zzz.i2p

Development discussions
 
Tue, 05 May 2020, 10:42pm #1
dualowl
Contributor

When reading the FAQ [1] I came across one part that mentions that the IP Addresses of all I2P users are publicly available (and can be quantified into a list), what I wanted to confirm was whether this is indeed the case?

If so this troubles me as while in developed countries the mere fact that somebody is using I2P wouldn't trouble anybody, in developing countries this could be sufficient for the government to prosecute a victim.

The above seem to challenge a very important sector of I2P's intended audience - dissidents in oppressive government regimes. What is also concerning is that this isn't made clear on the landing page, which could lead somebody in such a regime to readily adopt I2P only to later receive a knock on the door from the authorities who have tracked the locations of all the users of I2P in that area.

I apologize in advance if I misunderstand anything, this is only a question from somebody not too well-acquainted with the I2P network.

Cheers,
Aaron.

[1] http://i2p-projekt.i2p/en/faq#netdb_ip

Wed, 06 May 2020, 01:51am #2
dualowl
Contributor

After some thought I realized that it is in fact ridiculously hard to create an anonymization network that isn't friend-to-friend and yet doesn't reveal the IP of everybody using it, so I can understand this. However, I still think that it should be made clear that people in oppressive regimes should use a secure proxy as an entrypoint into the network.

Wed, 06 May 2020, 11:35am #3
echelon
I2P Legend

Hi,

as I2P is a full connected network, users system needs to be reachable by other I2P nodes. Therefore it needs direct connections, hiding the IP is not possible with TCP/IP.
Friends-to-Friends networks are also just a illusion, whom of your friend do you trust your life with?
Esp, in areas like north korea, china, ... you cannot trust anyone at all. So you do not have any friends, and a frineds-netowrk does not exist.
Therefore a secure proxy as entrypoint does not exist, to. Because you cannot make it safe.

It is one point out of several issues, why a real 100% secure, low latency, anonymity network will never exist. Tools like Tor, I2P,.. will always just get near that ideal position, but never reach it.

And on a practical bullet: I2P dev time is rather limited and best used in developing the current I2P setup and protocol. Adding tasks to hide IPs with rather complex network setups does cost a lot of time and does show only limited benefit (e.g. those hidden transports in tor for e.g. china). Without a real income of Dev capacity there is not a big chance to get this work done soon or in overviewable time.

echelon

Wed, 06 May 2020, 08:22pm #4
dualowl
Contributor

echelon wrote:

It is one point out of several issues, why a real 100% secure, low latency, anonymity network will never exist. Tools like Tor, I2P,.. will always just get near that ideal position, but never reach it.

I agree that with a general free-to-use I2P network this cannot be done.
There are, however, two points which I still hold to:
1. It needs to be made more obvious that this is the case
2. There exist other non-P2P techniques to achieve this, which could potentially be suggested to those battling with (1). One of them is to use a proxy to a first world country that erases all logs. If the government in question detects a connection to the proxy they will still have no way to establish whether the proxy was used as a regular proxy for internet browsing, or for I2P purposes, and given that they have no way to get to the proxy should keep the violator safe. This of course applies only to regimes where you are actually allowed to use a proxy (e.g. China).

Thu, 07 May 2020, 06:52am #5
echelon
I2P Legend

Hi

There is no way you can circumvent a opressiv attacker which controls your network. In the end, it may cap your connection if you do not use a forced proxy which is controlled by authorities and does only allow controlled content.
Do not assume you can use any tool you like in oppresive areas.
A lot of examples have been given in Egypt, Iran, China, Pakistan, Turkey, several african statess,... in which the state did shut down the network connectivity just as they like.
Esp. proxies in non-controlled areas are cut at first, as seen in China, Iran, North Korea, Russia.
You simply cannot use any other server as the state controlled ones, which makes all chances to get a unflawed internet connection use/helpless.

So, in the end, in oppressive area you simply lost with all current technical ways.
People sometimes say "but the dictator cannot shut down the internet", but as seen above, they did already wihtout any problems.

echelon

Thu, 07 May 2020, 09:20pm #6
dualowl
Contributor

echelon wrote:

Hi

There is no way you can circumvent a opressiv attacker which controls your network. In the end, it may cap your connection if you do not use a forced proxy which is controlled by authorities and does only allow controlled content.
Do not assume you can use any tool you like in oppresive areas.
A lot of examples have been given in Egypt, Iran, China, Pakistan, Turkey, several african statess,... in which the state did shut down the network connectivity just as they like.
Esp. proxies in non-controlled areas are cut at first, as seen in China, Iran, North Korea, Russia.
You simply cannot use any other server as the state controlled ones, which makes all chances to get a unflawed internet connection use/helpless.

So, in the end, in oppressive area you simply lost with all current technical ways.
People sometimes say "but the dictator cannot shut down the internet", but as seen above, they did already wihtout any problems.

echelon

I do not argue against this, what I am saying is there is a fairly large number of regimes which are in different points in the grey area between complete control and complete freedom and I argue that the goal of a P2P network should be to secure as large an area of this grey region as possible.

For instance the meek bridges in Tor are a way to conquer the China point in this grey area - China really wants to control the network but it isn't prepared to shut down AWS/Google/etc. and because of this meek is an efficient system that manages to capture a very large audience of users who would otherwise be unable to use it.

(EDIT, for those curious here is a link to a generalized description of this approach: https://www.icir.org/vern/papers/meek-PETS-2015...).

EDIT 2: I decided it would be cool to share it on MuWire: S6n07z8ABGn20Di3CeCKcFo3DQaM88JNWqczZMTBxIw=

Last edited: Thu, 07 May 2020, 09:36pm by dualowl

Thu, 07 May 2020, 09:44pm #7
dualowl
Contributor

Some corrections re my earlier remarks: Google is in fact blocked in China, but AWS is not (and blocking AWS would have disastrous economic impact on China).

Clearnet article: https://www.chinafile.com/Punching-Hole-Great-F...

Fri, 08 May 2020, 05:45pm #8
zzz
Administrator
Zzz

Java I2P does not support connection through a proxy. I believe that the C++ router i2pd does.

Sat, 09 May 2020, 04:40pm #9
Qubes
I2P Legend

You can take a look at cjdns or yggdrasil to see if those networks can solve some of your concerns. My experience shows differently but I don't want to speculate for your case.

PyBitmessage is the only battle tested network if your OS is hardened enough.

Welcome to i2p!