Slashdot Mirror

I'm interested in overlay networks. They will likely be the only way we can express opinions contrary to the neoliberal bourgeoisie. I've played with I2P. Would you care to post links for Pond, Briar, Tox, and any others?

I2P does this... https://geti2p.net/en/docs/app...

In fact, addresses within both Tor and I2P are crypto public keys.

It even has a distributed filesystem.

This is a primary reason why I2P (Invisible Internet Project) exists. Its much less centralized than Tor, mixes other peoples' traffic with yours by default, and over the years has typically used stronger encryption than Tor. Its just more private and secure overall.

The people who make the TAILS distro recognize Tor's shortcomings which is why they include I2P along with Tor. I2P isn't built to outproxy to the regular web (although it can), but you do get the ability to do fully decentralized/anonymized messaging and torrents, for instance, along with hidden websites. On top of being more private than Tor, its a protocol that's meant for general purpose use.

https://geti2p.net/en/

Here you go: https://geti2p.net/en/

Best I've found so far.

I2P is (or seems) good for anonymously accessing eePsites, but it's not particularly useful for general browsing. And as of now there only seems to be one outproxy, which makes it even worse.

Of course, it won't work.

OTOH, Skype and Bittorrent had successful models for scaling up: People were configured by default to add their bandwidth to the pool. In bittorrent's case, your throughput suffered if you were stingy about contributing.

I2P is probably the closest networking layer there is to combining the goals of Tor with the methods of Skype and bittorrent. It is both highly decentralized and onion-like, and has been steadily improving for well over a decade now. If you happen to have a TAILS disc, its included. However, its not designed to access the regular Internet so much as replace it.

There is one way... http://geti2p.net/

They have an android version in alpha, too, but its mainly a PC/server networking layer.

The thing to remember about plain encryption is that it still shows a lot of metadata: the Who, When, and Where of all your communications. It should be paired with an anonymizing network layer like I2P if you want to minimize leakage of that info.

People have to stop hanging their hopes for privacy on HTTPS/PKI and also a network (Tor) built on the premise of accessing an insecure web.

If there is going to be any real privacy on the Internet going forward, it will have to be based on a new layer like the Invisible Internet Project (I2P). People should start using it now in a P2P fashion -- securing emails, chats, torrents and such -- and in time there is a chance the momentum will attract larger and larger web services, too. Make a habbit of telling people you can be reached at your I2P address (in this sense, it becomes no more onerous than installing an app like Skype).

sometimes

It depends on your definition of sometimes.

Using I2P obviates 1-4 in that it keeps everything encrypted end-to-end and mixes your packets with traffic from many other people (this also addresses #6 from StripedCow). Its the P2P twist on Tor-- everyone routes packets thus contributing to bandwidth and overall privacy. Make Google and your ISP irrelevant with respect to your data.

For the general populace today, your list just looks like a convoluted mess (and there is no common sense when it comes to IT... we only see the tip of the internal system iceberg at any given moment). Online privacy can't be done piecemeal, one security scheme per application; that's just a disincentive to follow through and actually use it.

As for a secure open source system, see my tagline. Qubes is hypervisor-based and enforces security to an extent that I've never seen in other desktops.

1) The 'who' and 'when' of the data exchanges is still being watched, and you might be surprised how much of that can be used as justification under the slippery legal concept of "probable cause". Yes, you may well be innocent anyway, but that doesn't prevent them from using the system over and over again to harass you.

2) They've already established a trend of admitting evidence that would normally require a warrant.

3) P2P carries more than just entertainment or files broadcast as available to everyone, and people should have a right to use it. I2P uses P2P modes of transmission to create connections that are private and secure. Does advertising to everyone that you have bandwidth to add to the network make the contents of your system open to investigation? Legalistic definitions of IT methods often go awry (...and usually against the public interest, I might add).

But its used for a lot more than just bittorrent. Its a network anonymity layer (a bit like Tor) with the important difference that everyone re-routes traffic by default and so creates the expectation of bandwidth-sharing... Nodes which don't share bandwidth might experience problems getting their own traffic forwarded.

So the task of routing packets is itself carved up among participating nodes in a decentralized P2P fashion. This has four really good side effects:

1) One's own traffic gets mixed-in with a lot of other encrypted packets

2) A much greater degree of decentralization than Tor making the network more resistant to attack

3) Nodes are more likely to behave and cooperate, as many sorts of attacks will show up as leeching

4) The flexibility to handle many different types of applications, even torrents, without staggering under the load.

I'd say that what I2P lacks is a nice user interface; Its currently stuck in a clunky 2000-ish web interface. Most of us would love to see someone with UI design skill get involved.

We get a long list of complicated half-measures from 10 years ago, especially the idea of using Tor to access commercial email providers that like to capriciously ban Tor users.

If email metadata is such a concern (because metadata=data), then does it help all that much to have people try to adjust to using PGP? I don't think it does. Giving the wiretappers the Who and When (and even Subject) of our communications doesn't jibe with the underlying goal of stopping surveillance.

The only really good encryption in this environment is the kind that effectively encrypts the Who, When and everything else... and doesn't limit you to Web browsing the way Tor normally does. TAILS already recognized the value of using I2P for comprehensive privacy, which is why they started including it in their distro years ago. The "downside" is that the other end has to use I2P as well (but that ensures end-to-end encryption, so its also a big plus).

Tor is outdated and dangerous to use because it encourages illusions like: a) 1024bit encryption is 'enough'; b) an elect group of core nodes can provide cover for everyone else (I2P makes everyone a router); c) the insecurities of the whole everyday Internet and PCs can be rectified by installing a small app, and you don't have to make technical demands on people you're communicating with.

In short: Use I2P for communications (it has a DHT-based email system, and you can even torrent fully over it) and use it with an OS built for privacy and security like TAILS or Qubes. If the recent exploits against the Tor Browser had occurred against a Qubes user, there is no way they could have discovered the user's real address or other info. That, plus put a secure open source firmware on your routers (its been revealed that the NSA breaks into routers more than anything else; garden variety crooks will probably be following suit).

You're right... the 'friends' element doesn't work at all for the applications they are supporting. The spies know the who + when of the packet delivery, which is most of the metadata they would collect anyway.

I2P makes everyone a router by default: A P2P principle which not only curbs the impulse to abuse other nodes, but attracts the widest background of re-routed packets in which to mix your own packets. Its got the best-available resistance against traffic analysis attacks, IMHO. And if VPN-like performance is desired for some applications, you can trade some anonymity for speed according to your comfort level.

For one thing, your email domain is unlikely to be taken seriously by existing email providers if you run a server from your home (and consumer ISP plans won't let you do this anyway); running it from a hosting provider would hardly improve privacy even with encryption. The call to "encrypt everything" would, for email, imply using PGP which leaves the 'who' and subject parts of the messages unencrypted.

If you want to run something really effective against corporate-state mass surveillance, then go for this. Everything is encrypted end-to-end by default, and its designed to carry everything from P2P like bittorrent to decentralized email based on DHT. It even runs on Android!

Plenty has changed. Its possible, with an IP replacement like I2P, to have a network of strong identitities that, nevertheless, start out as anonymous unknowns.

The identity/address cannot be subverted (without breaking into the user's system) and the user can then reveal personal details according to their need or comfort level. They can even do full 'out of band' verification, if its desirable to do so, only with people the user chooses to trust.

I2P uses 2048bit encryption and every user defaults to being a relay, making it much harder to attack than Tor (which has a security model that's piecemeal). It also has a decentralized email service based on DHT and supports large P2P file transfers. If the people you're communicating with are willing to run it, I2P is definitely a better choice.

I should also note that I2P runs on Android devices so it can also be quite portable (although you would want to strongly prefer Wifi connections over cellular).

I2P uses 2048bit encryption and every user defaults to being a relay, making it much harder to attack than Tor (which has a security model that's piecemeal). It also has a decentralized email service based on DHT and supports large P2P file transfers. If the people you're communicating with are willing to run it, I2P is definitely a better choice.

The move away from robust peer-to-peer to centralisation - esp. more points of failure at which all traffic passes/arrives - is absolutely undermining technical foundations.

The Internet could easily have become about all computers acting as peers, caching data for one massive net of networked data storage ("the network is the computer" taken quite literally). Instead, thanks to the desire of capitalists and governments (but I repeat myself) to control, it's very firmly split itself between producers and consumers - just the way the boys at the top like it.

http://geti2p.net/

Everyone is both a peer and a load-bearing router for the network. This has the side effect of providing better protection from traffic analysis than Tor. And their new email system is based on decentralized DHT.

Addressing the non-flesh-and-blood part of your question, two pieces of software could make a big difference if enough people adopt them: The I2P darknet (which uses stronger encryption than Tor, among other advantages), and Qubes OS which provides a large enhancement of security over what you would find in even the most hardened Linux system.

These two things stymie both the "legal" spying that was setup within ISPs and services like Google, and the ability of others to break into your systems and steal/infect stuff.

Only encrypted onion routing such as this can provide end-to-end security that does not leave reams of metadata (all of the who / when / where details of our communications) on the NSA's front porch every morning. No carrier can tell you what your addressing or NAT scheme can be, nor interfere with packet delivery in any fashion other than all-on-or-all-off. You even get to decide the number-of-hops vs speed tradeoff for different applications, and your address doubles as the cryptographic key that affirms your identity (only to the others you communicate with).

DNSSEC is a rubric of centralized control that leaves security as much subject to the secret courts and NSA "workarounds" as does PKI over IPv4.

I2P is better for sharing media files than Tor or a VPN, and its included with TAILS. It has both iMule and bittorrent, and it has played an anti-censorship role in North Korea. You can also change the hops setting to improve the speed if you don't need as much anonymity; The full number of hops can be kind of slow.

http://geti2p.net/

Maybe we need to bring back a modernized, encrypted UUCP?

Fiddle around with this: http://geti2p.net/

I2P (the Invisible Internet Project) works well as a secure Internet. You can have whatever kind of traffic on it, and choose the number of hops from 0 to 4 (merely encrypted to very anonymous). They have bittorrent, and a decentralized email system running on it that works pretty good.

Great post, Qubes looks interesting.
The rest of this reply is because I am unfamiliar with the https://geti2p.net/ address.

Here are the internet addresses from www.i2p2.i2p/index.html i.e. from inside i2p

https://geti2p.net/
https://geti2p.net/

www.i2p-project.de
www.i2p-project.de

https://www.i2p2.de
https://www.i2p2.de

The last one is probably the most common and can also be found on the Wikipedia page about I2P.

5. Protect against remote exploits with an OS like Qubes. Use its TorVM and DisposableVM features to isolate different communication domains from each other. (Certain late-model hardware configurations are best used with Qubes.)

6. Go one better than Tor and use I2P. It uses routing that is more decentralized than Tor, and since everyone shares routing bandwith by default there is bandwidth to handle virtually all kinds of traffic... even bulk transfers and bittorrent. Security is also enhanced by having more users route traffic, and by communicating only with other I2P users by default. I2P have so far been successfully testing a distributed email system (I2P-Bote) which is far less vulnerable to attack than what you find on Tor (e.g. TorMail).

I2P http://geti2p.net/

It lets you do torrents and iMule (and most other things), securely and anonymously.

http://geti2p.net/

http://www.geti2p.net/

I've been using it for over a year and it works very well. It has email, web sites, bittorrent, and emule among other things (they are working on bitcoin too). Your public key is the same as your address, and routing is highly decentralized (everyone internally routes for the network by default) so even blocking people by IP or their key address is not really possible.

IMO the best solution for this kind of thing is a distributed datastore, such as Freenet. To my experience I2P is a really great network, I wish they could have merged when they got the chance. However, it looks like I2P will implement a datastore soon, so there won't be need for Freenet at all.

...much better than FreeNet and Tor can. http://geti2p.net/

Many of the Wikileaks releases (including video files) have already been posted to I2P bittorrent trackers.

http://www.geti2p.net/

What's interesting is that I2P has been gaining popularity much more rapidly in Europe than elsewhere. I guess HADOPI-type laws are having their effect. In the far east the project is forming partnerships with dissident groups so that media files and other large data sets can be transmitted in relative safety.

Bittorrent, iMule and a distributed filesystem are available on the network which is both anonymized and highly decentralized (moreso than Tor).

There's another anonymizer on the block, and it's called I2P (Invisible Internet Project). Offers end to end encryption, a hardened web-based bittorrent client, anonymous mail, anonymous webserving and a whole host of other services. More info at: http://i2p2.de/ or http://geti2p.net/