Author Topic: i2p's "themarketplace" is the most secure marketplace on the darknet  (Read 2270 times)

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
http://www.reddit.com/r/themarketplace/comments/1rzqhy/a_howto_guide_to_accessing_themarketplace/

If anyones wondering what exactly this is, its just like SR, except its on the i2p network. The i2p network is just like tor, except its alot safer for site operators to run and they cant be located if they get a ton of traffic like they can on tor. The difference when you run i2p instead of tor is that you have to let it run for 5 minutes before you are connected to the network. No big deal, go do some pushups.

The big difference? this site has p2p escrow, that means youre not putting all your money into someone elses wallet. The administrator still has the power to release escrow to the winner, but he cant steal the escrow money without buyer or seller consent. This is called "2 of 3" signatures, meaning 2 of 3 parties have to consent to which direction the escrow gets released. The site is still in development but it has more features than SR1 or 2 has and is fully functional. Give it a look, download i2p

http://www.i2p2.de/download

Run it. Let it sit for 5 minutes or so, then type in the address bar:

themarketplace.i2p

it will say "eepsite not found in addressbook", below that it says:

Quote
Could not find the following destination:
http://themarketplace.i2p/

Click a link below to look for an address helper by using a "jump" service:

i2host.i2p jump service

 click on the 'i2host.i2p jump service' link , it will redirect to a page with some buttons on it, click on the 2nd one with the green checkmark next to it, you wont see the warning anymore and the site will load when you enter it into the address bar. then just register an account (you will need to put in your pgp, you can generate one using http://gpg4usb.cpunk.de/download.html, -if you're using tails be sure to use persistence or save your key on a separate usb or you wont be able to decrypt messages).

Thats it, just take a look, then come back in a little while, there will be more vendors coming on as tor markets continue to shutdown and steal user funds.


Quote
Obviously the ongoing development of what appears to be by far the most secure market around, is leaving
the developers little time to actually promote their site.

Having lost a little money in the Sheep heist (though nowhere near as much as some people), I'm most interested in the market that provides the best security for vendors and customers. And from what I can see, the safest option by far is The Marketplace.
(Especially given the implications that those behind Tormarket may be associated with, or the same people who ran Sheep). All payments require 2-party authorization. And PGP encryption is mandatory!

As far as I can tell, the main issue at the moment is gaining access to the site,
(no point in having the safest market around if no one can get to it) so I've devised
this walkthrough in order to help those new to i2p (as I was).

Disclaimer I'm new to reddit so you may have to bear with me while I get the hang of the formatting conventions etc.
And visiting TheMarketplace was my first experience with i2p and eepsites (the sites hosted on the i2p network)
so forgive me if I misuse any technical terms - I'll be learning along with the rest of you.

THE GUIDE

STEP 1. Download and install the TAILS operating system (If you aren't already using it).
It has the i2p package you need to reach TMP pre-installed, and is probably the safest and easiest option available.
It can be burned to DVD or installed on a USB stick (instructions on the TAILS site).

STEP 2. When you first log in to TAILS it'll automatically open the iceweasel browser and
begin connecting to the TOR network. You can close iceweasel as TOR isn't used for accessing sites on the i2p network.
Then from the Applications menu on the top-left corner, go to Internet > and select i2p .
This will start the application and bring up the i2p router console.

At this point I would advise immediately disabling javascript via the NoScript extension .
JS is a possible security risk and TheMarketplace has been designed to function fully without it.

Now it'll take a little time (5-10 mins) for i2p to find peers and to become integrated with the network,
so go take a dump, make a coffee or check how much much that stash of bitcoins is worth today. ;)

STEP 3 Now i2p has a default addressbook of sites that can be immediately accessed by opening a new tab and entering the address.
TMP is currently being added to it so soon all you'll need to do is type themarketplace.i2p in the address bar and press enter.

For now I've been using the following workaround:
Type themarketplace.i2p in the address bar and press enter.
At the moment this brings up a warning page telling you the Eepsite wasn't found in the addressbook.
It also gives you the option of using a jump service (again this won't be necessary once TMP's in the default address book).
Click the link to the stats.i2p jump service.

** STEP 4b ** The jump service'll redirect you to an information page .
Click 'Save themarketplace.i2p to private address book and continue to eepsite' and this'll take you to...
THE LOGIN PAGE

See, nuthin' to it. ;) It's a little extra effort for a lot more security.

For more info on i2p I recommend this sub , on Bitcoin this sub,
and for info on GPG (for everyone's safety
all messages must be encrypted) I recommend the main site .

I'll do my best to answer any questions (that I know the answers to) as I'm sure will TMPSchultz. Thanks.
« Last Edit: December 06, 2013, 07:43:17 pm by Loki »

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #1 on: December 06, 2013, 01:54:35 am »
SR1 got taken down by the man
Atlantis sunk and took everyone with it
Project Black Flag's capt'n drove her right into the rocks on her maiden voyage
Sheep got led to the slaughter
Black Market Reloaded had so many bullet holes it was leaking coin
SR2 ..... SR2 never got out of the sandbox before the shitstorm of market failures rained down upon it.
The Marketplace gave us our power back and no one listened.

Don't know what else to say sheep, enjoy being taken on a monthly basis.


merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #2 on: December 06, 2013, 03:00:53 am »
DO NOT USE MARKETS ON I2P IT IS NOT A SAFE NETWORK TO USE ESPECIALLY NOT FOR VENDORS. EVEN FOR CUSTOMERS IT IS NOT SAFE, CLIENT IP ADDRESS ENUMERATION IS TRIVIAL AND IF EVERYONE SWITCHES TO I2P THE NEW IP ADDRESSES WILL BE IDENTIFIED AS BEING PROBABLE USERS OF MARKETS, THE NETWORK DOESN'T HAVE ENOUGH USERS AND HAS HAD ALMOST NO RESEARCH DONE ON IT AND WHAT WE DO KNOW ABOUT IT IS THAT IT IS NOT SUITED FOR MARKETS. VENDORS USING I2P IN ITS STANDARD DEFAULT CONFIGURATION ARE AT VERY SERIOUS RISK OF BEING DEANONYMIZED AND IF THEY USE IT IN NONSTANDARD CONFIGURATIONS THEY ARE STILL PROBABLY BETTER OFF USING TOR.

Sorry for all caps but this point needs to be stressed. There is no good reason to use I2P for a market. My biggest fear is that LE is running this market to try to get people to switch to I2P so they can gather all of their IP addresses. I2P by default has every node route for every other node, it is totally possible to enumerate every I2P user who is using a standard configuration, there are hardly any I2P users throughout the world and NO city has a high concentration of I2P users, some cities probably have one or zero I2P users, if a vendor ships from such a city it is going to be absolutely trivial for the feds to see the postmark on the package and then compare it to the list of IP addresses known to use I2P in that area. This is an attack we have discussed for years now, the feds certainly know about it.

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #3 on: December 06, 2013, 03:59:39 am »
DO NOT USE MARKETS ON I2P IT IS NOT A SAFE NETWORK TO USE ESPECIALLY NOT FOR VENDORS. EVEN FOR CUSTOMERS IT IS NOT SAFE, CLIENT IP ADDRESS ENUMERATION IS TRIVIAL AND IF EVERYONE SWITCHES TO I2P THE NEW IP ADDRESSES WILL BE IDENTIFIED AS BEING PROBABLE USERS OF MARKETS, THE NETWORK DOESN'T HAVE ENOUGH USERS AND HAS HAD ALMOST NO RESEARCH DONE ON IT AND WHAT WE DO KNOW ABOUT IT IS THAT IT IS NOT SUITED FOR MARKETS. VENDORS USING I2P IN ITS STANDARD DEFAULT CONFIGURATION ARE AT VERY SERIOUS RISK OF BEING DEANONYMIZED AND IF THEY USE IT IN NONSTANDARD CONFIGURATIONS THEY ARE STILL PROBABLY BETTER OFF USING TOR.

Sorry for all caps but this point needs to be stressed. There is no good reason to use I2P for a market. My biggest fear is that LE is running this market to try to get people to switch to I2P so they can gather all of their IP addresses. I2P by default has every node route for every other node, it is totally possible to enumerate every I2P user who is using a standard configuration, there are hardly any I2P users throughout the world and NO city has a high concentration of I2P users, some cities probably have one or zero I2P users, if a vendor ships from such a city it is going to be absolutely trivial for the feds to see the postmark on the package and then compare it to the list of IP addresses known to use I2P in that area. This is an attack we have discussed for years now, the feds certainly know about it.

merge, any vendor worth his salt isnt going to be using his personal IP address, thats just stupid, i mean how does anyone know how many tor users are in their town? they dont. And when it comes to correlation its more than just numbers, its when you log on, reply to messages, use the forum, they will correlate that with tor connections in your town. Even if you have a thousand tor users in your town the number that will be on at exactly the same time you are every single day is probably a very very small list. So your point is noted, but not founded.

and dont use i2p because no one uses it? maybe we never had a good reason to, well nows the reason. As far as darkmarket sites go, i2p is way way safer for site operators than tor is, they can handle ANY load, whereas we've seen BMR go down (among other reasons) just because it would be relatively easy to geolocate a hidden server if it recieves too much traffic. with i2p everyone is a node (like a relay) therefore this never happens, everyone contributes just by being connected.

have you actually taken the time to look at the site? its really well designed. for me im tired of seeing this operators abuse their power and steal from us, this site actually has taken the time and effort to give us their power so that situations like sheep never happen again. how many thousands of dollars must each vendor lose before they are willing to take that extra step?

bobbydolo

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +5/-2
  • Black Tar Specialist
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #4 on: December 06, 2013, 06:56:06 am »
DO NOT USE MARKETS ON I2P IT IS NOT A SAFE NETWORK TO USE ESPECIALLY NOT FOR VENDORS. EVEN FOR CUSTOMERS IT IS NOT SAFE, CLIENT IP ADDRESS ENUMERATION IS TRIVIAL AND IF EVERYONE SWITCHES TO I2P THE NEW IP ADDRESSES WILL BE IDENTIFIED AS BEING PROBABLE USERS OF MARKETS, THE NETWORK DOESN'T HAVE ENOUGH USERS AND HAS HAD ALMOST NO RESEARCH DONE ON IT AND WHAT WE DO KNOW ABOUT IT IS THAT IT IS NOT SUITED FOR MARKETS. VENDORS USING I2P IN ITS STANDARD DEFAULT CONFIGURATION ARE AT VERY SERIOUS RISK OF BEING DEANONYMIZED AND IF THEY USE IT IN NONSTANDARD CONFIGURATIONS THEY ARE STILL PROBABLY BETTER OFF USING TOR.

Sorry for all caps but this point needs to be stressed. There is no good reason to use I2P for a market. My biggest fear is that LE is running this market to try to get people to switch to I2P so they can gather all of their IP addresses. I2P by default has every node route for every other node, it is totally possible to enumerate every I2P user who is using a standard configuration, there are hardly any I2P users throughout the world and NO city has a high concentration of I2P users, some cities probably have one or zero I2P users, if a vendor ships from such a city it is going to be absolutely trivial for the feds to see the postmark on the package and then compare it to the list of IP addresses known to use I2P in that area. This is an attack we have discussed for years now, the feds certainly know about it.

merge, any vendor worth his salt isnt going to be using his personal IP address, thats just stupid, i mean how does anyone know how many tor users are in their town? they dont. And when it comes to correlation its more than just numbers, its when you log on, reply to messages, use the forum, they will correlate that with tor connections in your town. Even if you have a thousand tor users in your town the number that will be on at exactly the same time you are every single day is probably a very very small list. So your point is noted, but not founded.

and dont use i2p because no one uses it? maybe we never had a good reason to, well nows the reason. As far as darkmarket sites go, i2p is way way safer for site operators than tor is, they can handle ANY load, whereas we've seen BMR go down (among other reasons) just because it would be relatively easy to geolocate a hidden server if it recieves too much traffic. with i2p everyone is a node (like a relay) therefore this never happens, everyone contributes just by being connected.

have you actually taken the time to look at the site? its really well designed. for me im tired of seeing this operators abuse their power and steal from us, this site actually has taken the time and effort to give us their power so that situations like sheep never happen again. how many thousands of dollars must each vendor lose before they are willing to take that extra step?

Does i2P have a browser bundle like Tor that is just DL and go with the browser already configured to the correct settings for maximum anonymity?Or do I have to do a bunch of technical shit? I'm stoned and it could def wait if its gonna hurt my brain. I just don't know to much about it. The ease of the initial Tor Browser use is exactly what attracted me to tor, and that opened the flood gates for encryption, VM, WHOINX(which Im having a problem with if anybody has a second to pm me).
Black tar $90/G

GameOn

  • Jr. Member
  • **
  • Posts: 72
  • Karma: +4/-0
  • krym0re
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #5 on: December 06, 2013, 08:05:03 am »
DO NOT USE MARKETS ON I2P IT IS NOT A SAFE NETWORK TO USE ESPECIALLY NOT FOR VENDORS. EVEN FOR CUSTOMERS IT IS NOT SAFE, CLIENT IP ADDRESS ENUMERATION IS TRIVIAL AND IF EVERYONE SWITCHES TO I2P THE NEW IP ADDRESSES WILL BE IDENTIFIED AS BEING PROBABLE USERS OF MARKETS, THE NETWORK DOESN'T HAVE ENOUGH USERS AND HAS HAD ALMOST NO RESEARCH DONE ON IT AND WHAT WE DO KNOW ABOUT IT IS THAT IT IS NOT SUITED FOR MARKETS. VENDORS USING I2P IN ITS STANDARD DEFAULT CONFIGURATION ARE AT VERY SERIOUS RISK OF BEING DEANONYMIZED AND IF THEY USE IT IN NONSTANDARD CONFIGURATIONS THEY ARE STILL PROBABLY BETTER OFF USING TOR.

Sorry for all caps but this point needs to be stressed. There is no good reason to use I2P for a market. My biggest fear is that LE is running this market to try to get people to switch to I2P so they can gather all of their IP addresses. I2P by default has every node route for every other node, it is totally possible to enumerate every I2P user who is using a standard configuration, there are hardly any I2P users throughout the world and NO city has a high concentration of I2P users, some cities probably have one or zero I2P users, if a vendor ships from such a city it is going to be absolutely trivial for the feds to see the postmark on the package and then compare it to the list of IP addresses known to use I2P in that area. This is an attack we have discussed for years now, the feds certainly know about it.

merge, any vendor worth his salt isnt going to be using his personal IP address, thats just stupid, i mean how does anyone know how many tor users are in their town? they dont. And when it comes to correlation its more than just numbers, its when you log on, reply to messages, use the forum, they will correlate that with tor connections in your town. Even if you have a thousand tor users in your town the number that will be on at exactly the same time you are every single day is probably a very very small list. So your point is noted, but not founded.

and dont use i2p because no one uses it? maybe we never had a good reason to, well nows the reason. As far as darkmarket sites go, i2p is way way safer for site operators than tor is, they can handle ANY load, whereas we've seen BMR go down (among other reasons) just because it would be relatively easy to geolocate a hidden server if it recieves too much traffic. with i2p everyone is a node (like a relay) therefore this never happens, everyone contributes just by being connected.

have you actually taken the time to look at the site? its really well designed. for me im tired of seeing this operators abuse their power and steal from us, this site actually has taken the time and effort to give us their power so that situations like sheep never happen again. how many thousands of dollars must each vendor lose before they are willing to take that extra step?

Does i2P have a browser bundle like Tor that is just DL and go with the browser already configured to the correct settings for maximum anonymity?Or do I have to do a bunch of technical shit? I'm stoned and it could def wait if its gonna hurt my brain. I just don't know to much about it. The ease of the initial Tor Browser use is exactly what attracted me to tor, and that opened the flood gates for encryption, VM, WHOINX(which Im having a problem with if anybody has a second to pm me).

You can always run Tails and join i2p sites
Come join the fun:
 IRC #cheers, http://silkroad5v7dywlc.onion/index.php?topic=15505.0

Dread Pirate Roberts

  • Captain
  • Administrator
  • *****
  • Posts: 566
  • Karma: +552/-41
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #6 on: December 06, 2013, 01:03:12 pm »
In some ways Loki you are correct, but you have made some very dangerous and illogical conclusions in saying so.

Silk Road will not be hosted on i2p for the foreseeable future for a number of reasons and we have already (in private) placed Silk Road on i2p for testing reasons before removing it. The issue with i2p right now is that it has no thorough research into it. Only two years ago Tor hidden services were believed to be very secure but once funding was thrown into proper research then a large number of attacks were uncovered - i2p has not had this attention and it is a poor step to assume because none have been publicly disclosed that none exist.

i2p is more ideal than Tor for peer to peer applications since that is the foundation of the network whereas Tor was designed to serve content to clients. Identification that you are a part of the i2p network is significantly easier than identifying users of the Tor network due to the peer to peer nature of it, all i2p users are in essence relays and so their IP is publicly available to connect to. However such a system makes traffic analysis against a server significantly easier.

i2p is designed to give users more protection than tor due to the relay to user ratio being significantly higher, but this comes at a cost of the traffic analysis risk. There is no chance any successful market such as Silk Road could run on i2p in it's current state and probably would be unable to do so without at least 40-50 other major services with an equal or larger sized userbase and in my view, at least x50-100 the current users. This is the primary reason behind our decision not to move onto i2p as it is far too small to host major services like ours.

We must remember, user security is imperative and right now Tor and i2p both provide similar levels of security to the end user, but the main target of any law enforcement attack will be the server of the service and the operator since it is more resource efficient to catch a central larger source of information than to chase individual users over theoretical network attacks. Let us not forget right now to our knowledge Tor is still safe and I personally believe with small improvements we can further protect the network, all attacks to date have hit the coding of the services targeted, the operators of the service or delivered an exploit through the user interface; none of which are network based flaws but human ones.

Silk Road is committed to protecting our network and we have actually already started to put relays online to help expand and improve Tor:
https://atlas.torproject.org/#search/SilkRoad
Quote 23: Criticism has plucked the imaginary flower from the chain not so that man may continue to bear the chain without consolation or fantasy but so that he may throw off the chain and cull the living flower.

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #7 on: December 06, 2013, 05:53:02 pm »
Quote
merge, any vendor worth his salt isnt going to be using his personal IP address, thats just stupid, i mean how does anyone know how many tor users are in their town? they dont.

Making the assumption that vendors are going to protect themselves from the attacks that I2P exposes them to is a bad plan. Vendors overwhelmingly don't even understand the technical details of the attacks they are exposing themselves to when they use I2P. Nobody knows how many Tor users are in their town because Tor uses entry guards and the overwhelming majority of clients don't route for other clients, and they have implemented directory guards even which greatly protects from enumeration as well.

I2P on the other hand consists of what 20,000 users and the default behavior is that all nodes route for all other nodes. You can gather the IP addresses of the majority of standard configured I2P clients without much trouble at all. Then all you need to do to find all vendors who have not protected themselves from this attack is to see where they ship from, then you compare the location of the IP addresses you enumerated to the shipping locations of vendors and perform an intersection attack. This is only one of the ways that I2P is worse than Tor for vendors and everybody else. Switching to I2P makes no fucking sense at all, it hasn't been as researched as Tor has and the research that has been done has exposed numerous flaws in it, the only significant advantage it could have over Tor is plausible deniability from internal correlation attacks but that will only work if you have it in a configuration that makes it vulnerable to the previously mentioned attack. There is really not an advantage to using I2P and it is pointless to put a market on I2P the people doing it are either doing it out of malicious intent or doing it because they are clueless. 

Quote
and dont use i2p because no one uses it? maybe we never had a good reason to, well nows the reason. As far as darkmarket sites go, i2p is way way safer for site operators than tor is, they can handle ANY load, whereas we've seen BMR go down (among other reasons) just because it would be relatively easy to geolocate a hidden server if it recieves too much traffic. with i2p everyone is a node (like a relay) therefore this never happens, everyone contributes just by being connected.

Yeah everyone is a relay and the list of IP addresses of everyone is essentially public knowledge. That can be fine, up to the point you leak your geolocation when you ship a package. Once you leak your geolocation you go from being "someone who uses I2P" to being "Someone who uses I2P in this geographic area", and I2P has so few users and they are so widely dispersed that knowing someones rough geolocation and the fact that they use I2P is enough to deanonymize them or severely degrade the size of their anonymity set. It is absurd to say that I2P is safer than Tor is for markets, there are just as many known anonymity attacks against I2P hidden services as there are Tor hidden services, in particular I2P hidden services are much weaker to intersection attacks than Tor hidden services are. Neither Tor nor I2P provide very strong anonymity for hidden services, but I would have a much higher chance of being able to use traffic analysis to deanonymize an I2P site than a Tor site. Hell, just get a list of I2P routers and DDoS them one at a time while checking the status of the hidden service, you can't do that against Tor hidden services because they don't have their IP addresses listed as routing nodes unless you idiotically configure them as routing nodes. Also, the serve while you surf attack against Tor is very likely possible against I2P and all of the I2P nodes (mostly) route so they are all vulnerable to it. What stops me from sending data streams through all of the I2P nodes I am aware of simultaneously and then DDoSing the hidden service through I2P and watching for degraded performance in one of the streams I am sending through a routing node? Also, have you even read any of the recent research of I2P? They are still finding new attacks against it, whereas Tor has been much more thoroughly analyzed at this point. Also, Tor has a ton of people researching it and I2P is essentially just a footnote in some papers as far as the academic world is concerned.

Quote
have you actually taken the time to look at the site? its really well designed. for me im tired of seeing this operators abuse their power and steal from us, this site actually has taken the time and effort to give us their power so that situations like sheep never happen again. how many thousands of dollars must each vendor lose before they are willing to take that extra step?

Have you ever actually read any of the academic anonymity literature?

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #8 on: December 06, 2013, 08:09:01 pm »
Quote
merge, any vendor worth his salt isnt going to be using his personal IP address, thats just stupid, i mean how does anyone know how many tor users are in their town? they dont.

Making the assumption that vendors are going to protect themselves from the attacks that I2P exposes them to is a bad plan. Vendors overwhelmingly don't even understand the technical details of the attacks they are exposing themselves to when they use I2P. Nobody knows how many Tor users are in their town because Tor uses entry guards and the overwhelming majority of clients don't route for other clients, and they have implemented directory guards even which greatly protects from enumeration as well.


From a users perspective i2p is as safe as anything else. From a vendors perspective, as i wrote above, no vendor should be using a internet connection that is linked to his identity to connect to tor or i2p or freenet or the next big thing. This is just reckless. Im not sure why you think that LEA couldnt simpy query all users connected to publicly known tor relays at a particular time in a geographic area. This is simple for ISP's to provide them, and seeing as there are only ever one or two ISP's in an area that have publicly admitted to rolling over for LE its not beyond a shadow of a doubt that this isnt something they already do. Im not sure why you are making a distinction between Tor and I2P on this matter, its all the same in their eyes.

If for instance a vendor had no choice but to, then they could always use a logless VPN to obscure their connection to the network.


i2p is designed to give users more protection than tor due to the relay to user ratio being significantly higher, but this comes at a cost of the traffic analysis risk. There is no chance any successful market such as Silk Road could run on i2p in it's current state and probably would be unable to do so without at least 40-50 other major services with an equal or larger sized userbase and in my view, at least x50-100 the current users. This is the primary reason behind our decision not to move onto i2p as it is far too small to host major services like ours.


I understand this concern and yes this is a very real risk. Dumping a site like SR with its current userbase into i2p would be fairly dangerous as the amount of traffic flowing to the server could reveal its location. With themarketplace however, its just begun, and as it grows so will the network and the amount of traffic flowing in all directions from the increased userbase will help to obscure its location. Other sites will spring up just like they have in Tor and just like in Tor they will help eachother hide in the network. Its hard to say what effect SR has had on the tor network as user metrics werent collected until fall of 2011, sometime after SR became known, but Tor was at one point not long ago a very tiny network with very little anonymity benefits. I2p has alot of potential, and as everyone acts as a node, has the ability to scale to much much higher levels than tor hidden services can offer. Hopefully you can look past your need for power and implement a p2p escrow system, but until then i dont think i can risk any more of my hard earned money to the integrity of anonymous persons.

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #9 on: December 06, 2013, 08:15:52 pm »
A Freenet drug forum with 2of3 multisig escrow agents would be the most secure marketplace on the darknet ever. There would be no way to seize or DOS the forum since there are no central servers. Data is redundantly stored across the network. The escrow agents, LE and hackers couldn't steal your coins with 2of3 multisig escrow.

Now we just need Bitcoin clients to support multisig transactions and Tor-to-Freenet gateways to give people easy access to the forum.

This would be the best solution by far, and freesites load about as quickly as any other network, however it takes some time for them to update, so stock would be hard to manage, and im not sure if freesites are capable of handling databases and such.

We do have two major clients with this support, bitcoin-qt and electrum. Tor to freenet gateways are less likely since tor is TCP and freenet is UDP.

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #10 on: December 06, 2013, 08:22:16 pm »
Quote
From a users perspective i2p is as safe as anything else. From a vendors perspective, as i wrote above, no vendor should be using a internet connection that is linked to his identity to connect to tor or i2p or freenet or the next big thing. This is just reckless. Im not sure why you think that LEA couldnt simpy query all users connected to publicly known tor relays at a particular time in a geographic area. This is simple for ISP's to provide them, and seeing as there are only ever one or two ISP's in an area that have publicly admitted to rolling over for LE its not beyond a shadow of a doubt that this isnt something they already do. Im not sure why you are making a distinction between Tor and I2P on this matter, its all the same in their eyes.

From a users perspective I2P is not as safe as anything else, and the fact that you would use such a gross generalization to describe the anonymity networks is just proof of your lack of knowledge regarding these systems. Tor has bridges and obfsproxy to protect from the attack you mentioned. And there is a huge difference between needing to communicate with all ISP's in all areas of interest and being able to do it yourself without interaction with the ISP. With I2P they only need to ask who this IP address is assigned to when they have narrowed in on the vendor. Switching to I2P would be horrible for the users too, if we assume that there are 20k users of I2P right now and 100,000k users of SR, think of how easy it will be to get the IP addresses of all SR users once they join the I2P network. You could probably say with greater than 95% accuracy that any of the new IP addresses are involved with SR. It is just fucking retarded it would literally lead to massive enumeration of SR users and it would certainly lead to the deanonymization of several vendors, not to mention it isn't even giving any substantial benefit other than possibly plausible deniability from internal timing attacks if you are configured in such a way that you are certainly weak to the attack I mentioned against vendors.

Quote
If for instance a vendor had no choice but to, then they could always use a logless VPN to obscure their connection to the network.

So what is the point of switching to I2P then? You are not convincing me that we should switch to a new network that we need to use VPN's and Tor to access. Why not just stick with Tor? Tor is a fail safe for stupid vendors, only an idiot wouldn't realize that if we switched to I2P a lot of the vendors wouldn't know they need to do all of these things even if we told them so and they would end up getting busted. Switching to I2P is just a horrible idea it is totally not suited for what we are doing. If you want to switch to another network look at Freenet ages before you look at I2P, Freenet actually brings new things to the table and it doesn't have as many problems for us as I2P does. The only people who would pick a network like I2P to run a market on don't know what the hell they are doing, or they have malicious intentions.

Quote
I understand this concern and yes this is a very real risk. Dumping a site like SR with its current userbase into i2p would be fairly dangerous as the amount of traffic flowing to the server could reveal its location. With themarketplace however, its just begun, and as it grows so will the network and the amount of traffic flowing in all directions from the increased userbase will help to obscure its location. Other sites will spring up just like they have in Tor and just like in Tor they will help eachother hide in the network. Its hard to say what effect SR has had on the tor network as user metrics werent collected until fall of 2011, sometime after SR became known, but Tor was at one point not long ago a very tiny network with very little anonymity benefits. I2p has alot of potential, and as everyone acts as a node, has the ability to scale to much much higher levels than tor hidden services can offer. Hopefully you can look past your need for power and implement a p2p escrow system, but until then i dont think i can risk any more of my hard earned money to the integrity of anonymous persons.

Honestly it seems like you want to switch to I2P just for the sake of switching to I2P, while having only a superficial understanding of the properties of the different networks.

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #11 on: December 06, 2013, 10:30:20 pm »

From a users perspective I2P is not as safe as anything else, and the fact that you would use such a gross generalization to describe the anonymity networks is just proof of your lack of knowledge regarding these systems. Tor has bridges and obfsproxy to protect from the attack you mentioned. And there is a huge difference between needing to communicate with all ISP's in all areas of interest and being able to do it yourself without interaction with the ISP. With I2P they only need to ask who this IP address is assigned to when they have narrowed in on the vendor. Switching to I2P would be horrible for the users too, if we assume that there are 20k users of I2P right now and 100,000k users of SR, think of how easy it will be to get the IP addresses of all SR users once they join the I2P network. You could probably say with greater than 95% accuracy that any of the new IP addresses are involved with SR. It is just fucking retarded it would literally lead to massive enumeration of SR users and it would certainly lead to the deanonymization of several vendors, not to mention it isn't even giving any substantial benefit other than possibly plausible deniability from internal timing attacks if you are configured in such a way that you are certainly weak to the attack I mentioned against vendors.


You've seem to missed the part where these are called "anonymity networks". No network conceals ones connection to it, freenet, tor, i2p, they can easily be gleaned by isps and law enforcement. VPN's help in all cases as it obscures your connection to the network, however Tor's bridges are not better than a VPN simply because they are like VPNs, but for Tor only. These networks provide plausable deniability, that is no one can prove what you are doing on it. If you are talking about guilt by association then you must be living in china or NK, better just not to connect to these networks in that case.

Quote
So what is the point of switching to I2P then? You are not convincing me that we should switch to a new network that we need to use VPN's and Tor to access. Why not just stick with Tor? Tor is a fail safe for stupid vendors, only an idiot wouldn't realize that if we switched to I2P a lot of the vendors wouldn't know they need to do all of these things even if we told them so and they would end up getting busted. Switching to I2P is just a horrible idea it is totally not suited for what we are doing. If you want to switch to another network look at Freenet ages before you look at I2P, Freenet actually brings new things to the table and it doesn't have as many problems for us as I2P does. The only people who would pick a network like I2P to run a market on don't know what the hell they are doing, or they have malicious intentions.


I2P has potential for having not just a tiny darknet site with 10k users that must close down if it ever eclipses that, but a darknet site that can scale to any size. Because everyone runs as a relay its speed wont suffer either as we had seen when the botnet came online this summer, and plausible deniability (traffic modeling and timing correlation) is increased because like freenet or a Tor relay the source of traffic cannot be gleaned, the current client-relay model of general Tor usage is actually very easy to deanonymize from a global adversaries perspective. I2p is a better model all in all, though because its been neglected little research has been done into its design. For general net surfing and small hidden services Tor works fine, but for serious business structures i2p is the way to go. As far as i know freenet isnt capable of running an e-commerce site on it, freesites are static images that must be updated in whole using a new key, like changing a files contents and having to reupload it, it doesnt work interactive sites like SR.

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #12 on: December 06, 2013, 11:49:51 pm »
Quote
You've seem to missed the part where these are called "anonymity networks".

You seem to have missed the part where Tor has bridges and obfsproxy and entry guards and freenet has darknet mode and I2P has by default all users route for other users making them super vulnerable to enumeration. Thinking anything called an anonymity network has the same exact properties as all other things called anonymity networks is just retarded. I have been researching anonymity networks for a lot of years brah I actually know what I am talking about.

Quote
No network conceals ones connection to it, freenet, tor, i2p, they can easily be gleaned by isps and law enforcement.

Wrong, Tor has entry guards and directory guards and bridges and obfsproxy all of which help protect from enumeration, freenet has darknet mode which helps protect from enumeration, the only network that by default makes enumeration trivial is I2P.

Quote
VPN's help in all cases as it obscures your connection to the network, however Tor's bridges are not better than a VPN simply because they are like VPNs, but for Tor only. These networks provide plausable deniability, that is no one can prove what you are doing on it. If you are talking about guilt by association then you must be living in china or NK, better just not to connect to these networks in that case.

Sure using a VPN can help. Tor bridges are arguably better in that they attempt to conceal that you are using any anonymizer at all. Saying Tor bridges are like Tor VPN's is pretty fucking retarded, but if that is how you want to think of it go ahead. The only network that focuses on plausible deniability is Freenet, I2P might have it to an extent, Tor doesn't focus on it at all. If you don't know the difference between intelligence and evidence maybe you should learn about things before you spout off about shit you have no clue about.

Quote
I2P has potential for having not just a tiny darknet site with 10k users that must close down if it ever eclipses that, but a darknet site that can scale to any size. Because everyone runs as a relay its speed wont suffer either as we had seen when the botnet came online this summer, and plausible deniability (traffic modeling and timing correlation) is increased because like freenet or a Tor relay the source of traffic cannot be gleaned, the current client-relay model of general Tor usage is actually very easy to deanonymize from a global adversaries perspective.

Tor hidden services can scale well enough. You can't focus on potential plausible deniability from internal timing attacks while ignoring the increased risk to other more serious attacks that come with using I2P. From a global adversary perspective Tor and I2P are equally 100% fucked.

Quote
I2p is a better model all in all, though because its been neglected little research has been done into its design. For general net surfing and small hidden services Tor works fine, but for serious business structures i2p is the way to go. As far as i know freenet isnt capable of running an e-commerce site on it, freesites are static images that must be updated in whole using a new key, like changing a files contents and having to reupload it, it doesnt work interactive sites like SR.

All of the academic researchers think that Tor is a better model. The leaked NSA slides show that the NSA thinks no other low latency anonymity network can come close to Tor. The only people who advocate strongly for I2P are people who I perceive to not have much of a clue what they are talking about.
« Last Edit: December 06, 2013, 11:57:06 pm by merge »

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #13 on: December 07, 2013, 12:34:05 am »

You seem to have missed the part where Tor has bridges and obfsproxy and entry guards and freenet has darknet mode and I2P has by default all users route for other users making them super vulnerable to enumeration. Thinking anything called an anonymity network has the same exact properties as all other things called anonymity networks is just retarded. I have been researching anonymity networks for a lot of years brah I actually know what I am talking about.


Bridges are easily enumerated, perhaps moreso since they are mainly used by people who need to hide the fact they are using tor. China used a technique where they sent a special tor connection packet to every computer to see if they would respond as a bridge would, they instantly enumated the entire bridge network. Obfsproxy3 is reported to protect against this, but its an arm race, and of course governments have thousands of people to throw at what essentially comes down to going to a few sites and emailing tor devs to collect all this info. Also Tor doesnt protect against a global adversary, not only can they detect entire traffic flows, they can see the entire network, so anyone connecting to a public relay, or anyone connecting to a bridge connecting to a public relay can be enumerated.

On that note, are we talking about NSA, NSA helping DEA, DEA on its own, or local law enforcement? These are entirely different threat models. NSA pwns tor, no hiding from them. NSA might offer help to dea, this is anyones guess. DEA/locals can query isp's in a given area, which i believe is the attack we were talking about, at least its the one i was. In this instance it doesnt matter how many hoops you give them to jump through or if you want to create a double back blindfolded super secret tunnel, it all leads back to an ip, and if you have any idea what you are doing it wont be yours.

As for freenet, which is a moot point as i have already mentioned, its darknet mode is much like tor's entry guard, except instead of 3 layers of encryption there is only 1. You have to really really trust your entry guard. otherwise if you are just running as an open node (relay) then you at least have the plausible deniability that the traffic you are sending is just relayed from another node. This once again is not going to protect you from a global adversary who can from a birds eye view see that your node, relay or no, is the one generating the traffic.

Quote
Sure using a VPN can help. Tor bridges are arguably better in that they attempt to conceal that you are trying to conceal that you are using any anonymizer at all.

fixed that for you.

Quote
All of the academic researchers think that Tor is a better model. The leaked NSA slides show that the NSA thinks no other low latency anonymity network can come close to Tor. The only people who advocate strongly for I2P are people who I perceive to not have much of a clue what they are talking about.

The absence of evidence isnt evidence of absence, but since you speak on behalf of all academic researchers ill let you take the stand.

majicmike

  • Jr. Member
  • **
  • Posts: 86
  • Karma: +4/-3
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #14 on: December 07, 2013, 12:58:38 am »
ok sorry to interupt you debate on this thread im a bit of a noob when it comes to things like this so am i right in thinking if im using TOR and i then apply tails aswell this is from a buyer and a vendors point of view that my ip can still be comprimised ie end up gettin busted i have asked this question a few times but never got a clear response and as you guys seem to know what it is you are talking about when it comes to security i thought i would post the same question to this thread.
MERRY XMAS SR2.0

…………(¯`O´¯)
…………*./ | \ .*
…………..*♫*.
………, • '*♥* ' • ,
……. '*• ♫♫♫•*'
….. ' *, • '♫ ' • ,* '
….' * • ♫*♥*♫• *'
….* , • Merry' • , *'
' …* ' •♫♫*♥*♫♫ • ' * '
'' * ' •. Christmas . •

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #15 on: December 07, 2013, 12:59:43 am »
I should mention that the issues merge is trying to argue boil down to a subsection of attacks that exist for vendors and site operators. These go something like this:

-i2p is too small and therefore not safe to run a site on-

This is true, its very small compared to tor, however tor was small at one point too and quite insecure. The "NSA can see the network and locate the servers" issue is a matter of site traffic vs network size. If the number of relays suddenly dropped from 3k to 1k and SR's traffic remained the same DPR could be located tomorrow. This is because a large amount of traffic flowing to any particular node would reveal this (this is why BMR initially was set to shut down after sheep imploded), obviously in this case its better to have more nodes doing more things than just going to one site, which tor is good at as it interfaces with the clearnet so it carries much more utility for people. For a darknet drug site on i2p, its best design is to start small like SR did and grow over time with the network. As it grows more sites will appear to carry the burden and take the heat off.

So yes, SR on i2p, bad idea, a new marketplace on i2p, good idea. Which brings us to the next concern:

-if i2p got big because of one drug site then everyone on i2p would be considered a drug user-

Well lets look at freenet, what is a distributed data storage anonymity network used for? CP of course. Is everyone connected to freenet a pedo? I suppose a better question would be, if guilt by association were a real thing then why do we have anonymous networks at all?

-i2p enumerates all connected nodes publicy and therefore vendors would be broadcasting their involvement-

This attack involves cops buying from vendors to find out what city they're in. Once they do that they contact the ISP's in that city and figure out, based on forum posts and pm's to the vendor, who was connected to the anonymous network at that particular time, this gives a small list to investigate. Some preventative measures are to use bridges and attempt to conceal ones connection to tor, however this is equivalent to using a VPN that only routes tor traffic, doesnt do much if all you traffic is going to that, in their eyes its still part of the tor network. A better solution is to use a generic VPN (most of them are) and run tor and perhaps a bunch of junk traffic like bittorrent over it, this places the entry point into tor into the VPN's servers located in some other country.

The safest approach is to never connect from an ip connected to you, so public/hacked/unsecured wifi spots are key, this way even if they do get through all your defenses they are left at nothing.

-lets say i dont want my ip to be known connecting to i2p, then what-

simple, run i2p in whonix or tails, it gets routed over tor so that your entry into the i2p network is your exit node. all the anonyimity of the tor network with all the access to a new anonymous network that can scale, unlike tor, to any size.

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #16 on: December 08, 2013, 10:21:01 am »
Quote
Bridges are easily enumerated, perhaps moreso since they are mainly used by people who need to hide the fact they are using tor. China used a technique where they sent a special tor connection packet to every computer to see if they would respond as a bridge would, they instantly enumated the entire bridge network. Obfsproxy3 is reported to protect against this, but its an arm race, and of course governments have thousands of people to throw at what essentially comes down to going to a few sites and emailing tor devs to collect all this info. Also Tor doesnt protect against a global adversary, not only can they detect entire traffic flows, they can see the entire network, so anyone connecting to a public relay, or anyone connecting to a bridge connecting to a public relay can be enumerated.

Perhaps you missed the part where it is an arms race that I2P isn't even engaging in, whereas Tor is engaging in it and having back and forth success with being able to prevent state level attackers from being able to identify bridge connections? Tor developers already have plans to prevent bridges from replying to arbitrary bridge requests, that attack is easy to defend from. I2P also doesn't protect from global adversaries anyone who says different is a fucking idiot.

Quote
On that note, are we talking about NSA, NSA helping DEA, DEA on its own, or local law enforcement? These are entirely different threat models. NSA pwns tor, no hiding from them. NSA might offer help to dea, this is anyones guess. DEA/locals can query isp's in a given area, which i believe is the attack we were talking about, at least its the one i was. In this instance it doesnt matter how many hoops you give them to jump through or if you want to create a double back blindfolded super secret tunnel, it all leads back to an ip, and if you have any idea what you are doing it wont be yours.

NSA had internal documents leaked by Snowden that show that they consider Tor to be the best low latency anonymity network by a large margin. They didn't even bother mentioning I2P.

Quote
As for freenet, which is a moot point as i have already mentioned, its darknet mode is much like tor's entry guard, except instead of 3 layers of encryption there is only 1. You have to really really trust your entry guard. otherwise if you are just running as an open node (relay) then you at least have the plausible deniability that the traffic you are sending is just relayed from another node. This once again is not going to protect you from a global adversary who can from a birds eye view see that your node, relay or no, is the one generating the traffic.

You have to trust your entry guards more than other nodes but freenet has plausible deniability, your entry guard can't tell if you requested a file or are merely routing it on for other nodes. Unless they do various attacks and wait for some period of time. Freenet isn't going to withstand a global external adversary that is also largely internal, but it still seems better than Tor and I2P, both of which are not going to resist a global external adversary even if the adversary isn't internal at all.

Quote
Quote
Sure using a VPN can help. Tor bridges are arguably better in that they attempt to conceal that you are trying to conceal that you are using any anonymizer at all.

fixed that for you.

No you didn't really fix it for me at all. Bridges attempt to conceal that you are using any anonymizer at all. Of course this also entails concealing that you are trying to conceal that you are using any anonymizer at all. You could get infinitely recursive if you want, but you are just babbling at that point.

Quote
Quote
All of the academic researchers think that Tor is a better model. The leaked NSA slides show that the NSA thinks no other low latency anonymity network can come close to Tor. The only people who advocate strongly for I2P are people who I perceive to not have much of a clue what they are talking about.

The absence of evidence isnt evidence of absence, but since you speak on behalf of all academic researchers ill let you take the stand.
[/quote]

I2P hasn't even had hardly any research done on it at all. The academic world has turned mostly a blind eye toward it. Only recently has it had any papers at all released on it, and they were papers demonstrating various attacks. Why not listen to what Jacob Appelbaum has to say about I2P?

Quote
This is true, its very small compared to tor, however tor was small at one point too and quite insecure. The "NSA can see the network and locate the servers" issue is a matter of site traffic vs network size. If the number of relays suddenly dropped from 3k to 1k and SR's traffic remained the same DPR could be located tomorrow. This is because a large amount of traffic flowing to any particular node would reveal this (this is why BMR initially was set to shut down after sheep imploded), obviously in this case its better to have more nodes doing more things than just going to one site, which tor is good at as it interfaces with the clearnet so it carries much more utility for people. For a darknet drug site on i2p, its best design is to start small like SR did and grow over time with the network. As it grows more sites will appear to carry the burden and take the heat off.

No it isn't a matter of site traffic vs network size. If Tor had 1,000,000,000 relays and the attacker just happened to own the entry guards of a hidden service they would still be able to deanonymize it. It is only probabilistically related to network size. Site traffic has even less of an effect in regards to many attacks, only a certain traffic volume intersection attack comes to mind. Also it is total bullshit that if the number of Tor relays dropped from 3k to 1k that DPR could be located tomorrow. First of all because Tor uses entry guards all of the traffic to hidden services is concentrated at the guard nodes regardless of how many other nodes are on the network, making it just as vulnerable to traffic volume intersection attacks with 3,000 nodes or 30,000 nodes. Second of all, you want to know the best way to deanonymize a new drug site on I2P? Have a few nodes to do total client enumeration. Keep track of the IP addresses of clients. Oh there is a new site? What are the chances that this new site is a new I2P nodes, no one that I enumerated two years ago? Ok, let's look at the most recent dozen I2P nodes since this site launched. Hm, I wonder if the site is one of these 12 new IP addresses! Let's send traffic to the hidden service and then DDoS each of these 12 nodes one at a time and look for correlations in how quickly the hidden site handles my traffic! Oh, there we go found the new hidden site. Seriously you are arguing that we compromise the security of not only the site operators and the vendors but also of everybody who uses the site. I2P is, for various reasons, not suited to running a drug market on! 

Quote
So yes, SR on i2p, bad idea, a new marketplace on i2p, good idea. Which brings us to the next concern:

No, it is a really bad idea.

Quote
-if i2p got big because of one drug site then everyone on i2p would be considered a drug user-

Well lets look at freenet, what is a distributed data storage anonymity network used for? CP of course. Is everyone connected to freenet a pedo? I suppose a better question would be, if guilt by association were a real thing then why do we have anonymous networks at all?

Well, let's look at the difference between a drug user and a pedophile. Pedophiles look at CP on the internet. That is the extent of their threat model. If they are identified as likely pedophiles, but the police don't have enough evidence to get a search warrant, they are still good to go. Let's look at drug users. They use the internet only to order drugs in the mail. Drug vendors use the internet only to take orders from customers. If they are identified as likely drug users or vendors, the police can use this intelligence to target them in other ways that don't require warrants. They can have dogs sniff peoples mail. They can have the very very few people who use I2P in cities that vendors ship out of put under surveillance. They can randomly pull people over and say they were speeding. They still have a lot of options available to themselves. None of those options are effective against CP consumers. There is also the big difference that freenet users in darknet mode are not so easily enumerated as I2P users in the default mode. And once I2P users stop using the default mode, the few advantages I2P could have over Tor are thrown out the window. So stop conflating threat models and learn the difference between intelligence and evidence! 


Quote
-i2p enumerates all connected nodes publicy and therefore vendors would be broadcasting their involvement-

This attack involves cops buying from vendors to find out what city they're in. Once they do that they contact the ISP's in that city and figure out, based on forum posts and pm's to the vendor, who was connected to the anonymous network at that particular time, this gives a small list to investigate. Some preventative measures are to use bridges and attempt to conceal ones connection to tor, however this is equivalent to using a VPN that only routes tor traffic, doesnt do much if all you traffic is going to that, in their eyes its still part of the tor network. A better solution is to use a generic VPN (most of them are) and run tor and perhaps a bunch of junk traffic like bittorrent over it, this places the entry point into tor into the VPN's servers located in some other country.

The first thing I would like to point out is that they don't even need to know who was connected at a certain time because I2P has so few users that any given city a vendor ships out of is not likely to have more than one or two I2P users, unless they are in a major city and still in these cases there will not be many users. Using a bridge is not at all similar to using a VPN. In your ISP's eyes if you traffic is obfuscated and going to a Tor bridge then they have no idea that you are using Tor unless they have enumerated all of the Tor bridges.

Quote
The safest approach is to never connect from an ip connected to you, so public/hacked/unsecured wifi spots are key, this way even if they do get through all your defenses they are left at nothing.

Just because we can use defense in depth doesn't mean we should use a less adequate network. Saying that it doesn't matter that I2P sucks because we can use random WiFi access points anyway pretty much sums up my thoughts on I2P for me.

Quote
-lets say i dont want my ip to be known connecting to i2p, then what-

simple, run i2p in whonix or tails, it gets routed over tor so that your entry into the i2p network is your exit node. all the anonyimity of the tor network with all the access to a new anonymous network that can scale, unlike tor, to any size.

And another compelling argument for I2P, mainly that we should use Tor to connect to it. Are we even running into serious scalability issues with Tor? Some rough spots on the old SR but it was up all the way to the very end when the feds seized it. You are trying to solve a problem that we haven't run into yet, and in doing so you are going to have us run into new problems that will be much more dangerous.

Freerider

  • Full Member
  • ***
  • Posts: 174
  • Karma: +33/-4
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #17 on: December 08, 2013, 11:01:42 am »
This is interesting, keep us updated on this if you could. Personally I would not go there as a customer or a vendor until things are up and running for a while. But thats just me. I would want to see more research done on that network and the issue with the IP Addresses  before I used it.
"You can always do more of the drug, but once it is in, you can't take it back out"   -FREERIDER     (~Give me LIBERTY, or Give me DEATH~)

Wonton

  • Full Member
  • ***
  • Posts: 134
  • Karma: +12/-3
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #18 on: December 08, 2013, 05:33:47 pm »
I do not think that i2p will ever be as popular as Tor, because the client is difficult to setup for most and really needs to be run 24/7 to minimize lag. Fact of the matter is Tor is good enough and there is no compelling reason for anyone to migrate to i2p at this time.

goblin

  • Vendor
  • Full Member
  • *****
  • Posts: 167
  • Karma: +24/-13
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #19 on: December 08, 2013, 08:39:31 pm »
Yeah, i2p is definitely for the nerdier types out there, not for everyday non-techies.

And about themarketplaceDOTi2p, sheesh, the guy's asking for 2 BTC for vendor registrations. A few days ago that was $2100! Now it's still some $1,450. That's way too much!

"During times of universal deceit, telling the truth becomes a revolutionary act." - George Orwell

http://directory4iisquf.onion/node/7869489

Mushrooms: http://silkroad6ownowfk.onion/users/goblin

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #20 on: December 08, 2013, 10:44:13 pm »
I do not think that i2p will ever be as popular as Tor, because the client is difficult to setup for most and really needs to be run 24/7 to minimize lag. Fact of the matter is Tor is good enough and there is no compelling reason for anyone to migrate to i2p at this time.

Tor is able to interface with the regular interent, this is largely why it took off before i2p did. You dont have to keep it running 24/7, this is a misconception spread by morons like merge who no matter how many times you show them the big picture continue to point out that the corners are bent.

If you run i2p for 3-5 minutes you can access themarketplace, its quicker than most hidden services.

Yeah, i2p is definitely for the nerdier types out there, not for everyday non-techies.

And about themarketplaceDOTi2p, sheesh, the guy's asking for 2 BTC for vendor registrations. A few days ago that was $2100! Now it's still some $1,450. That's way too much!

Looks like you read a reddit thread title based on a misconception and decided it was best to spread bullshit around since clicking on a link to read the explanation was more work than it took to spread bullshit.

Vendor registrations are free until the end of the year accoring to the admin TMCShultz. If you are a new vendor that has been shutout by the elitiest dickhead admins of SR and Tormarket then nows your chance to vend.

goblin

  • Vendor
  • Full Member
  • *****
  • Posts: 167
  • Karma: +24/-13
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #21 on: December 09, 2013, 04:14:03 am »


Yeah, i2p is definitely for the nerdier types out there, not for everyday non-techies.

And about themarketplaceDOTi2p, sheesh, the guy's asking for 2 BTC for vendor registrations. A few days ago that was $2100! Now it's still some $1,450. That's way too much!

Looks like you read a reddit thread title based on a misconception and decided it was best to spread bullshit around since clicking on a link to read the explanation was more work than it took to spread bullshit.

Vendor registrations are free until the end of the year accoring to the admin TMCShultz. If you are a new vendor that has been shutout by the elitiest dickhead admins of SR and Tormarket then nows your chance to vend.
I read it on the site itself, and I did not go to reddit, so I'm not spreading bs. It says plainly, 2 btc. If there was more saying that registrations are still free, I sure didn't see it.
« Last Edit: December 09, 2013, 04:15:49 am by goblin »
"During times of universal deceit, telling the truth becomes a revolutionary act." - George Orwell

http://directory4iisquf.onion/node/7869489

Mushrooms: http://silkroad6ownowfk.onion/users/goblin

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #22 on: December 09, 2013, 07:30:50 am »

I read it on the site itself, and I did not go to reddit, so I'm not spreading bs. It says plainly, 2 btc. If there was more saying that registrations are still free, I sure didn't see it.

The sites in beta, if somethings seems off, like a $2k vendor bond, then bring it up on reddit, chances are it was a mistake like the bond being set at 2btc which was fixed as soon as someone brought it up. Pointing out bugs like it were an intentional design feature is spreading bs.

El Presidente

  • Sr. Member
  • ****
  • Posts: 288
  • Karma: +134/-5
  • Buena Mierda
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #23 on: December 09, 2013, 12:05:12 pm »
You say this is the most secure marketplace on darknet.

We are pleased for you but can we ask, on what basis do you believe this? How many times has been it security tested and by whom? What sorts of issues were identified and then fixed? Was it proper manual testing done by independent parties?

If something is claimed to be more secure than anything else then there must be a basis for that - is it simply the fact that the escrow mechanism is multi-sig that reduces the risk of bitcoin loss in the event of server seizure or compromise (be that by authorized or unauthorized individuals)? Or is there something more specific about this PHP based market web-site that you can share with us all?

We are very interested in alternate models for market-place implementations and you obviously have some strong opinions on the matter so we would love to discuss.




=================================================
The All Market Vendor Directory - http://directory4iisquf.onion
=================================================

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #24 on: December 09, 2013, 01:36:19 pm »
it's actually the least secure market on the darknet due to the shitty choice of networks it went with.

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #25 on: December 09, 2013, 07:00:32 pm »
You say this is the most secure marketplace on darknet.

We are pleased for you but can we ask, on what basis do you believe this? How many times has been it security tested and by whom? What sorts of issues were identified and then fixed? Was it proper manual testing done by independent parties?

If something is claimed to be more secure than anything else then there must be a basis for that - is it simply the fact that the escrow mechanism is multi-sig that reduces the risk of bitcoin loss in the event of server seizure or compromise (be that by authorized or unauthorized individuals)? Or is there something more specific about this PHP based market web-site that you can share with us all?

We are very interested in alternate models for market-place implementations and you obviously have some strong opinions on the matter so we would love to discuss.

Its secure from an end user perspective. If the site gets hacked or located then it goes down, but it doesnt take anyone with it. The admin TMPShultz, having practically waived any massive profit that it otherwise would have gained sticking with the old escrow model, has shown his motivations to be entirely political. From the site:

Quote
We have built The Marketplace around the idea that it is only a matter of time before we are identified and when that happens, it cannot affect anything, it will be merly a fact that no one can act on. Our unique native bitcoin payment system makes it impossible for both vendors and customers to lose money.

Quote
Location

We realise how long the long arm of the law is and it doesn't stop at "uncrossable" borders. We believe that it is only a matter of time before we are identified but being identified should mean nothing. We believe that we have the necessary plans in place that should we be identified, we will have time to react as necessary and our system will be able to cope.

You have to realize that the government is more interested in a sites funds than it is making an arrest. The government loves money. Take that away and you are no longer the massive red target that other sites are. When you consider it this way we can see why the admin doesnt argue for the dissolution of the old escrow system, lazy buyers and bottom feeding vendors learn a very hard lesson over and over again and greedy power hungry site operators play the role of the low hanging fruit. In the end this helps all of us who care more about being free and retaining our power than having 1-click payments.

Quote from: merge
it's actually the least secure market on the darknet due to the shitty choice of networks it went with.

Well im glad you're so concerned for the TMPShultz's well being but the security of the network doesnt affect any of us. Being an i2p node isnt any more insecure from an end-user perspective than being a tor relay, its all public, its all routed traffic. Tor dev's regularly advocate becoming a relay and stated that it would be more resilient to traffic analysis and therefore more anonymous. I dont like to repeat myself for a 3rd time but i feel this is important to knock down morons such as merge here who like to keep arguing an already defeated point, vendors should not be accessing anonymous networks on their home connection. period .

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #26 on: December 09, 2013, 07:51:10 pm »
Well check that out, under i2p2 network config there's a "hidden mode - do not publish ip", i guess you can connect to the network as a client just like tor.

El Presidente

  • Sr. Member
  • ****
  • Posts: 288
  • Karma: +134/-5
  • Buena Mierda
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #27 on: December 09, 2013, 09:59:45 pm »
Thank you. So we take from that the following points:

1) The risk of loss of bitcoin through compromise of the market central site is significantly reduced. Primarily because the transaction is fundamentally a person to person transaction.
2) The risk of site compromise is probably the same as would be expected as a Tor hidden service
3) The risk of traffic profiling is probably the same as would be expected if the user were using Tor
4) The resilience of the network and thus access to the site is probably somewhat reduced compared with Tor
5) The risk of enumeration of vendor wallet addresses by malicious buyers is probably greater. (A standard LEO MO)
6) The risk of enumeration of buyer wallets by malicious vendors is probably greater although in general this scenario seems less problematic.

So on balance the risks are somewhat different which may suit some well but it is important to understand that it is not necessarily more or less secure. That is a matter of perspective and depends on the threats you face.

To our mind the greatest threat to a vendor is identification and subsequent action by the LEO threat agent. this is probably followed by loss of revenue/earnings, the threat sources here are more diverse but include malicious market site operators and hackers. Remaining threats include loss of reputation etc which don't seem to be affected by market places. Buyers have different sources and agents of threat but LEO also feature up there as a high priority threat.

Perceptions of security aside though, the question we have to ask is why not host on Tor as well as I2P? We cannot think of many good reasons why a site could not be available to both networks simultaneously other than technical complexity and integration.

We will no doubt have a look at this I2P marketplace over the coming days and weeks.

=================================================
The All Market Vendor Directory - http://directory4iisquf.onion
=================================================

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #28 on: December 09, 2013, 11:32:23 pm »
Thank you. So we take from that the following points:

1) The risk of loss of bitcoin through compromise of the market central site is significantly reduced. Primarily because the transaction is fundamentally a person to person transaction.

Not reduced, eliminated. Participants can still release escrow even in the event of a LEO takeover or total shutdown. Approx $ police would net as a result of taking over themarketplace = 0.

Quote
2) The risk of site compromise is probably the same as would be expected as a Tor hidden service

The incentive to compromise the site is significantly reduced. However any network and server configuration will always have to face attacks.

Quote
3) The risk of traffic profiling is probably the same as would be expected if the user were using Tor

This is a broad subject, buyer/vendor against localLE/NSA? Its hard to determine the threat model without knowing the specifics, however because you can access i2p through tor, you anonymity will remain roughly the same depending on your circumstance.

Quote
4) The resilience of the network and thus access to the site is probably somewhat reduced compared with Tor

When you talk about network resilience you speak of its ability to withstand things like botnet/ddos attacks and such. Actually its much increased due to the fact the botnet zombies would most likely be running as nodes and therefore contribute to, instead of leech off of, the network. Though they could theoretically operate as clients instead of nodes, the Tor botnet's inability to upgrade to the latest version of Tor showed that botnet owners arent necessarily intent on taking down a network, and in the end it was the only thing that kept it from taking down the entire network. Tor is much more suspectible to being taken down by even a mid-sized botnet than is i2p. As for my experience so far, themarketplace has been quite fast only after a few minutes of being connected.

Quote
5) The risk of enumeration of vendor wallet addresses by malicious buyers is probably greater. (A standard LEO MO)
6) The risk of enumeration of buyer wallets by malicious vendors is probably greater although in general this scenario seems less problematic.

Wallet address can be generated by the thousands in batch, theres really no risk here, actually less since there is no site wallet to be connected to.

Quote
To our mind the greatest threat to a vendor is identification and subsequent action by the LEO threat agent. this is probably followed by loss of revenue/earnings, the threat sources here are more diverse but include malicious market site operators and hackers. Remaining threats include loss of reputation etc which don't seem to be affected by market places. Buyers have different sources and agents of threat but LEO also feature up there as a high priority threat.

As long as vendors dont connect from home IP's and mix at least once before cashing out there is little risk of being identified this way. The biggest risk as we have seen so far is unsafe realworld practices, like vendors ordering drugs through the mail, lazy shipping techniques, or street dealing.

Quote
Perceptions of security aside though, the question we have to ask is why not host on Tor as well as I2P? We cannot think of many good reasons why a site could not be available to both networks simultaneously other than technical complexity and integration.

This im not entirely clear on, you'd have to ask shultz what exactly were his motivations for going to i2p, he posted a thread that mentioned vaguely his reasoning (from reddit):

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

We would like to explain our decison to use i2p rather than Tor. We feel that the recent events have
shown that given enough resources, Tor hidden services can be identified. We feel that moving to a
completly distributed platform built on the simple rule of "Don't trust anyone" is the best choice
for continued survival.

i2p is not a tool for accessing the internet annonymously, rather a complete darknet which is purpose
built with end to end encryption. Each end point is only known by a public key and being distributed,
it also helps prevent a DDOS attack from providing a location as there is no main nodes. Every person
connected to i2p is a relay for cryptographic information that is encrypted multiple times and passed
along the chain to be decrypted once at each hop.

We have done large amounts of research into all available hidden networks and we feel that i2p is the
best choice right now. I2p is also included in Tails VM as of october which means it's available to
everyone.

You may read more about i2p and how it works at some of the following sites.

http://www.i2p2.de/index.html
http://www.i2p2.de/how.html
http://www.i2p2.de/papers.html
https://en.wikipedia.org/wiki/I2P

Regards,
TMPSchultz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJSYQbkAAoJEBLtEWOvmHDdl58IALEGvlLuZulu8GRrO7khPU0A
JEYRB6stuS7BzOYxN6t/ZOCaZYfxlOJDuWQG456iC+8UbKmrF38sfmybNNC4duqb
QSzp1GuxxP/Kk9iEKxbdjuAn8BW4YVbGAp29SoD4cGnTy6m6OvvdRiuDoSe9uNEi
rBXzkLFFrqbp55mijphOxH29njDndU1Zpi4ykvD5IyP875pWqAYT6sYyOLv4yRjt
+df4zLDV+V9ZnOwRDPCo0SJuTEFTEkaDZLAdyIq9zRoFSjVBmFzvsbrEl+Rl49XA
B+xS3dKEaAb3XbQcYGeQKwoCMqcLJTGdLcz+PdbfKVrt4D2b5yvNURApsBCkbs4=
=+tNI
-----END PGP SIGNATURE-----

[/quote]
« Last Edit: December 09, 2013, 11:37:20 pm by Loki »

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #29 on: December 09, 2013, 11:40:44 pm »
Quote
Well im glad you're so concerned for the TMPShultz's well being but the security of the network doesnt affect any of us. Being an i2p node isnt any more insecure from an end-user perspective than being a tor relay, its all public, its all routed traffic. Tor dev's regularly advocate becoming a relay and stated that it would be more resilient to traffic analysis and therefore more anonymous. I dont like to repeat myself for a 3rd time but i feel this is important to knock down morons such as merge here who like to keep arguing an already defeated point, vendors should not be accessing anonymous networks on their home connection. period .

Tor devs regularly point out the risks of serving while you surf.

www.cs.umn.edu/~hopper/surf_and_serve.pdf

Tor devs regularly point out that you shouldn't run a Tor relay from the same system or even network you use to use Tor for other things. What you think vendors should do or should not do is irrelevant, the fact of the matter is that I2P brings more requirements for vendors to have any hope of maintaining security, whereas Tor doesn't have these extra requirements. Switching to I2P is all but certain to result in nothing but security fuck ups for vendors, it is also less secure for buyers and it is also less secure for hosting the site on.

smity1020

  • Hero Member
  • *****
  • Posts: 2256
  • Karma: +210/-249
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #30 on: December 09, 2013, 11:55:41 pm »
i2p seems like a total security fuckup, stay away from it
Yesterday is History, Today is a Gift, Tomorrow is Mystery

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #31 on: December 09, 2013, 11:56:23 pm »
His explanation for using I2P just shows that he is an idiot. It is like someone seeing that a cloth shirt can be shot through with a gun so he concludes that wearing nothing must protect him.

Quote
We would like to explain our decison to use i2p rather than Tor. We feel that the recent events have
shown that given enough resources, Tor hidden services can be identified.

Recent events show that if a server is hacked it can be deanonymized if the admin didn't take any measures against application layer deanonymization attacks. I2P is identical to Tor in this way, I2P will not magically protect a server that has been remotely rooted, if you want to do that you need to use various isolation techniques. The recent events also show that if you misconfigure your server and it leaks its own IP address that anonymizers wont keep you safe. I2P and Tor are both equally weak to this sort of problem, you need to use various isolation techniques to ensure that an IP address leak is not possible. The only thing recent events show us is that people who don't know what they are doing can't magically run an anonymizer and expect to be able to keep a hidden service hidden. We have no proof of any direct attacks on Tor leading to deanonymization of a hidden service, the last time that happened was in an academic context in 2006 prior to entry guards being added. Furthermore, recent research on I2P has exposed significant weaknesses: 

wwwcip.informatik.uni-erlangen.de/~spjsschl/i2p.pdf

Quote
tables (DHTs) in this environment.
I2P was built with these security problems in mind, and the network
is considered to provide anonymity for all practical purposes. Unfortu-
nately, this is not entirely justified. In this paper, we present a group of
attacks that can be used to deanonymize I2P users. Specifically, we show
that an attacker, with relatively limited resources, is able to deanonymize
a I2P user that accesses a resource of interest with high probability.

grothoff.org/christian/teaching/2011/2194/i2p.odp

Quote
We developed an attack on I2P version 0.83
Use a Denial-of-Service attack to facilitate traffic analysis
Deanonymization targets are I2P Eepsites

These are just some of the published papers. Outside of published literature, anonymity experts are aware of various other attacks against I2P, some of which I have already mentioned.

Quote
We feel that moving to a
completly distributed platform built on the simple rule of "Don't trust anyone" is the best choice
for continued survival.

I2P is hardly a distributed platform with the simple rule of "don't trust anyone", it still gives a single server administrator complete control of the server. Freenet is closer to doing what he claims he wants to do.

Quote
i2p is not a tool for accessing the internet annonymously, rather a complete darknet which is purpose
built with end to end encryption.

Tor has end to end encryption for its hidden services.

Quote
Each end point is only known by a public key and being distributed,
it also helps prevent a DDOS attack from providing a location as there is no main nodes. Every person
connected to i2p is a relay for cryptographic information that is encrypted multiple times and passed
along the chain to be decrypted once at each hop.

I2P hidden services can still be DDOSed, and if they are DDOSed it can quickly lead to deanonymization in the standard mode of configuration.

Quote
We have done large amounts of research into all available hidden networks and we feel that i2p is the
best choice right now. I2p is also included in Tails VM as of october which means it's available to
everyone.

I2P is the worst choice of all the darknets to put a market hidden service on. Their large amount of research is probably measured in hours or days, maybe instead you should listen to people who have done research for years, especially people who have done research in academic settings.

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #32 on: December 10, 2013, 01:07:12 am »

I2P is the worst choice of all the darknets to put a market hidden service on. Their large amount of research is probably measured in hours or days, maybe instead you should listen to people who have done research for years, especially people who have done research in academic settings.

Lets take a look at merge 10 years ago when he was just getting out of middle school and the Torproject was in its early stages:


Tor is the worst choice of all the darknets to put a market hidden service on. Their large amount of research is probably measured in hours or days, maybe instead you should listen to people who have done research for years, especially people who have done research in academic settings.

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #33 on: December 10, 2013, 01:32:01 am »
I guess if I was an idiot with no ability to argue the technical advantages and disadvantages of various networks that I would say something like that as well. Have fun with your quest to get everybody busted.

pabloescobar

  • Sr. Member
  • ****
  • Posts: 271
  • Karma: +29/-1
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #34 on: December 10, 2013, 03:53:49 pm »
I like the p2p escrow system, although the lack of research (compared with Tor) on the i2p network scares me away from using The Marketplace
"Nobody knows enough to worry" - Terrence McKenna

thehub7dnl5nmcz5.onion

PGP or no reply no PM

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #35 on: December 10, 2013, 04:09:43 pm »
I like the p2p escrow system, although the lack of research (compared with Tor) on the i2p network scares me away from using The Marketplace

Connect to it through Tor if you're concerned about its security. I'd sit around and argue the technical merits like an asshat with nothing better to do, but given that you can protect yourself with tor from any flaws that might exist there's nothing to be concerned about.

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #36 on: December 10, 2013, 06:54:22 pm »
I guess it just leads me to ask why the fuck are you suggesting that we switch to a network that requires us to use Tor to remain safe on.

bbkf

  • Hero Member
  • *****
  • Posts: 699
  • Karma: +73/-60
  • USA: You have to be a deviant or die of boredom.
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #37 on: December 10, 2013, 08:51:59 pm »
Pretty cool site, I hope more vendors jump on AND I hope it remains "Mom & Pop" I'll give it a go when I see some succesful transactions.
"I have sworn upon the altar of God eternal hostility against every form of tyranny over the mind of man"

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #38 on: December 11, 2013, 12:33:50 am »
I guess it just leads me to ask why the fuck are you suggesting that we switch to a network that requires us to use Tor to remain safe on.

You can use Tor if your vagina gets all sandy at the thought of being a leader.

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #39 on: December 11, 2013, 01:22:14 am »
I guess it just leads me to ask why the fuck are you suggesting that we switch to a network that requires us to use Tor to remain safe on.

You can use Tor if your vagina gets all sandy at the thought of being a leader.

being a leader is different from being a good leader.

AliceInWonderland

  • Full Member
  • ***
  • Posts: 216
  • Karma: +54/-12
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #40 on: December 11, 2013, 01:30:28 am »
I guess if I was an idiot with no ability to argue the technical advantages and disadvantages of various networks that I would say something like that as well. Have fun with your quest to get everybody busted.

There is really no point in discussing with inferior minds dude.

I know you really can't help it. You have been trying to educate people on security for a long time now, but most of it falls on deaf ears (which is quite a shame).

As someone once said (I don't remember who): You should never argue with an idiot, because he will drag you down to his level, and beat you with experience.

Remember to look in the knowledgebase before asking questions:
http://silkroad5v7dywlc.onion/index.php?action=kb

The Ten Commandments - http://silkroad5v7dywlc.onion/index.php?topic=15762.0

Why you should never talk to the police:
https://www.youtube.com/watch?v=6wXkI4t7nuc

Loki

  • Sr. Member
  • ****
  • Posts: 304
  • Karma: +41/-231
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #41 on: December 11, 2013, 03:45:29 am »
I guess it just leads me to ask why the fuck are you suggesting that we switch to a network that requires us to use Tor to remain safe on.

You can use Tor if your vagina gets all sandy at the thought of being a leader.

being a leader is different from being a good leader.

while i appreciate your attempts at derailing the thread over a the non-issue of i2p security this thread is about themarketplace and its multisig escrow. if you are butthurt about i2p for some reason then create your own thread and you can scream to the herd about much more secure a internet facing network is over a true darknet.

merge

  • Full Member
  • ***
  • Posts: 202
  • Karma: +33/-34
    • View Profile
    • Personal Message (Offline)
Re: i2p's "themarketplace" is the most secure marketplace on the darknet
« Reply #42 on: December 11, 2013, 05:48:55 pm »
I guess it just leads me to ask why the fuck are you suggesting that we switch to a network that requires us to use Tor to remain safe on.

You can use Tor if your vagina gets all sandy at the thought of being a leader.

being a leader is different from being a good leader.

while i appreciate your attempts at derailing the thread over a the non-issue of i2p security this thread is about themarketplace and its multisig escrow. if you are butthurt about i2p for some reason then create your own thread and you can scream to the herd about much more secure a internet facing network is over a true darknet.

Well, Tor has its own 'true' darknet system, and in addition to this it also has a system for anonymously accessing the clearnet. The ability to anonymously access the clearnet has led to Tor having a much larger user base, so in a sense I guess it is correct to say that an internet facing network is much more secure than a true darknet.