Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Silk Road Reloaded' Launches On a Network More Secret Than Tor

Posted by timothy on from the ok-but-is-it-better? dept.

rossgneumann writes A new anonymous online drug market has emerged, but instead of using the now infamous Tor network, it uses the lesser known "I2P" alternative. "Silk Road Reloaded" launched yesterday, and is only accessible by downloading the special I2P software, or by configuring your computer in a certain way to connect to I2P web pages, called 'eepsites', and which end in the suffix .i2p. The I2P project site is informative, as is the Wikipedia entry.

32 of 155 comments (clear)

  1. can sombody say.... by ganjadude · · Score: 5, Interesting

    Honeypot???

    --
    have you seen my sig? there are many others like it but none that are the same
    1. Re:can sombody say.... by TWX · · Score: 4, Funny

      Yes. I have no speech impediments in English.

      Don't ask me to properly say, "burrito," in Spanish though, as I cannot roll my Rs...

      --
      Do not look into laser with remaining eye.
    2. Re:can sombody say.... by Ed+Avis · · Score: 3, Funny

      As an English speaker learning Spanish I found it easiest to start with the word 'corrida'. Somehow the O vowel before helped to roll the RR. After that, 'corrida de burritos'. More difficult still, 'corrida de perritos'.

      --
      -- Ed Avis ed@membled.com
    3. Re:can sombody say.... by ShanghaiBill · · Score: 5, Funny

      Honeypot???

      I downloaded it from www.fbi.gov/downloads/i2p.exe and it looks okay. Why do you think it is a honeypot?

    4. Re:can sombody say.... by ganjadude · · Score: 2

      no

      --
      have you seen my sig? there are many others like it but none that are the same
    5. Re:can sombody say.... by Strangely+Familiar · · Score: 2

      Big deal. Intelligence agencies deal in drugs to accomplish their own ends. It's called establishing trust. Look at the team members on the development of this project. They are all anonymous, as far as I can tell. I have no idea who KillYourTV is. Nor do I know who you are. For me personally, a typical citizen, I have no idea where to go or what to do to maintain my privacy. This goes beyond wanting to look up medical conditions without my ISP and government looking over my shoulder. I don't know who to trust. I think I can trust Snowden, Drake et. al., but when it comes to Phil Zimmerman, the maker of PGP, or Bruce Schneier, I wonder just a little bit more. They are public figures, and I have good confidence in them, but only like 95%. How many people and programs can I trust before my odds of misplacing my trust approach 1? How about all the developers of the major operating systems? That's literally thousands of tons of people. Can I trust that ALL the developers of Windows, Linux, Android and OSX are not paid by the NSA? I think not. I am feeling sick over this. Not for me, but for all the republics of the free world. I'll probably get most of my kicks before the whole shithouse goes up in flames. I probably already have. But my daughters might not. If the government makes sure it can get to all criminals, it also makes sure it can get to all dissenters. Even ones that blow the whistle on systemic problems, like Snowden. What government wants all its systemic problems exposed? Every democratic republic should, in theory, want all its systemic problems exposed, but in practice?

      --
      Join the IParty!
    6. Re:can sombody say.... by Crashmarik · · Score: 2

      Imagine how big the NSA's porn collection must be.

  2. Infamous Tor Network? by hodet · · Score: 2, Insightful

    One crappy drug site and the whole Tor network is now infamous.

    1. Re:Infamous Tor Network? by Anonymous Coward · · Score: 2, Insightful

      It wasn't one crappy drug site, but yes the prominent "dark web" front leader is as a result infamous. There are plenty of innocent and justified uses for systems like tor, but for the average person associates tor with drugs by mail, child porn and murder for hire thanks to the media.

    2. Re:Infamous Tor Network? by Great+Big+Bird · · Score: 4, Insightful

      How would you do a traffic study on a network that is encrypted or otherwise as private as it is?

    3. Re:Infamous Tor Network? by rmstar · · Score: 4, Insightful

      here are plenty of innocent and justified uses for systems like tor, but for the average person associates tor with drugs by mail, child porn and murder for hire thanks to the media.

      Truth be told, it's not the media. We live in a world that is far freer than many would like to acknowledge, and for most purposes tor is a hassle or pointless. The end result is that tor is mostly only used when there is a very good reason for it, and since we live in fairly free society, that reason tends to be stuff that gives tor a bad reputation.

      There is also this paradoxon that, if we lived in a society where tor would make a difference, tor would most likely not exist or be useless. This is the situation in Saudi Arabia and other similar places. This is so because the real weakness of tor is that, since it is not possible to hide the exit or entry nodes themselves, the network is easy to shut down or to filter out.

    4. Re:Infamous Tor Network? by rot26 · · Score: 3, Insightful

      "There was a study done recently" that shows anything you want it to.

      --



      To ensure perfect aim, shoot first and call whatever you hit the target
    5. Re:Infamous Tor Network? by IamTheRealMike · · Score: 5, Informative

      Why don't you watch the talk and find out?

      Actually I'll just summarise it for you. If you run a lot of Tor nodes you will eventually get picked to host a hidden service directory. Then you can measure lookups for the entries of hidden services to measure their popularity, and crawl them to find out what's on them.

    6. Re:Infamous Tor Network? by jythie · · Score: 3, Interesting

      One of the things that makes pointing this out difficult for some people though is that there are a non-trivial number of people who use it for ideological reasons, so they always have their own small community to point to as examples for legitimate use. But just like the other groups you point out, ideological usage is still not common usage since it provides an inferior network experience for mostly symbolic gains, which the average user has no use for.

    7. Re:Infamous Tor Network? by Immerman · · Score: 5, Insightful

      Bit of cognitive dissonance there. Even if the overwhelming majority of usage really is for nefarious purposes, that still implies a non-negligible minority of usage for legitimate purposes. That's not "in theory", that's in practice.

      Couple that with the fact that I suspect such claims of "overwhelming majority" are looking at bandwidth, and porn is liable to be much more bandwidth-intensive than accessing information suppressed by oppressive regimes, and you could end up with a very different picture.

      But hey, stamping out kiddie-porn is a much bigger priority than coordinating people fighting against oppressive governments that would casually murder those children instead, right?

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
    8. Re:Infamous Tor Network? by Em+Adespoton · · Score: 3, Informative

      It got closely linked with kiddie porn, has abysmal throughput and drops "non-fresh" content.

      It actually seems like the perfect solution for hosting torrent magnet files though (not so good for static content you want to sit around for any given amount of time).

    9. Re:Infamous Tor Network? by lgw · · Score: 2

      That measures hidden services traffic, not TOR traffic. I'm not surprised, with Silk Road gone, that 80% of the remaining hidden server traffic is CP - hidden services are mostly for protecting the host (which they've historically done a suspiciously terrible job of), so you expect hidden services to mostly be serving stuff that's illegal for the host. I'd guess the main use of TOR is anonymous access to normal web sites - sites which may be illegal (or just embarrassing) where the client is, but not where the server is. (Or to do something illegal or unwanted to said legal sites - in the early days, TOR was quite popular for forum trolling).

      You could probably look at total exit node traffic vs an estimate of hidden services traffic to get real numbers.

      --
      Socialism: a lie told by totalitarians and believed by fools.
  3. What's that saying again? by OzPeter · · Score: 4, Informative

    Two people can keep a secret, but only if one of them is dead

    But then, from the I2P page

    I2P is beta software since 2003. Developers emphasize that there are likely to be bugs in the software and that there has been insufficient peer review to date. However, they believe the code is now reasonably stable and well-developed, and more exposure can help development of I2P.

    So while "More secret than TOR", may be true, actually being secret is unknown by the users. But I bet the TLA LEAs will be keeping an eye on it and directing resources to test I2P limits (if they already haven't - they kinda don't like communications they can't tap)

    --
    I am Slashdot. Are you Slashdot as well?
  4. Yeah, until just now by wonkey_monkey · · Score: 5, Funny

    'Silk Road Reloaded' Launches On a Network More Secret Than Tor

    *sigh* Sure was a nice secret network we had going up until five minutes ago. Thanks a bunch, timothy!

    TL;DR - shut uuuuuuup!

    --
    systemd is Roko's Basilisk.
    1. Re:Yeah, until just now by smallfries · · Score: 2

      Only if he is close to the first echo. Otherwise it could be any volume when it finally passes him by. That is just the price that he pays for his privacy.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
  5. Security by obscurity? by gstoddart · · Score: 2

    So, does this provide any actual additional security, or is is just security by obscurity because nobody is using it?

    If it's just security by obscurity ... well, good luck with that.

    --
    Lost at C:>. Found at C.
  6. i2p has been around for a while by nimbius · · Score: 4, Informative

    I2P has been the successor to Tor for more than a decade, but people continue using Tor thanks to a successful campaign by media/state to maintain the protocols use in an effort to continue exploiting it and avoid having to deal with more secure alternatives. Check out fdroid.org for open source apps that enable i2p on android as well, and expect a wholesale ban on i2p traffic in the near future.

    --
    Good people go to bed earlier.
    1. Re:i2p has been around for a while by Rosco+P.+Coltrane · · Score: 2

      Tor has something i2p doesn't: exit nodes (or outproxies, in i2p parlance). That's what keeps me on Tor, despite the fact that most exit nodes are probably ran by state surveillance agencies: I use it to throw Google and other nosy corporations off my tracks when I browse the regular internet, not to escape state surveillance or buy drugs. There's no escaping the latter anyway...

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  7. What makes it 'more secret'? by fuzzyfuzzyfungus · · Score: 2

    Given that size is a fairly useful attribute for an 'anonymous' network(if the system is so small that a little traffic analysis can identify the 10 cypherpunks and couple of dozen kiddie porn enthusiasts that actually use it, it isn't too useful no matter how elegant the design), what does i2P fix about TOR to be worth the greater obscurity?

    1. Re:What makes it 'more secret'? by Em+Adespoton · · Score: 2

      In reality, the only thing making it "more secret" is the fact that you can split the communications up into small UDP packets instead of a TCP stream. That means that for certain uses, it can be more secret; but performing HTTP transactions isn't one of them.

  8. Yet Another X-Bone by jd · · Score: 4, Informative

    People have been designing virtual networks for decades. I2P is well advertised on Freenet, itself a well-known secure network.

    Nothing new here. The security and reliability of none of this software is proven, it may not even be provable due to the distributed nature. That reduces the problem to one of how many people you're ok with knowing what you're doing.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  9. Re: Copping by Anonymous Coward · · Score: 2, Insightful

    That involves:
    - Leaving your basement
    - Knowing what areas to go/people to ask
    - Having a network of real world friends who can point you to the above
    - Having a basic level of street smarts and socialisation to reduce your chances of being scammed/robbed/murdered/busted by cops
    - Not being shit scared of approaching people who could personally harm you

    You may think the above isn't such a big deal, but to a large number of people to whom silkroad etc appeals, it is as daunting to them as setting up an encrypted currency exchange network and hidden virtualised proxy server that can withstand attacks from both law enforcement and the online equivalent of your local gangland thugs is to you.

  10. Just to be sure, compile it from source by Anonymous Coward · · Score: 2, Funny

    I downloaded it from www.fbi.gov/downloads/i2p.exe and it looks okay. Why do you think it is a honeypot?

    You should download the source code and compile it yourself. Be sure to use the compiler that is supplied as part of the package.

    www.fbi.gov/downloads/i2p/sources/WindowsFullPackage.zip .

    1. Re:Just to be sure, compile it from source by slashdotwannabe · · Score: 2

      But if you are using the supplied compiler then it could still be compromised. The compiler could be programmed to inject the malicious code.

      I felt a great disturbance in the Force, as if millions of voices suddenly cried out WHOOOSH and were suddenly silenced. I fear something terrible has happened.

      --
      This comment is my opinion and does not represent an official position of Donald Trump or others I do not work for
  11. Re:It's not the network. by Anonymous Coward · · Score: 2

    propaganda implying TOR had been broken

    TOR's own developers admit that PRISM-level metadata collection is sufficient to break the anonymity of TOR.

    Millions of idiots pay for millions of servers with credit cards in their own names. What made this idiot special, other than being able to track the packet to the server through the onion?

    Was this the case where the government claimed they connected to the server and got an IP address? Where other people took the computer configuration the government released in the trial and discovered that they got a mysqladmin page but no IP address?

  12. Re:It's not the network. by tnk1 · · Score: 2

    The minute the government presented a valid means of compromising the network, it ceased mattering whether they actually had or not. The resources to make the compromise happen are relatively trivial compared to cracking/bypassing the actual scheme. Those resources are completely within the capability of the government to allocate, so as long as they *can* overwhelm the network with their own nodes, they can do so any time they wish to.

    It's much like demonstrating that you can break a previously unbreakable padlock by defeating a weakness in it with a few flathead screwdrivers used in the right way. Yeah, you need a screwdriver, but you can get those. At that point, you don't bother asking yourself whether someone has actually done it. If the method is valid, you get a new padlock.

       

  13. please re-write in C by SethJohnson · · Score: 2

    Not trying to launch a debate here. I do like Java for a LOT of things. But a software router needs to be lightweight so it can run in very low-overhead environments. Tor runs nicely on settop boxes and many SOC hardware opportunities like RaspberryPI or low-end VPSs.

    The memory footprint of a JVM is going to keep a java-based software router like i2p off those devices.

    --
    $5 / month hosted VPS on linux = awesome!