/tech/ - Technology

Some people criticize i2p for its small userbase and imply that this compromises its security, but they never lay out specific real life scenarios where this would be a real issue, so I call FUD.

It's slow for torrenting, but I think it's a good trade off for anonymity, especially for certain high value content more likely to be tracked.

There's not a lot of good documentation for beginners and the last time I checked their IRC it was pretty dead.

>Some people criticize i2p for its small userbase and imply that this compromises its security
It does. If I2P had an unrealistically large userbase it'd be pretty resistant to a lot of traffic analysis, as it is it has most of the same problems with state actors owning a significant portion of nodes and being capable of the usual sybil's etc. It's still just as fine as tor, which never sees these attacks actually carried out in reality.

>>3607
So what's the worst a state actor could really do? Just sniff the traffic and know the route but still can't decrypt any of the data, just the true IP of the users?

>>3613
The worst a state actor could do, is to be the entry point, middle man and exit point. Just talking about the network, this makes the network unable to provide deniable communication between two parties. They are able to prove conclusively who is talking to who at when. That is enough for them to arrest or kidnap users.

>>3616
So, hypothetically, what would be the workaround? Ensure that both parties use devices and/or locations not normally associated with them? I'm guessing if a state actor is going to go through all that trouble they already have some people in mind whom they already have under surveillance using other means.

Not going to bother until there's a client written in a white man language like C.
And no to i2pd, C++ is a nigger language.

>>3616
I believe that it's trivial to do the same thing with just the entrance and exit.
>>3620
>what would be the workaround
Don't use a heavily compromised network.
>if a state actor is going to go through all that trouble they already have some people in mind
Not at all. This sort of traffic analysis is extremely easy, the machines would be doing it in every case and then they'd flag every time someone syncs up with an owned entrance and exit for review (or log it automatically after that or whatever). The entire reason that it's a concern is because it might cause surveillance to start despite the fact that your system was never compromised and you never shared personal details (the network was compromised).
>Ensure that both parties use devices and/or locations not normally associated with them
If you're using e.g. a 100% compromised network then they'll immediately see the new place you're connecting to. If you're asking about like journalistic work or you're a radical islamic preacher with confirmed terrorist relatives in the time of osama then yes, it's the usual groundwork scramble to actually find the person but that's got nothing to do with I2P/tor. If the united states government are doing this kind of correlation attack then even with a 1% chance that they own both your entrance and the exit it's very likely that you're already been flagged in this way.
The reason these lists don't matter is because feds are retarded and used a list that was supposed to have double digits of imams and their children and spun it out to 10% of normalfags in wide areas of the planet.

>>3625
With just the entrance and exit, the attacker can only do timing attacks.  The middle man in between cannot be identified and it is unknown whether they are two people routing through the same middle man or not. In a high usage network, this is mostly guess work. But in a sparsely used network, yes, it is trivial.
>Don't use a heavily compromised network
This. The workaround to anything compromised is to not use them, eg closed-source programs, x86 cpus, etc.

Got any hard evidence anyone has ever been doxxed using i2p? If not, I call FUD

I mean, unless you're a top tier Chinese or Russian dissident who's going to get kidnapped and disappeared by security forces, I don't think if anyone had been seriously compromised they wouldn't have sounded the alarms to the rest of the community.

>>3627
>doxxed
>killed/disappeared silently
>friends and family fooled/bribed/disappeared together
>leave evidence?
Imagine being powerful enough to dox a l33t darknet user but leave evidences to let someone know.

>>3633
Yeah, thanks for proving you're a FUD spammer

Even anyone worth kidnapping/disappearing would have a dead hand switch set up anyway in case of such scenarios. If you're not smart enough to be the adversary of state actors, then you're not truly an adversary.

>>3637
That's why they fucked up Mcfee's DMS before suiciding him.

>>3639
He was a literal shit eating perv, so of course he moved in the same circle as Epstein and the kike pedophile ring. That's why he was killed. He was never a computer expert, he was a lifelong scammer, and a successful one at that. He got into computer security when computers became mainstream and that's where the money was at. Same thing with crypto.
He was a perv, but a genius for showmanship and scamming fools, i.e. the majority of humanity.
This does not place him in the same class as a true political dissident or a dark web hacker who's hiding from Interpol.

>Got any hard evidence anyone has ever been doxxed using i2p?
Call FUD on what, nigger? Nobody has said anything about doxxing, anon and I've only mentioned relating previously identified entities together.
>>3626
Aren't timing attacks what they want to do anyway?

>>3662
That is what they are after if they don't have access to the middleman. The nightmare scenario is you send "nigger" to me. But you don't want anyone to know it's you doing it and what the message is. So you get someone to deliver the encrypted message to another one and eventually the last one send to me. With two glownigs, at the start and end, they have to guess it's you instead of you passing someone's message. They can't really be sure it's you, unless the timing is so close and nobody is sending message at the same time. Now imagine glownigs are everywhere, everyone passing your message glows. They know for sure it's you raycis committing the worst crime ever.

>pros
everything
>cons
nothing

Feds ITT spreading FUD as usual

The main thing is, if you're gonna use i2p or Tor for that matter you should leave it running 24/7, even if you're using it for meaningful communication / data transfer for a very small percentage of the time. That way, your adversary needs to monitor you 24/7 to hopefully capture anything incriminating. In reality, no one is going to bother doing that unless you are OBL tier terrorist and he didn't use internet anyway, so...

Does your ISP know when you're using i2p? If so, are there ways of cloaking your usage?

>>3677
No way unless you are using some sort of proxy.

>>3678
How is an ISP able to detect Tor traffic, but not i2p?

>>3683
Should've written it better, no way to be undetected if your are not using a proxy. Just like Torbridge to hide Tor.

>>3684
Is there documentation on how to proxify i2p?

>>3677
> Does your ISP know when you're using i2p? If so, are there ways of cloaking your usage?
Yes, your ISP will see your IP on the I2P traffic passing through.

You want to research traffic shaping.
But if you don't even know how I2P works on a basic level, then you probably won't be capable of using traffic shaping tools.

>>3689
If traffic shaping tools help with anonymity, then why don't i2p devs incorporate that into their codebase?

What about proxying i2p through Tor? Any documentation for doing that?

>>3689
>then you probably won't be capable of using traffic shaping tools
That's the rub, isn't it? Like, once you've learned this things they become second nature, but many of the common users don't have the interest, energy, or resources (namely time) to invest into researching and subsequently fucking up doing these things until they've learned them properly. And not just "hey it's running" but WHY is it running, and what to do.

>>3693
That's why there will never be any wider adoption. You have to make it less arcane and more accessible to the average user.

I don't understand why anyone having a political profile so extreme that getting doxxed on the internet equals arrest, torture, prison or execution. Such a person shouldn't be using these services anyway because they're too obvious. Better to just obfuscate innocent looking communication and  data, hiding in plain sight. There's a million creative ways of doing this. I forget the details of some true crime anecdote of some famous fugitive who was always escaping finally being completely surrounded by police who were waiting for him to surrender. He came out of the building in some innocent way, walked straight up to one of the officers and asked them who they were trying to capture. After having a casual conversation with the officer for about 5 minutes, he calmly walked away from the perimeter and escaped yet again.

This gives you a small idea of what I'm talking about.

What difference does a MITM attack make if they still can't crack the encryption of the data between passed back and forth? I don't think i2p is generally used like Tor where you go to le hidden  service .onion site and hang out at your s3kr17 c1u8. It's probably more like two dissident or criminal spooks passing specific messages, instructions or data to each other. If you have access to devices other than your own, both parties can install i2p on those devices and use them. That way, the worst the gestapo could do is discover the identity and route of node a talking to node b. Not very useful information unless those devices were being used more than once, which would be dumb anyhow if you have information dangerous enough to be killed for.

>>3716
Adding to this, it's important to change up your methods for each transaction. Use Tor, then use i2p, then use Tox, then use OTP, then use steganography, etc.

>>3716
Another point I forget to add is that, if you are surreptitiously using someone else's device to install and use i2p, be sure to uninstall it when you're done.

>>3716
>I don't think i2p is ... hidden service
There are a couple services on i2p, eg syndicate. Explore it someday.
>can't crack the encryption of the data between passed back and forth
They don't need to. Even https encrypts all data, the point is metadata kills.
>unless those devices were being used more than once
It's more about when, where and who. They can collect data points, get the pins and strings out. Classic manhunting. Eg, in an anonymous chat group, identifying who say what is enough to arrest/disappear a person. You can try that now by posting a edgy manifesto. Another example is knowing an individual chatted with another person of interest to link them together.

>>3720
I was talking more about professional spooking of one kind or another, not some edgy teens in le s3kr17 /pol/ chatroom full of feds and larping with each other.
You still haven't provided any solid, verifiable or falsifiable examples of how someone gets unambiguously identified just using metadata, data points, stylometry, etc. Just seems like pie in the sky speculation and theorizing about hypothetical edge cases and so forth. Most likely, it's just fed FUDing that no one needs to take seriously.

And whenever you hear about a big bust involving le dark web, it always boils down to bad OPSec and somebody doxxing themselves in a clumsy, obvious way that even an untrained, alert person of average intelligence might spot. Of course, feds always make a big deal out of this kind of thing and parade them around the media 24/7 as a psyop to suggest that they have some kind of magic skeleton key which negates all anonymity services.
Typical FUD

The basic goal of the FUD psyop is to discourage as many people as possible from using anonymity services to make the anonymity set as small as possible. It's also why they broke up 8pol and forced anons into smaller, scattered more easily monitored groups.

>>3721
>example
It doesn't matter, you have made up your mind. Same thing as the "source?" posters. Never did they entertain the possibility of it being correct.
A brute force algorithm can uniquely identify any person. You shouldn't believe this because no one has every done this before.
An attack described above is possible, and I did not say anything about it being common or not. You are either a retard or a fed for thinking this is FUD.
If you are a retard, I am not disagreeing with "with a car you can go anywhere you want". But there are situations a car doesn't work or breaks down. Understanding the weakness of a tool does not negate its usefulness. Knowing about it is what keeps the tool useful.
If you are a fed, you will never succeed. You are jabbed because you are forced to by your boss. Every day you tell yourself you are the "good" guys despite the creeping fear of accepting you betrayed everything you believed. All the validation you get is half-hearted. Behind you back your boss thinks when you will die from the jab so he have one less person on a suicide mission. Your family laugh at you because they know your are a traitor. Eventually you will crumble in the knowledge of you being the destroyer of which you thought you were protecting all along. Your boss will notice this and give you a break. You know you are decommissioned and is hunted down by your only friends, what awaits you is a cold death in front the corpses of your family. Your existence is erased, there is no tomb stone, not a single soul will remember you.
This is your fate. This what you chose. There is no turning back.

>>3724
OK thanks for proving my suspicion that you are a clueless, larping schizo that no one needs to take seriously.

>>3725
>schizo
>d-don't take him seriously
Got a live one here.

>>3732
brutal, bro

Are there any imageboards on i2p that aren't:

Russian only
Rulecucked
Dead

cons :
-small userbase , means it's more susceptible to sybil attacks
-not user friendly (not a problem for me)

pros:
literally everything

>>3757
I thought it was immune to sybil attacks by design?
t. doesn't understand the specs

>>3774
It's resistant to traditional efficient sybil attacks but most people's threat models include casual (personal) interest from state level actors with a reason to make an effort to subvert the network. Anon in his basement can't adopt a million identities on the network (without stretching his bandwidth too thin to do anything with them) but federales collectively can trivially can just slap a hundred thousand machines on to the task and be the majority of users/providers on the network.

what about lokinet?

>>3843
derail

>>3845
I'm genuinely interested

>>3850
Then create a thread, faggot

>>3799
According to some old documentation I read, I2P is supposed to have some sort of grading system assigned to nodes. If you spin up a hundred of them on the same cluster of machines at a fed warehouse, they are going to get fairly low scores in the network.

>>3843
Lokinet has been mentioned in >>>/tech/769 It's being railroaded into some sort of crypto at the moment.

best

_aAwinXsWdbGGwotlh-BrWka6BwmLRe9XAhXnE4dt0LUKzwzRB54DkC8PuGGj2C-eWY.png
[Hide] (56.2KB, 288x512)

How do i use i2p as a vpn? Can it do what orbot does with other apps?

>>4184
No. i2p is designed for eepsites only.

>>3843
it's a crypto honeypot

>>4184
there is outproxies , but these are usable only on pc version

1602059195915.gif
[Hide] (73.6KB, 277x277)

>>4184
>phoneposter
you dont belong on darknet, fucking nigger zoom sperg

>>4559
>not wanting to save electricity
>buying some expensive and underpowered 'pi' to save it even before the chip shortage

When shit hits the fan only the 5v devices will stay powered on. Solar panels are too large otherwise.

>>4560
Should have bought an iphone, android is for no brain idiots.

>>4562
Apple shit generally has shit software and costs more than cheap androids by far.

>>4562
nigger

mdb46287ycg71.jpg
[Hide] (141.1KB, 750x1748)

>>3676
>you should leave it running 24/7
>That way, your adversary needs to monitor you 24/7 to hopefully capture anything incriminating.
The reason you want to leave i2p running 24/7 is because it's possible for 3rd parties to monitor the network and collect a list of all IP addresses that are routing i2p traffic. So if you're hosting an eepsite or seeding a torrent and your node goes down, both your real IP and the eepsite/torrent will disappear from the network at the same time, and implications will be implied.

Tor has a similar problem if you run a relay and onion site on the same machine.

i2p is pozware. you telling whole world that your router is up and anyone (especially your isp) can see you in netBD. it's not censorship resilient because your peers are not obsfuscated and can easily be identified and censor can just do tcp rst on your peers. tor is unironically more secure because of bridge obfuscation where it's similar to private vps proxy, if only you know about it, no one can sniff it. and you could even do some linux gay ops like do packet defragmentation in iptables to further protect bridges from being sniffed

>>4729
>i2p is insecure because everyone knows you're using i2p
So if I don't care about that then it's fine.

>>4729
>it's not censorship resilient because your peers are not obsfuscated and can easily be identified and censor can just do tcp rst on your peers
I don't think Tor is designed to work either if every government just decided to shut down every Tor nodes they could find.  They're both designed to protect the data being shared rather than whose participating in the network itself.
Not to mention not everyone using Tor actually participates in the network, so it's definitely easier to shutdown a bunch of Tor nodes compared to i2p.
>tor is unironically more secure because of bridge obfuscation where it's similar to private vps proxy
That's not security, that's "obfuscation" I guess.  With both no one can know what's being sent and who it's being sent too (Excluding exist nodes).
I'd say it's easier to shut down / cripple the Tor Network than i2p, but it's easier for a bad actor to block someone from using i2p than Tor.  You should be using both either way since they both have different use cases anyways.
.

>>4848
>You should be using both either way since they both have different use cases anyways
Explain

>>4848
>They're both designed to protect the data being shared rather than whose participating in the network itself
No. Tor is designed to anonymize the user. If only data protection is the function, TLS would do the job. The problem of Tor is it is not hiding the fact that the user is using Tor. That means out of all Tor users, anyone siting in between doesn't know from which user the packet came from. That provides anonymity.
>Not to mention not everyone using Tor actually participates in the network
Only Tor relays participate in middle of the route. https://support.torproject.org/it/alternate-designs/make-every-user-a-relay/

>>4849
Tor is designed for clearnet access.
i2p is only for Eepsites.

abnk5p.png
[Hide] (499KB, 578x715)

>>4848
> if every government just decided to shut down every Tor nodes they could find
Tor is more centralized than that. There are only 9 directory authorities you need to take down to stop Tor working.

>>4851
i2p also supports udp and ipv6 so it can route non-web protocols like bittorrent much better.

>>4849
i2p has a built in torrent client and filesharing client, and the network structure is better designed to handle sharing those large files since everyone participating is a node.  The Tor network gets overwhelmed if many people are downloading large files, especially through the clearnet due to the smaller number of Tor exit nodes (not to mention you'll probably just be a leech).  Also, many Tor clients allegedly end up ignoring to proxy settings since they use udp.
Tor is a lot faster though and can be used to browse the clearnet, which i2p can't do out of the box.
>>4850
>No. Tor is designed to anonymize the user. If only data protection is the function, TLS would do the job.
I did clarify that later, though my first statement was pretty unclear
<With both no one can know what's being sent and who it's being sent too (Excluding [exit]* nodes).