to remain secure from outside observers is the main goal, the i2p network is much more secure than tor or a vpn, though it does a good job protecting you from others on the network too.
- 0 Posts
- 5 Comments
Joined 2 years ago
Cake day: March 28th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
as a darknet it’s more secure than tor, but less people use it so less anonymous. the benefits are really for using in-network services there, not so much for accessing the clearnet, though you’ll find clearnet things bridged to i2p
2·10 months agodefinitely opens up another surface for attack, could see flooding namespace, sibyl, hijacking consensus mechanism somehow, lots of very bad content would surface too which some of the current “curators” try to dampen. Consensus mechanism would be tricky to get right
non maliciously this is occasionally a problem. different registrars have different rules, some will delete a name after so long the destination is dead, others wont. so registrars will let you register an abandoned name with a new destination, but some wont. But local address books will default to the older destination over the newer one.
i think it was done this way so there could be no one thing declaring google.i2p goes to a destination, locally you decide. wouldn’t be a bad idea to incorporate some sort of cert though, a lot of that work would fall to the registrars to agree i’d think, like on expiring names.
i think the idea of using dht for this so it’s more like a network consensus thing has come up, but there’s reasons not to do this.
main things:
imagine you have one of those multihop vpns setup, but instead of one connection you have several different multihop vpns running at the same time, and every one of those vpns gets a new server every 10 mins. very roughly, that’s how they work. Since there’s so many paths, they’re very long, and the paths are constantly changing, it’s hard for observers to make sense of what goes where. In i2p it’s usually 7 hops each way. there may be thousands of connections at a time for each node, all changing every 10 minutes.
with both tor and i2p, we encrypt and decrypt at each hop, so no node in the chain can read messages. an observer can listen in, but they don’t know for sure what goes where, and they wouldn’t be able to understand what’s being said. in tor and i2p, this protects everyone running a node (except for exit nodes), since they maintain plausible deniability regardless of what passes through them.
i2p goes further. with the vpn analogy, you would get 2 sets of vpns: one for outgoing traffic and one for incoming. everyone else is doing the same thing, so if you want to share an image with someone the other person will run their own chain of vpns to meet with your chain of vpns to see it. you never connect directly. where the vpn analogy falls apart is since you’re routing traffic for other people in i2p, you’re also a server hop for other people. so you mix their traffic in with your own. there’s also some random noise added in all to make the life of an observer even more confusing. it’s all mixed together like cloves of a garlic bulb to make the life of an observer as hard as possible. traffic mixing and separate outbound/inbound tunnels are the major differences with garlic (i2p) and onion (tor) routing.
since tor doesn’t maintain many connections to hide your traffic in the mix with other users, tor uses stream isolation to use a different path for each website so you look like a new person each time. it uses the same set of nodes for up and down traffic like a vpn does. it does not mix traffic with peers. getting to clearnet with tor (and i2p) is a weak link since whoever runs the server has power to snoop your traffic (or inject things). but tor has many exit nodes, all automatically changing for you. there’s only 3-4 exit nodes (outproxies) in i2p.