Silk Road forums
Discussion => Security => Topic started by: Northwest Nuggets on September 11, 2013, 03:46 am
-
Could i2p work as an alternative to TOR until they figure out how to tackle the botnet? Is it too complicated for the average SR user? Would it fix the problems we are all having accessing the main site? Is it as safe as TOR?
www.i2p2.de
-
Could i2p work as an alternative to TOR until they figure out how to tackle the botnet? Is it too complicated for the average SR user? Would it fix the problems we are all having accessing the main site? Is it as safe as TOR?
I2P has the potential to offer better anonymity than Tor, but at its current size, it is not as safe as Tor. The one thing it currently offers that Tor doesn't is plausible deniability. Since every node relays traffic, it's difficult for a connected peer to determine whether traffic is originating from you or being relayed by you. However, overall I2P presents more problems for SR users:
1. The network has 10K - 20K concurrent nodes. Each node learns about ~200 other nodes and relays traffic for about a dozen. That means 200 other nodes will know your IP address. An adversary could spin up a few hundred nodes, and even with a lot of overlap, they could enumerate the IP addresses of most users.
2. That in itself is not so bad, because of plausible deniability, but it is extremely bad for vendors, who can be reduced to a very small geographical area. Given the size of the network, there won't be more than a handful of I2P users in any city. If LE can determine which city or geographical area a vendor lives in (trivial), it would not be hard to investigate a handful of users to identify the vendor (starting with a list obtained from the attack above).
3. A paper was recently published which demonstrates several "practical" attacks on the I2P network, including one that links users (source IP addresses) to the sites they are visiting: http://wwwcip.informatik.uni-erlangen.de/~spjsschl/i2p.pdf
4. Identifying eepsites (the equivalent of hidden services) is not as well researched and probably easier than identifying hidden services.
Problems 1 and 2 can be countered several ways. A VPN can protect against fishing expeditions on vendors; I2P has a "hidden mode" that reduces your exposure to other nodes; and presumably if we all migrated to I2P, the network would gain at least 50K users. There are still problems with these solutions.
Most SR users don't use anonymity networks the way you are supposed to use I2P. On I2P, everyone is a relay, so you are supposed to keep your client running all the time. Most SR users want to hide the fact that that they use Tor. They use leave-no-trace-behind operating systems and get on the network only when they need to. So if the average SR user gets on Tor for half an hour a day to check the status of an order, then at most we would be adding 50,000 / 48 = 1040 concurrent users at any one time, not enough to make I2P safe to use. Of course, that's an average and there are noticeable swells in activity at certain times of day, where there may be 5K - 10K SR users on Tor, who would be on I2P, but I don't think that's enough to make the network safe.
Making the network safe would require SR users to change their behavior -- AND a few hundred thousand more users. :)
Furthermore, nodes in hidden mode don't relay traffic, so if thousands of SR users joined I2P in hidden mode, they would probably DOS the network with their traffic like the botnet is doing to Tor.
There are probably other problems I haven't considered, but these alone should be sufficient to convince SR and our community not to move to I2P.
What does I2P need before it's a good alternative for SR? 500K users. A million users. Something in that range. That would probably mitigate the problems I listed above.