Author

Topic: An overview of the differences between and the comparative strengths and weaknes (Read 835 times)

legendary
Activity: 1372
Merit: 1003
An overview of the differences between and the comparative strengths and weaknesses of I2P and Tor : i2p

http://www.reddit.com/r/i2p/comments/13kd3t/an_overview_of_the_differences_between_and_the/

A reply of mine to this submission on /r/torrents got a little out of hand. I think it would be a good idea to have an overview of the differences between and the comparative strengths and weaknesses of I2P and Tor hidden services. That's what this post is for.

Please add any suggestions, rebuttals or clarifications in the comments. I will then add them to the main text so it can serve as an reference for those comparing I2P and Tor! Input and/or feedback from the Tor community is welcomed. Some bold lines indicate doubt about the truth of a statement. Please provide your knowledge about I2P or Tor so I can fix this.

These are my personal observations and not necessarily the only possible correct set of answers, though I'm sure other experienced I2P users will agree with me on at least some of these points:

Strengths of I2P compared to Tor

I think I2P is by nature of its design more secure than the Tor network. The strengths of I2P over Tor hidden services (that means not using Tor to access regular (clearnet) resources such as https://duckduckgo.com) are:

Heavily decentralized. Tor has a user:relay ratio of 165:1 (excluding non-public bridge relays; see metrics) while I2P has a user:relay ratio of 0.99:1 (a very limited amount of users don't route traffic for others because they are, for example, in a hostile country with a limited number of I2P users). This means that you would need a a lot more resources to have a chance of deanonymizing users by observing network traffic over malicious nodes (meaning a set of relays that are all observed by a hostile entity) for I2P than for Tor.

No central point of failure for building tunnels. Tor has directory servers that form a catalog of (public) Tor relays. A user asks these directory servers for (a copy of the entire list of) Tor relays (or just part of them?) including their properties (such as Exit Node, Guard Node, Fast Node, etc.) If (a number of?) these directory servers are compromised, they could manipulate the information that they are supplying to the users that use those compromised directory servers. The Tor directory servers can also be attacked, making it impossible for users to form tunnels because they lack the required information. I2P uses DHT which allows all I2P relays to inform other I2P relays of relays that they known. There is no central (set of) point(s) that can be attacked to make building of tunnels impossible (except attacking all I2P relays).

Asymmetric tunnels. I'll use an analogy to explain this. This analogy is wrong and inaccurate in some regards because the contents of the traffic that is sent through Tor and through I2P is encrypted and cannot be read. The amount of intermediary countries used also doesn't match. The purpose of the analogy is to make you understand the difference. With Tor, you send a letter from US to Canada through France, Germany and Brazil (in that order). The letter reads "Please send me the combination of our granddad's bank vault now that he has deceased.". The letter that is sent in reply from your friend in Canada (reading "19502118") is sent to your address in the US through Brazil, Germany and France (in that order). With I2P, the first letter (from US to Canada) is sent through France, Germany and Brazil (in the order), but the second letter is sent through Paraguay, Norway and Ukraine (in that order). Suppose the postal services in France, Germany, Brazil and Paraguay are compromised. In that case, those postal services can figure out that 19502118 is the combination for your granddad's bank vault, if you were using Tor to send the both of those letters. If you used I2P, they would not be able to figure out what the combination for the vault is, although they do know that you have requested the combination for the vault. A version of the above scenario that is more true to the nature of Tor and I2P would include letters sent in an unbreakable envelopes (the encrypted data). If that was the case, the compromised postal services would be able to confirm that a letter was sent from a person in the US to a person in Canada in both the case of Tor and I2P, but only in the case of Tor would they be able to also confirm that a letter was sent from that person in Canada to that person in the US. (They would also be able to guess that it was probably a letter in reply to the US -> Canada letter because of the rapid response time).

Short-lived tunnels. Adapting the analogy above, this means that communications between the US resident and the Canadian resident are only shortly passed through Brazil, Germany and France + Paraguay, Norway and Ukraine. Much sooner than is the case with Tor will I2P change the intermediary nodes that the communications are using (to, for example, Peru, Mexico and Australia + Greece, Nicaragua and Russia). This is useful because if a tunnel is compromised, you will only send data using that tunnel for a short amount of time, thus limiting the amount of data that is compromised (though the data is encrypted, so unless the server you are connecting to is also compromised, the adversary cannot inspect the unencrypted data).

Some protection against human errors. Tor simply relays TCP/IP packets while I2P is able to modify or trim those packets for some tunnels (such as the default IRC tunnel) to prevent human errors. Once again, an analogy is useful, though not accurate. Suppose you want to anonymously leak a document to a newspaper. You decide to use the (analog) Tor network to prevent your identity from being compromised. You send the letter through Bolivia, Colombia and Japan and then finally to the US HQ of a newspaper. Unfortunately though, you have forgotten to remove some identifying remarks from your letter (your data). Let's for the sake of clarity say that you have left fingerprints on your letter (a digital equivalent would be HTTP headers that indicate the local server time). You can then be deanonymized even though the delivery of the letter was securely anonymous.

BitTorrent functionality. Unlike Tor, I2P has been designed with BitTorrent support in mind (can someone verify this?). Tor isn't supportive of the Tor network being used for clearnet BitTorrent activity and, unlike I2P, it doesn't have its own internal BitTorrent functionality.

Weaknesses of I2P compared to Tor

Technical

No family flag for relays. This means that if one entity controls a bunch of relays, he can add this information to his relays so that the anonymization software will never choose more than 1 relay from the same family to build a tunnel. I'm not sure if I2P is actually missing this feature!

Non-technical / social

Lower amount of users (though more relays).
No extensive documentation and noob-friendly start-up tutorials (though there has been some progress as of late).
No extensive academic peer reviewing.
No noob-friendly user interface.
No noob-proof out-of-the-box solutions like the Tor Browser Bundle.
No (charismatic) public representative like Jacob Appelbaum is for the Tor Project.


http://www.reddit.com/r/i2p/comments/13kd3t/an_overview_of_the_differences_between_and_the/
Jump to: