Silk Road forums
Discussion => Security => Topic started by: PerPETualMOtion on June 16, 2013, 11:43 pm
-
As far as I can tell, i2p is no where near as robust as TOR. It still seems to be in its adolescence. Does anyone have any inputs about i2p.
Also thinking about setting up a TOR hidden service to launch my 501(c)(4) for In BTC We Trust, which will inevitably link with BTC development and a few other open source projects.
Cheers.
-
It does some things better than Tor, and some things worse.
Here's a thorough analysis:
http://dkn255hz262ypmii.onion/index.php?topic=170508.msg1216201#msg1216201
-
Generally speaking, for standard, vanilla configurations.
I2P's biggest concern is long term intersection attacks. Client enumeration is very easy. If users are at all pseudonymous, the attacker can observe who is connected to the network during times they see traffic from the targeted pseudonym. People go offline and come back, sometimes days pass in the mean time. If Pseudonym Alice is always active when IP a.l.i.c is connected to the I2P network, and is never active when a.l.i.c is not connected to the I2P network, then the attacker can come to a pretty solid guess that a.l.i.c is Alice's IP address. Especially because after the attacker has come to this pretty good guess, they can do active attacks such as DDoS to confirm their suspicion. I mean, many of you probably don't go onto Tor for days at a time on occasion. If you don't go onto I2P for days at a time, people might notice that you are not posting. Then when you come back days later they will notice you are posting again, and they will also see the IP addresses that are part of the I2P network. They will likely correctly guess that you are the IP address that left the network when you stopped posting and joined the network right before you started posting. Of course even ignoring this, client enumeration is bad news for vendors. Since LE already knows where vendors ship from, they can therefor use client enumeration to narrow in on a likely very small set of IP addresses suspected of being the vendor. That in combination with a long term intersection attack will likely identify vendors very quickly. I2P is not really a good bet for us.
I2P's biggest advantage is also its biggest weakness imo. Path lengths are variable and all users route for all users. This means that from an internal attacker, you probably have some plausible deniability from timing attacks. If the peer you are using for hop 1 is owned by the attacker, and the Eepsite you are visiting is also owned by the attacker, they can definitely tell that you sent packets to the Eepsite, but they probably cannot say with certainty that the packets originated at you. For all they know you could have routed the packets on for somebody else. In the face of an external attacker you will not have this protection, but having some level of protection against even only internal timing attacks is a very nice feature.
Tor's biggest concern is timing attacks. If the attacker can watch your traffic enter the network and arrive at its' destination, then you are pretty much fucked. This can happen if your entry guard is bad and your exit node is bad, it can happen if your entry guard is bad and the website you are visiting is bad, it can happen if your entry guard is bad and the website you are visiting is being externally monitored, it can happen if you are being externally monitored and your exit node is bad, it can happen if you are being externally monitored and the site you are visiting is being externally monitored, it can happen if you are being externally monitored and the HSDIR you connect to is bad, it can happen if you have a bad entry guard and the HSDIR you connect to is bad, it can happen if you have the same entry guard as the hidden service you are connecting to, it can happen if your entry guard is bad and the hidden services introduction point is bad, it might be able to happen if your entry guard is bad and the final node you use while connecting to the HSDIR is bad, it might be able to happen if your entry guard is bad and the final node you use while connecting to the introduction point is bad, and I cannot even finish typing out more combinations of bad shit that could happen that could link you to the websites you are visiting because my hands are cramping up. Entry guards somewhat help alleviate this, but they rotate frequently enough that it is pretty much just a matter of time before somebody gets you with a timing attack if they want to badly enough.
Tor has the potential to be quite well protected from long term intersection attacks because of entry guards and the fact that most clients are not also routing nodes. This makes it much harder to enumerate the entire list of client IP addresses. Most attackers who could manage to do a long term intersection attack against Tor wouldn't even need to because they could do timing attacks against everybody and totally deanonymize the entire network. Of course unless you use bridges, and until directory guards are implemented, Tor connects directly to the authority servers to bootstrap if it has been offline for more than about 24 hours. This means that monitoring the directory authority servers works for client enumeration. Thankfully this is in the process of being corrected though.
-
Also thinking about setting up a TOR hidden service to launch my 501(c)(4) for In BTC We Trust, which will inevitably link with BTC development and a few other open source projects.
What's the nature of your organization?
-
Also thinking about setting up a TOR hidden service to launch my 501(c)(4) for In BTC We Trust, which will inevitably link with BTC development and a few other open source projects.
What's the nature of your organization?
It's still in its intellectual development, but the goals are to promote knowledge and use of BTC, with emphasis on anonymity and security with regard to personal identity. A 501(c)(4) is to improve "social welfare", and the primary mission is public education. I've started the mission here, since I feel that the audience is appropriate for testing its purpose and success. I have a partner that works on a massive organic farm, so that will ultimately tie into a complementary 501(c)(3), providing food from anonmyous (BTC, cash, etc.) donors that still may want to remain private.
There has been no transactions to date, but the campaign has already begun to help others equip themselves with tools to protect their identity in a rapidly advancing technological world. The next step I am working on is a web server on TOR and on Clearnet to leapfrog off of the excellent resources, in order to launch the world into the world of privacy at a faster rate. Additionally, I am considering offering physical locations for TOR access to the public, such as an internet cafes.
Take Care.