Anonymous Network I2P 0.7.2 Released

← Back to Stories (view on slashdot.org)

Anonymous Network I2P 0.7.2 Released

Posted by timothy on Sunday April 19, 2009 @09:42AM from the layers-and-layers dept.

Mathiasdm writes "The Invisible Internet Project, also known as I2P, has seen its 0.7.2 release (download). I2P uses multiple encryption layers, and routing through several other computers to hide both sender and receiver of messages. On top of the network, regular services such as mail, browsing, file sharing and chatting are supported. This release (and all of the releases since 0.7) is at the start of a new development period, in which the I2P developers wish to spread the word about the secure network. This new release includes performance improvements, a first edition of an experimental new desktop interface and security improvements (by limiting the number of tunnels a single peer can participate in)."

47 of 231 comments (clear)

Min score:

Reason:

Sort:

Wow, way to abbreviate there by Anonymous Coward · 2009-04-19 09:44 · Score: 5, Funny

By abbreviating I2P instead of IIP they save a whole zero characters.
1. Re:Wow, way to abbreviate there by Anonymous Coward · 2009-04-19 09:46 · Score: 4, Funny
  
  Here I was thinking that it was RP, damn me and my 1337 h4x0r sk1llz
2. Re:Wow, way to abbreviate there by CarpetShark · 2009-04-19 10:17 · Score: 5, Insightful
  
  I find "I2P" quite recognisable as a "trademark", and more importantly, quite googleable, since it doesn't share namespace with myriad corporate TLAs. Works for me.
3. Re:Wow, way to abbreviate there by trust_jmh · 2009-04-19 10:26 · Score: 5, Informative
  
  By abbreviating I2P instead of IIP they save a whole zero characters.
  It is to distinguish it from another anonymous network;
  http://en.wikipedia.org/wiki/Invisible_IRC_Project
4. Re:Wow, way to abbreviate there by grodzix · 2009-04-19 10:33 · Score: 5, Funny
  
  I2P sounds better than Aye Aye Pee
  Especially if you put 'need' between 'I' & '2' [:
  
  --
  My Windows is NOT slow, it's special!
5. Re:Wow, way to abbreviate there by Anonymous Coward · 2009-04-19 10:44 · Score: 2, Interesting
  
  Can anyone compare this I2P, Invisible IRC, and Tor, etc?
  I'm just curious as to how they all differ.. and if any have any REAL usable performance.
6. Re:Wow, way to abbreviate there by DMUTPeregrine · 2009-04-19 11:40 · Score: 4, Informative
  
  I don't know IIP, but I2p has a darknet, like freenet, but also allows routing to the internet like tor. It's just as slow as any of the other onion routers, but combines good bits from freenet and tor.
  
  --
  Not a sentence!
7. Re:Wow, way to abbreviate there by Anonymous Coward · 2009-04-19 12:28 · Score: 5, Informative
  
  I2P creates an entire seperate (though visible) network that allows tcp transport where it is impossible to connect an I2P address to an IP address. It is easy to tell who is using I2P but not what they're doing on the network. I2P also (or at least used to) includes a proxy out to the full internet. I2P is usable but often times fairly slow (mostly because alot of sites are hosted on people's cable/dsl systems).
  Invisible IRC only works for IRC, and nothing else.
  Tor is more of an anonymizing proxy than an entire seperate network. It's anonymity isn't quite as good as I2P, but in general, you'll get much better transfer rates to the regular internet through tor than I2P.
  Freenet is another approach to anonymous network, but is implemented closer to a searchable, distributed, highly redundant, encrypted filesystem. It is anonymous, but only really allows publishing and reading of content, and it is pretty much impossible to have real time (or even close) communication with it.
8. Re:Wow, way to abbreviate there by Anonymous Coward · 2009-04-19 16:01 · Score: 4, Insightful
  
  Comparing I2P, Tor, and Gnunet/Freenet (so not exactly what you're asking), in order of most to least specialized:
  Gnunet and Freenet are high-latency networks set up to share files redundantly and anonymously.
  Tor is a low-latency network, which works by creating encrypted tunnels through a series of servers to proxy your internet connection anonymously. Also, there exist "hidden servers" on Tor which can only be accessed from the Tor network. They allow servers to be anonymous too. Tor can't run BitTorrent efficiently, as all connections are proxied to the normal internet, don't allow incoming connections from the normal internet, and using Tor's circuit-switched network for the many connections needed to file-share is horribly inefficient. Tor is really built for the client/server model of traditional internet browsing/hosting.
  I2P is a more generic low-latency anonymous network. Its nodes can talk to each other anonymously, and it allows other specialized applications to run over it. There is a set of applications for it to make it function similar to Tor and proxy your internet. BitTorrent can also be run on it efficiently to share between I2P users.
  Closer comparisons between I2P and Tor:
  Tor builds circuits between servers which hold whole connections. I2P packet-switches allowing each packet to find an efficient path (its own circuit in Tor-speak). So I'd guess that I2P would be quicker than Tor in many cases, by utilizing more paths efficiently.
  Personally, I'm more confident in Tor's anonymity and network, and would use where anonymity was the #1 priority. Tor is tried-and-true, was originally researched by the US Navy, and has ties with the EFF, while I2P is "still a work in progress, and should only be used for testing or development purposes prior to the 1.0 release".
Did anyone else misread that? by _Hellfire_ · 2009-04-19 09:52 · Score: 5, Funny

I initially read that as "Anonymous Network 127.0.0.1 Released" and thought "did I miss April Fools this year?"

--
"And then I visited Wikipedia ...and the next 8 hours are a blur..."
I2P vs TOR by areusche · 2009-04-19 09:53 · Score: 2, Interesting

I'm in a bit of a rush but how is this any different then say TOR? I read over the about I2P page and it sounds like a similar setup. If I'm wrong (which I most likely am) please correct me.
1. Re:I2P vs TOR by Anonymous Coward · 2009-04-19 10:01 · Score: 5, Informative
  
  I'm in a bit of a rush but how is this any different then say TOR?
  http://www.i2p2.de/techintro.html#similar.tor
2. Re:I2P vs TOR by x78 · 2009-04-19 10:14 · Score: 4, Informative
  
  When last I used it seemed that I2P has a whole network of ".i2p" domain things that you could only access if you were a part of the I2P network.
  Tor is just a proxying service is it not?
  I think it's something like if Tor was a private network that only Tor users could access.
  
  --
  Don't panic
3. Re:I2P vs TOR by cdgeorge · 2009-04-19 10:20 · Score: 4, Funny
  
  i just googled for the above text by mistake, and google already found the entry comment. Is this fast or what?
4. Re:I2P vs TOR by rafa · 2009-04-19 10:53 · Score: 3, Interesting
  
  I believe .onion services can be created using tor as well, providing a similar service - but it's been a while since I last read about them.
  
  --
  [Science] is one of the very few things that raises human life a little above farce and gives it the grace of tragedy.
5. Re:I2P vs TOR by mrsteveman1 · 2009-04-19 12:00 · Score: 5, Funny
  
  No dammit, this is encouraging people to read things. Sure it's just a simple link this time, then sooner or later its TFA, then god forbid, TFM. We can't have that, please stop.
6. Re:I2P vs TOR by Hurricane78 · 2009-04-19 12:11 · Score: 2, Funny
  
  Don't worry. He did not link the URL. And we're not copying and pasting URL to the address bar anytime soon. (God, that was painful to even write. ^^)
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
7. Re:I2P vs TOR by chromas · 2009-04-19 12:14 · Score: 4, Funny
  
  You think that's fast? I just tried googling it and I got your comment with my reply!
8. Re:I2P vs TOR by fractoid · 2009-04-19 14:52 · Score: 3, Funny
  
  Yeah, well *I* googled and I found the post of the guy who's about to reply to me!
  
  --
  Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
9. Re:I2P vs TOR by Miseph · 2009-04-19 15:34 · Score: 5, Funny
  
  And boy were you disappointed.
  
  --
  Try not to take me more seriously than I take myself.
10. Re:I2P vs TOR by paganizer · 2009-04-19 18:59 · Score: 3, Insightful
  
  Both TOR and I2P have hidden networks only accessible if you are using the client. Interestingly, they both also have Freenet 0.5 gateways.
  When it looked like Freenet 0.5 was going to die (which it's not, people are going back to it from 0.7 in droves), I did quite a bit of testing on both TOR & I2P; I2P is MUCH more anonymous than TOR, in default configuration.
  
  --
  Why, yes, I AM a Pagan Libertarian.
Slow as usual... by blahbooboo · 2009-04-19 09:54 · Score: 2, Interesting

This is far from the first P2P to attempt hiding IP etc. I have not used this system, but all the others that have done (and do) the same thing end up with the same problem -- the system ends up being painfully slow to use.
Oh well, maybe THIS one will not be?
1. Re:Slow as usual... by c0d3g33k · 2009-04-19 10:08 · Score: 5, Insightful
  
  The question should be how slow is it compared to the speed experienced after the ISP shuts you off (or the authorities confiscate computing equipment) due to an accusation of illegal activity by the *IAA. The performance hit may seem painfully slow until compared to the slowness of 0 bps. In fact, such a system IMHO should have an easy to use toggle (desktop widget, browser plugin) so that "normal browsing" goes through the usual channels and only the limited periods of "private browsing" are experienced with full protection on. Blend in with the crowd by default and leave the security for when you really need it.
2. Re:Slow as usual... by tpwch · 2009-04-19 10:11 · Score: 5, Insightful
  
  Maybe it is slow, but currently that is the price for anonymity. If you don't think waiting a few seconds here and there is worth it for being anonymous then don't use services like this. There are plenty of people who think anonymity is worth a lot more than that. If you only want to be anonymous if its convenient and without negative side effects then you are probably not one of the ones who need to be anonymous.
  
  --
  Posted by a Debian GNU/Linux user
3. Re:Slow as usual... by blahbooboo · 2009-04-19 10:19 · Score: 3, Interesting
  
  The question should be how slow is it compared to the speed experienced after the ISP shuts you off (or the authorities confiscate computing equipment) due to an accusation of illegal activity by the *IAA. The performance hit may seem painfully slow until compared to the slowness of 0 bps. In fact, such a system IMHO should have an easy to use toggle (desktop widget, browser plugin) so that "normal browsing" goes through the usual channels and only the limited periods of "private browsing" are experienced with full protection on. Blend in with the crowd by default and leave the security for when you really need it.
  How about anonymous by using an open wireless network? Or use the coffee shop wireless network down the street? Or go to a library? There are many better options for being anonymous if you choose...
4. Re:Slow as usual... by Opportunist · 2009-04-19 10:26 · Score: 4, Insightful
  
  By that logic, any encrypted traffic instantly becomes "interesting".
  Instead I'd recommend encrypting as much as possible. The more noise, the better.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:Slow as usual... by c0d3g33k · 2009-04-19 10:29 · Score: 2, Insightful
  
  Indeed. All viable options. Until you want to connect to a personal service (email, webserver, bank, TPB etc.) on an open and untrusted network. Then your anonymity can be compromised by any enterprising kiddie monitoring the network. It's not about being anonymous via connecting from a network other than the home account, it's about being anonymous by going into stealth-mode so it's hard to determine who you are and what you are up to regardless of where you are connecting from.
6. Re:Slow as usual... by Kotoku · 2009-04-19 10:34 · Score: 2, Interesting
  
  Speed Cost Privacy Pick two. Currently privacy requires a bandwidth overheads to hide the traffic. You can pay companies for private VPN's in other countries that won't give you up, and avoid some speed hits. For most of us though we're stuck with masking our traffic on the cheap end.
  
  --
  AnimePapers.org: Anime Wallpapers Handled With Care
7. Re:Slow as usual... by gringofrijolero · 2009-04-19 10:57 · Score: 2, Insightful
  
  Any attempt at obfuscation will draw the attention of interested parties. A change from "normal" to "private" will be noticeable. Blending in means acting normal, not suddenly pulling a ski mask over your face when you're about to pull a heist.
  
  --
  Todos mis movimientos están friamente calculados
8. Re:Slow as usual... by linzeal · 2009-04-19 10:58 · Score: 2, Informative
  
  That will not hide your geographical location though.
  
  --
  An Education is the Font of All Liberty
9. Re:Slow as usual... by Darkness404 · 2009-04-19 10:59 · Score: 3, Interesting
  
  But assuming you are transmitting all needed information over HTTPS, there really isn't that much that can be detected from the script kiddy with a packet sniffer.
  
  --
  Taxation is legalized theft, no more, no less.
10. Re:Slow as usual... by FreenetFan · 2009-04-19 12:19 · Score: 3, Informative
  
  I think you have your facts wrong. :D
  It's true, if you are a Tor "exit node" that proxies to the regular internet, you will be at risk of having your IP address associated with illegal websites. But most people don't do this.
  Standard use of I2P or Tor will put you at virtually no risk whatsoever. You are just routing encrypted traffic of which you have no idea of the content.
11. Re:Slow as usual... by Znork · 2009-04-19 20:56 · Score: 4, Insightful
  
  Even better, don't only encrypt things you want encrypted. Add encrypted true random data to any mails you send, to web pages, etc. As the encrypted random data will be largely indistinguishable from actual content but impossible to decrypt it'll clog any listeners decryption capabilities, forcing them to either white list you or be stuck with a huge pile of largely undecipherable junk which may or may not contain something they might want to attempt to decrypt.
  The desire of our dear leaders to expand surveillance to everyone everywhere and take the authoritarian road is, perhaps, unstoppable, but fortunately it also creates a huge funnel collecting sand for the machinery.
Pedophiles and Terrorists by MrMista_B · 2009-04-19 10:20 · Score: 4, Insightful

Yeah, I know how this is gonna be received:
"Shit, the people of our country might be able to share free and uncensored speech and information among themselves.
Wait, I know how to fix this! Headlines! "OMG Secret Pedophile and Terrorist Network" - anyone who wants to be anonymous on the internet /must/ be a pedohile or a terrorist. If you have no pedophilia or terrorism plots to hide, you have nothing to hide!"
1. Re:Pedophiles and Terrorists by Opportunist · 2009-04-19 10:28 · Score: 5, Insightful
  
  Really?
  With data retention becoming reality in Europe, it's only a small step until employers become interested in the data. Why did my employees gather information about certain diseases? Why are they looking at job pages? Why are they looking at my competitor's page or even exchange information with him?
  As soon as data is gathered, its abuse is not far behind.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:Pedophiles and Terrorists by Nursie · 2009-04-19 12:15 · Score: 3, Insightful
  
  There is, unfortunately, a nugget of truth in there somewhere.
  None of these sorts of things, AFAICT, let you monitor what's going through your node. And that's important to me. Whilst I support free speech and the rights of people to communicate without government interference, I'm damned if my resources are going to be used to propagate child pr0n.
3. Re:Pedophiles and Terrorists by MartinSchou · 2009-04-19 23:52 · Score: 4, Insightful
  
  I'm damned if my resources are going to be used to propagate child pr0n.
  You do realise that your taxes are being used to build and maintain roads? How do you think these people manage to get children, rapists and recording equipment together in the same location? At some point a car is very very likely to be involved.
4. Re:Pedophiles and Terrorists by MartinSchou · 2009-04-20 01:20 · Score: 2, Insightful
  
  So what you're saying is that the people who do road works are taking an active role in child pornography because they helped build the roads? Or that Al Gore is responsible for the child pornography being spread via the internet? He had an active role in having the thing built (by varying degrees of 'built').
  Just because something can be abused for bad things, doesn't mean everyone involved in its creation are responsible for those bad things.
A few more features they could add by presidenteloco · 2009-04-19 10:28 · Score: 5, Interesting

I designed one of these about a decade ago and did some prototyping. Since I don't seem to have the time to realize it, here are a few extra features that could be added (if i2p does not already include these).
Encrypted-file-fragmenting, auto-globally-migrating, auto-redundant replicating "virtual" data store layer. Stored files automatically seek to be replicated enough times to be guaranteed perpetually persistent, and also seek to move to newer and better physical storage sites, and to globally distribute themselves, and auto-cache near user when needed.
With this addition, we may have the basis for, for example, a Facebook-like on-line identity avatar which is not owned by a single company like Facebook but just floats around all over the P2P network, and is truly owned by the person who it is about.
With that freeing up of the online identity from external control, we could extend it to include important identity information needed for the citizen to function in society. Medical records, different identity numbers for different government agencies, your real-world address, etc. All of these properties about you could be placed online by you following standard protocols and placed only onto a secure virtual site in the i2. Permission model would of course be default no permission, opened incrementally to authorized and authenticated other parties.
If we had this, the onus could now be placed on governments, medical systems, post offices, etc. to come to your avatar and request permission to know your address, or your medical number etc. No more change of address rigamerole. No more problems in your paperwork or medical history maintenance because you happen to move to another state or country.
etc.
It all relies on the open standards for the info and privacy protocols, and on the confidence of the person to put their info into a secure, encrypted, and non-owned virtual internet location.

--

Where are we going and why are we in a handbasket?
1. Re:A few more features they could add by cryptoluddite · 2009-04-19 14:11 · Score: 2, Interesting
  
  I designed one of these about a decade ago and did some prototyping. Since I don't seem to have the time to realize it, here are a few extra features that could be added (if i2p does not already include these).
  Here's a tip for anybody thinking of implementing something like i2p, tor, freenet, etc: if the user has to do anything and if it impacts performance it's not worth doing.
  What's needed is something simple and pervasive:
  1) compatible with regular TCP
  2) optional so it is only in effect when both the source and destination support it
  3) 'weak' so that there is not much performance impact, so there is no reason to disable it
  For sake of example, half of an xtea key can be sent by the SYN using the TCP options field and the other half provided by the server in the ACK. If the server doesn't return its half then no encryption takes place. The key is permuted by the data sent/received.
  This simple scheme provides that anybody examining the TCP steam must have seen the first packets and must have followed the entire conversation, decrypting it along the way. There is no extra step involved that could introduce delays, and the state and CPU time is small enough to be not important to the end user or server. However, for anybody to wholesale monitor traffic, for whatever reason, it means they need a lot of expensive hardware. What ends up as 1% of your CPU time to decrypt a torrent requires a warehouse of servers to decrypt everybody's torrents.
  A system like this has a huge advantage over tor, freenet, etc, in that everyday normal people can have it enabled by default, especially for open-source linux, *bsd distros. The actual anonymizing networks are worthless because only those with something to hide use them, or people who are hard-core idealists (which probably also gets you on some kind of 'watch list'). Ironically, this kind of system will raise the overall cost of monitoring to a point where tor, freenet, i2p, etc become viable.
2. Re:A few more features they could add by Vu1turEMaN · 2009-04-19 15:28 · Score: 2, Interesting
  
  Most of the names in Eureka Seven were mash-ups of famous musical artists or scientists, so I assumed that when they used Greg Egan it was another mashup. Apparently the real Greg Egan had some input into the storyline of the anime when it came to theories of the end of the world.
  And while I'm not a lunatic when it comes to watching anime, currently there are quite a few shows that have higher quality storylines and characters than the normal slop they throw on TV in the US. The mainstream stuff is usually bad, and it gives the genre in general a bad stereotype, so it always pays to find something good.
Re:First post? by Klaus_1250 · 2009-04-19 11:13 · Score: 4, Informative

I've been using I2P on-and-off for quite a while, and it is way faster than 2Kbps. BitTorrent over I2P can reach speeds of 50KBps and it could probably go faster if there was a mature BitTorrent client for I2P. Latency is low as well. Overall, I2P is much more usable than TOR.

--
It only takes one man to change the Wisdom of the Crowd to Tyranny of the Masses.
Re:First post? by CarpetShark · 2009-04-19 11:18 · Score: 2, Interesting

Doesn't sound half bad when you put it like that :)
No HTTPS support by thasmudyan · 2009-04-19 12:16 · Score: 5, Insightful

From their FAQ:

Within I2P, there is no need for HTTPS, as all traffic is encrypted end-to-end.
Sorry, I had to laugh a bit there. That's VERY naive. In anonymizing networks, HTTPS is the only thing that protects you from possibly corrupt exit nodes by encrypting the traffic between your browser and the destination webserver. To claim I2P doesn't need HTTPS support is misleading or at least ill-phrased.
1. Re:No HTTPS support by thasmudyan · 2009-04-19 14:19 · Score: 4, Interesting
  
  Methinks you are a bit confused, unfortunately. As sibling posters have said, I2P has no exit nodes as Tor does.
  It's not me who's confused, and sometimes it doesn't matter how many people keep insisting on wrong things, they are still wrong. Reality is not democratic.
  
  As sibling posters have said, I2P has no exit nodes as Tor does.
  Yes, it does. Do me a favor. Install I2P, change the proxy settings of your browser to localhost:4444 or whatever is configured after you start the service. You'll notice that you can, via randomly chosen exit nodes, access any HTTP URL. Now do a remote host lookup to confirm where your exit node is. This will be the moment you realize that you're wrong.
  
  HTTPS/SSL also fails with Tor's exit nodes
  No, it does not. In fact, the text you quoted proves you wrong right here: "any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption, e.g. SSL."
  See, Tor can (and does) route SSL traffic transparently between your target webserver and your browser. There is no technical reason I2P cannot do the same and I'm guessing that they simply haven't gotten around to coding that feature yet.
Re:Related to Freenet? by FreenetFan · 2009-04-19 12:31 · Score: 5, Informative

I2P doesn't do data storage like Freenet.
I2P only encrypts and anonymises the transport. It's up to you to host the services on your machine. I2P just means people can use those services (e.g. a webserver) without knowing who is hosting them, and without you knowing who is accessing them. IF you go off-line, your service goes offline too.
Freenet, on the other hand, does have an encrypted and distributed data storage layer. You can go off-line and your website will remain available.
Re:First post? by Mathiasdm · 2009-04-19 19:18 · Score: 3, Insightful

Unlike with Tor, each user is a router (especially true for high-bandwidth users). Obviously people are not a router to the regular net (as that could get people in trouble), but all users route data through the I2P network itself.
In other words, if you want high-bandwidth bittorrenting, it helps a lot to contribute bandwidth yourself (makes you well-integrated). This keeps leechers to a slightly lower level.
Secondly, as torrents consume a lot of bandwidth, they also provide cover traffic for other people who might not more anonymity.

--
Join the anonymous, help develop the network: http://www.i2p2.de