Discuss the pros and cons of the network, dev news, tips, hacks and other useful information.
Some people criticize i2p for its small userbase and imply that this compromises its security, but they never lay out specific real life scenarios where this would be a real issue, so I call FUD.
It's slow for torrenting, but I think it's a good trade off for anonymity, especially for certain high value content more likely to be tracked.
There's not a lot of good documentation for beginners and the last time I checked their IRC it was pretty dead.
>Some people criticize i2p for its small userbase and imply that this compromises its security
It does. If I2P had an unrealistically large userbase it'd be pretty resistant to a lot of traffic analysis, as it is it has most of the same problems with state actors owning a significant portion of nodes and being capable of the usual sybil's etc. It's still just as fine as tor, which never sees these attacks actually carried out in reality.
So what's the worst a state actor could really do? Just sniff the traffic and know the route but still can't decrypt any of the data, just the true IP of the users?
The worst a state actor could do, is to be the entry point, middle man and exit point. Just talking about the network, this makes the network unable to provide deniable communication between two parties. They are able to prove conclusively who is talking to who at when. That is enough for them to arrest or kidnap users.
So, hypothetically, what would be the workaround? Ensure that both parties use devices and/or locations not normally associated with them? I'm guessing if a state actor is going to go through all that trouble they already have some people in mind whom they already have under surveillance using other means.
Not going to bother until there's a client written in a white man language like C.
And no to i2pd, C++ is a nigger language.
I believe that it's trivial to do the same thing with just the entrance and exit.
>what would be the workaround
Don't use a heavily compromised network.
>if a state actor is going to go through all that trouble they already have some people in mind
Not at all. This sort of traffic analysis is extremely easy, the machines would be doing it in every case and then they'd flag every time someone syncs up with an owned entrance and exit for review (or log it automatically after that or whatever). The entire reason that it's a concern is because it might cause surveillance to start despite the fact that your system was never compromised and you never shared personal details (the network was compromised).
>Ensure that both parties use devices and/or locations not normally associated with them
If you're using e.g. a 100% compromised network then they'll immediately see the new place you're connecting to. If you're asking about like journalistic work or you're a radical islamic preacher with confirmed terrorist relatives in the time of osama then yes, it's the usual groundwork scramble to actually find the person but that's got nothing to do with I2P/tor. If the united states government are doing this kind of correlation attack then even with a 1% chance that they own both your entrance and the exit it's very likely that you're already been flagged in this way.
The reason these lists don't matter is because feds are retarded and used a list that was supposed to have double digits of imams and their children and spun it out to 10% of normalfags in wide areas of the planet.
With just the entrance and exit, the attacker can only do timing attacks. The middle man in between cannot be identified and it is unknown whether they are two people routing through the same middle man or not. In a high usage network, this is mostly guess work. But in a sparsely used network, yes, it is trivial.
>Don't use a heavily compromised network
This. The workaround to anything compromised is to not use them, eg closed-source programs, x86 cpus, etc.
Got any hard evidence anyone has ever been doxxed using i2p? If not, I call FUD
I mean, unless you're a top tier Chinese or Russian dissident who's going to get kidnapped and disappeared by security forces, I don't think if anyone had been seriously compromised they wouldn't have sounded the alarms to the rest of the community.
>friends and family fooled/bribed/disappeared together
Imagine being powerful enough to dox a l33t darknet user but leave evidences to let someone know.
Yeah, thanks for proving you're a FUD spammer
Even anyone worth kidnapping/disappearing would have a dead hand switch set up anyway in case of such scenarios. If you're not smart enough to be the adversary of state actors, then you're not truly an adversary.
That's why they fucked up Mcfee's DMS before suiciding him.
He was a literal shit eating perv, so of course he moved in the same circle as Epstein and the kike pedophile ring. That's why he was killed. He was never a computer expert, he was a lifelong scammer, and a successful one at that. He got into computer security when computers became mainstream and that's where the money was at. Same thing with crypto.
He was a perv, but a genius for showmanship and scamming fools, i.e. the majority of humanity.
This does not place him in the same class as a true political dissident or a dark web hacker who's hiding from Interpol.
>Got any hard evidence anyone has ever been doxxed using i2p?
Call FUD on what, nigger? Nobody has said anything about doxxing, anon and I've only mentioned relating previously identified entities together.
Aren't timing attacks what they want to do anyway?
That is what they are after if they don't have access to the middleman. The nightmare scenario is you send "nigger" to me. But you don't want anyone to know it's you doing it and what the message is. So you get someone to deliver the encrypted message to another one and eventually the last one send to me. With two glownigs, at the start and end, they have to guess it's you instead of you passing someone's message. They can't really be sure it's you, unless the timing is so close and nobody is sending message at the same time. Now imagine glownigs are everywhere, everyone passing your message glows. They know for sure it's you raycis committing the worst crime ever.
Feds ITT spreading FUD as usual
The main thing is, if you're gonna use i2p or Tor for that matter you should leave it running 24/7, even if you're using it for meaningful communication / data transfer for a very small percentage of the time. That way, your adversary needs to monitor you 24/7 to hopefully capture anything incriminating. In reality, no one is going to bother doing that unless you are OBL tier terrorist and he didn't use internet anyway, so...
Does your ISP know when you're using i2p? If so, are there ways of cloaking your usage?
No way unless you are using some sort of proxy.
How is an ISP able to detect Tor traffic, but not i2p?
Should've written it better, no way to be undetected if your are not using a proxy. Just like Torbridge to hide Tor.
Is there documentation on how to proxify i2p?
> Does your ISP know when you're using i2p? If so, are there ways of cloaking your usage?
Yes, your ISP will see your IP on the I2P traffic passing through.
You want to research traffic shaping.
But if you don't even know how I2P works on a basic level, then you probably won't be capable of using traffic shaping tools.
If traffic shaping tools help with anonymity, then why don't i2p devs incorporate that into their codebase?
What about proxying i2p through Tor? Any documentation for doing that?
>then you probably won't be capable of using traffic shaping tools
That's the rub, isn't it? Like, once you've learned this things they become second nature, but many of the common users don't have the interest, energy, or resources (namely time) to invest into researching and subsequently fucking up doing these things until they've learned them properly. And not just "hey it's running" but WHY is it running, and what to do.
That's why there will never be any wider adoption. You have to make it less arcane and more accessible to the average user.
I don't understand why anyone having a political profile so extreme that getting doxxed on the internet equals arrest, torture, prison or execution. Such a person shouldn't be using these services anyway because they're too obvious. Better to just obfuscate innocent looking communication and data, hiding in plain sight. There's a million creative ways of doing this. I forget the details of some true crime anecdote of some famous fugitive who was always escaping finally being completely surrounded by police who were waiting for him to surrender. He came out of the building in some innocent way, walked straight up to one of the officers and asked them who they were trying to capture. After having a casual conversation with the officer for about 5 minutes, he calmly walked away from the perimeter and escaped yet again.
This gives you a small idea of what I'm talking about.
What difference does a MITM attack make if they still can't crack the encryption of the data between passed back and forth? I don't think i2p is generally used like Tor where you go to le hidden service .onion site and hang out at your s3kr17 c1u8. It's probably more like two dissident or criminal spooks passing specific messages, instructions or data to each other. If you have access to devices other than your own, both parties can install i2p on those devices and use them. That way, the worst the gestapo could do is discover the identity and route of node a talking to node b. Not very useful information unless those devices were being used more than once, which would be dumb anyhow if you have information dangerous enough to be killed for.
Adding to this, it's important to change up your methods for each transaction. Use Tor, then use i2p, then use Tox, then use OTP, then use steganography, etc.
Another point I forget to add is that, if you are surreptitiously using someone else's device to install and use i2p, be sure to uninstall it when you're done.
>I don't think i2p is ... hidden service
There are a couple services on i2p, eg syndicate. Explore it someday.
>can't crack the encryption of the data between passed back and forth
They don't need to. Even https encrypts all data, the point is metadata kills.
>unless those devices were being used more than once
It's more about when, where and who. They can collect data points, get the pins and strings out. Classic manhunting. Eg, in an anonymous chat group, identifying who say what is enough to arrest/disappear a person. You can try that now by posting a edgy manifesto. Another example is knowing an individual chatted with another person of interest to link them together.
I was talking more about professional spooking of one kind or another, not some edgy teens in le s3kr17 /pol/ chatroom full of feds and larping with each other.
You still haven't provided any solid, verifiable or falsifiable examples of how someone gets unambiguously identified just using metadata, data points, stylometry, etc. Just seems like pie in the sky speculation and theorizing about hypothetical edge cases and so forth. Most likely, it's just fed FUDing that no one needs to take seriously.
And whenever you hear about a big bust involving le dark web, it always boils down to bad OPSec and somebody doxxing themselves in a clumsy, obvious way that even an untrained, alert person of average intelligence might spot. Of course, feds always make a big deal out of this kind of thing and parade them around the media 24/7 as a psyop to suggest that they have some kind of magic skeleton key which negates all anonymity services.
The basic goal of the FUD psyop is to discourage as many people as possible from using anonymity services to make the anonymity set as small as possible. It's also why they broke up 8pol and forced anons into smaller, scattered more easily monitored groups.
It doesn't matter, you have made up your mind. Same thing as the "source?" posters. Never did they entertain the possibility of it being correct.
A brute force algorithm can uniquely identify any person. You shouldn't believe this because no one has every done this before.
An attack described above is possible, and I did not say anything about it being common or not. You are either a retard or a fed for thinking this is FUD.
If you are a retard, I am not disagreeing with "with a car you can go anywhere you want". But there are situations a car doesn't work or breaks down. Understanding the weakness of a tool does not negate its usefulness. Knowing about it is what keeps the tool useful.
If you are a fed, you will never succeed. You are jabbed because you are forced to by your boss. Every day you tell yourself you are the "good" guys despite the creeping fear of accepting you betrayed everything you believed. All the validation you get is half-hearted. Behind you back your boss thinks when you will die from the jab so he have one less person on a suicide mission. Your family laugh at you because they know your are a traitor. Eventually you will crumble in the knowledge of you being the destroyer of which you thought you were protecting all along. Your boss will notice this and give you a break. You know you are decommissioned and is hunted down by your only friends, what awaits you is a cold death in front the corpses of your family. Your existence is erased, there is no tomb stone, not a single soul will remember you.
This is your fate. This what you chose. There is no turning back.
OK thanks for proving my suspicion that you are a clueless, larping schizo that no one needs to take seriously.
>d-don't take him seriously
Got a live one here.
Are there any imageboards on i2p that aren't:
-small userbase , means it's more susceptible to sybil attacks
-not user friendly (not a problem for me)
I thought it was immune to sybil attacks by design?
t. doesn't understand the specs
It's resistant to traditional efficient sybil attacks but most people's threat models include casual (personal) interest from state level actors with a reason to make an effort to subvert the network. Anon in his basement can't adopt a million identities on the network (without stretching his bandwidth too thin to do anything with them) but federales collectively can trivially can just slap a hundred thousand machines on to the task and be the majority of users/providers on the network.
what about lokinet?