproxy.acetone.i2p and purokishi.i2p since i’ve found them consistently to be faster. Stormycloud is the default in vanilla i2p so they end up getting the brunt of i2p’s outproxy traffic, it’s possible they could get overloaded. They have a very good setup, but they’re one entity.
Especially right now after mental outlaws video, more routers could be coming online and giving stormycloud a workout, maybe getting overwhelmed. I would try switching to either of those and setting inbound/outbound tunnel count to 16. hope that helps.
3·2 years agoHere’s the scary sounding part that can be counterintuitive. The routers you’re communicating with do know your ip, since they have to like you mentioned. Your ip address is also in i2p’s DHT as a “router info” which functions as a network addressbook for routers and services so things can be found without needing a centralized lookup service. Again, because for the network to work, routers need to be able to find eachother, or they can’t communicate.
But, routers function on a need to know basis. i2p uses separate up and down links for each tunnel, and your side of the tunnel by default has 3 hops. other side usually also has 3 hops. typical unidirectional tunnel looks like this with total of 7 hops:
A-x-x-x=x-x-x-B
None of the chains in the link know what position they’re in (except for the endpoints). They also don’t know how long the whole tunnel is. The sender and receiver only know their parts of the tunnel. On the dht side, by design no single router has a whole view of the network, but there isn’t a whole lot of information you get from that other than knowing that person at stated ip address uses i2p, which your isp would be able to tell for example anyway just like using tor or a vpn. There’s no reason to try to obfuscate that except for getting around restrictive countries firewalls.
The way i made sense of it was like you have an envelope that is inside several other envelopes, with each envelope representing a layer of encryption. You get an envelope from kevin, so you know kevin. You open the envelope and see another envelope addressed to george, you give the envelope to him. So you know kevin and george. But the rest is unknown to you. You don’t know who the true originator of the envelope is or where the message is ultimately going.
Not a perfect analogy, but because of this the ultimate sender and receiver are blind to each others ip address. It’s layered encryption allowing this to happen which is similar to onion routing. Called garlic routing in i2p since there are some tweaks.
yeah some of the docs on the official site lean more technical than practical
similar yes but not the same. tor held together by volunteer that run nodes, i2p everyone is a node. tor good for clearnet things, i2p good for in-network things. torrenting in i2p is good for i2p, not tor. torrenting in i2p stays in the i2p network, doesn’t go through exit nodes. there’s only about 3 of those. it’s torrenting as a darknet hidden service.
Yeah, accessing the outernet was sort of an afterthought with i2p, although the proxies are handling well now…things got way better after stormy cloud came on the scene imo. you can stream clearnet videos through the 3 i mentioned. It could be better if there was outproxy switching built in like tor, i think. It was bad though before stormy cloud and often unusable, the available outproxies were very much overwhelmed. sometimes they worked but it was hit or miss.
that’s the right line of thinking. vast majority of tor users don’t contribute to the network which is held together by a comparatively small number of volunteers. by default if you’re running i2p you’re contributing (except with specific configurations). With tor, more users, same number of nodes means less bandwidth for everyone. With i2p more users means both sides go up, more nodes, more bandwidth, on average more bandwidth for everyone. Torrenting burns bandwidth but on average more users grows network capacity.
5·2 years agohere’s an i2p magnet link to the irs chain analysis talk from last year:
magnet:?xt=urn:btih:d371d4e4cb9a3760ef79e94fde0b8edf22062e49&tr=http://tracker2.postman.i2p/announce.php&dn=chainalysis-monero-presentation-to-irs-august-2023.av1.webm
gives some insight into how they do it with their analysis tool. i’ll let you draw your own conclusions based on your own risk profile, but if you’re a target and they have enough confidence with the tool, they could grow a profile and subpoena the target exchange for kyc.
do not the vpn
1·2 years agoit’s not anywhere near as popular as clearnet, see for yourself http://tracker2.postman.i2p
the top 10 have >25 seeders right now. i2p seeders tend to stick around more than clearnet ones from what i’ve seen though.
other stats copied from postman:
- Active Torrents: 18885
- Uploaded Torrents: 67640
- Active Peers: 48686, with 46591 seeders and 2095 leechers
- Announced Transfers: 199059.81 GB uploaded, 13440.98 GB downloaded
- Completed Downloads: 5274076
- Hits: 6877197
- Posted Comments: 3149
- Wishes: 364
It’s 2024 back that shit up on a dictaphone already
yes, this video is seeding in i2p
welcome!
welcome!
100% right, tor is not for torrenting, tor for clearnet
i2p for torrenting, not for clearnet
You can do multihoming, might be the easiest thing to do for a service: https://geti2p.net/spec/proposals/140-invisible-multihoming
Multihoming is a pretty simple way of load balancing and i think the way it works is the last router to announce is the one that’s used, so it should cycle through all routers periodically.
It’s also used to place i2p routers hosting a service in multiple places so it makes correlation attacks (ex downtime at exact time of a known electric outage in an area) more difficult.
Backend setup for your service
If we have a service like an http proxy service or a website available on port 6000, and 2 i2p routers, they’d both need access to that port. An outproxy may do this with port forwarding from a clean outernet connection(s) going through their proxy setup ex privoxy/haproxy/tinyproxy dns. They’re less worried about correlation attacks so the routers may be all or mostly in one area using port forwarding over lan or VM’s. A website that’s concerned about correlation attacks may have separate instances of the website running on each router in different areas, with the website’s backend syncing with the other routers in the background through other methods such as an encrypted lease-set.
Router setup
Each router needs the same exact key for the actual .i2p address. The easy way to do this is in the java router (i2p+ is good for this, install guide/official site go to service tunnels > make new server http tunnel, enter the port 6000, give it a name like “Outproxy”, private key file a name like “outproxy.dat” and make sure optimize for Multihoming is on.
Other recommended additions in your tunnel config
- Automatically start tunnel: on
- TOTAL of 16 tunnels in/out (maximum) across all routers: 3 hops for good anonymity, outproxies not concerned with their own anonymity could reduce this for more performance. If you have 2 routers, use 8 tunnels for each.
- Reduce tunnels to conserve resources: idle period 15-20 minutes, reduced count: low number like 2-3. This usually works well since the tunnels can be built back in an order of ms’s on a good i2p router and not wasting resources keeping them open. It could introduce a slight delay though. High traffic situations might make sense to leave that off.
Then save and start, key file is generated.
Copy key file and a tunnel config file
Locations for .config file and key (.dat):
/i2p/.i2p/outproxy.dat/i2p/.i2p/i2ptunnel.config.d/XX-outproxy-i2ptunnel.configThen copy the key and config files to the other i2p routers in the same locations. Shouldn’t need to go through setup with the config file present. Most important is it has the same key file, so they’ll all use the same address.
main things:
imagine you have one of those multihop vpns setup, but instead of one connection you have several different multihop vpns running at the same time, and every one of those vpns gets a new server every 10 mins. very roughly, that’s how they work. Since there’s so many paths, they’re very long, and the paths are constantly changing, it’s hard for observers to make sense of what goes where. In i2p it’s usually 7 hops each way. there may be thousands of connections at a time for each node, all changing every 10 minutes.
with both tor and i2p, we encrypt and decrypt at each hop, so no node in the chain can read messages. an observer can listen in, but they don’t know for sure what goes where, and they wouldn’t be able to understand what’s being said. in tor and i2p, this protects everyone running a node (except for exit nodes), since they maintain plausible deniability regardless of what passes through them.
i2p goes further. with the vpn analogy, you would get 2 sets of vpns: one for outgoing traffic and one for incoming. everyone else is doing the same thing, so if you want to share an image with someone the other person will run their own chain of vpns to meet with your chain of vpns to see it. you never connect directly. where the vpn analogy falls apart is since you’re routing traffic for other people in i2p, you’re also a server hop for other people. so you mix their traffic in with your own. there’s also some random noise added in all to make the life of an observer even more confusing. it’s all mixed together like cloves of a garlic bulb to make the life of an observer as hard as possible. traffic mixing and separate outbound/inbound tunnels are the major differences with garlic (i2p) and onion (tor) routing.
since tor doesn’t maintain many connections to hide your traffic in the mix with other users, tor uses stream isolation to use a different path for each website so you look like a new person each time. it uses the same set of nodes for up and down traffic like a vpn does. it does not mix traffic with peers. getting to clearnet with tor (and i2p) is a weak link since whoever runs the server has power to snoop your traffic (or inject things). but tor has many exit nodes, all automatically changing for you. there’s only 3-4 exit nodes (outproxies) in i2p.