Someone please post a link to this post over in the Monero thread so they can come over here to address it. I don't want to shit on their thread. I am not criticizing Monero per se. I am technically criticizing I2P when deployed against a high-powered adversary such as the NSA. I am disappointed in whom ever made this decision for marketing reasons (apparently) without sufficient engineering investigation.
I2P (which is relied on by Monero to insure your anonymity) has updated
their detailed summary of potential attacks. That looks really bad (as I had expected). I wouldn't trust for that for obfuscating who sent a message to whom in the face of a powerful adversary and neither do they:
https://geti2p.net/en/comparison/other-networksMixminion and Mixmaster are networks to support anonymous email against a very powerful adversary. High-latency messaging applications running on top of I2P (for example Syndie or I2PBote) may perhaps prove adequate to meet the threat model of those adversaries, while running in parallel along side the needs of low latency users, to provide a significantly larger anonymity set. High-latency support within the I2P router itself may or may not be added in a distant future release. It is too early to say if I2P will meet the needs of users requiring extreme protection for email.
What they are really saying at the above quote is that the underlying I2P network is low-latency hogwash that can't protect against a high-latency adversary and that if someone builds a high-latency system (whether they run it on I2P or not is irrelevant), then you may be protected. Well duh! I2P isn't high-latency mixing and doesn't protect you. I doubt I2PBote does either. I am studying I2PBote and once again the design is not fully documented. I2PBote appears to store messages in a DHT and uses optionally high-latency relaying to provide the anonymity, but absolutely no details are given and the relaying may not even be sufficiently implemented or utilized (too small of mix set) to be of any use.
I2P was designed by the folks who did P2P file sharing apps. They did not design I2P to be anonymous to powerful adversaries, rather they designed it to be a performant, low-level network layer for basic privacy.
Stay away! Don't trust I2P for that threat model!
Thus Monero is not yet anonymous against a high-powered adversary (such as the NSA) unless you use a connection to the internet that can not be correlated to you nor to any activity you do from that connection (e.g. Google's cookie in your browser, logging into any website, etc). This is because if an identity is attached to a sent transaction (via the lack of IP address obfuscation), then it is known that identity is associated with the sender of that transaction, regardless of the ring signature mixing on chain.
Most users have no clue what they are doing and will not likely be anonymous against a high-powered adversary in Monero even if they think they are using an unregistered connection to the internet. And if widely the case, then this can cascade into reduced anonymity sets for everyone thus even destroying the anonymity for those who were careful enough.
You see this shit is very complex and it can't be done with such nonchalant attitude. It requires serious technical documentation and analysis.
I am not angry at any one per se; we are running out time and we should be working together to solve the problem instead of playing marketing battles here. We need to stop attacking each other. I am not attacking Monero. I am just stating technical facts.
You know they added I2P because I mentioned last year in a forum there where smooth et al were present or lurking that IP address wasn't obfuscated. I think fluffypony picked up on my criticism and pushed for adding it, but I am not really sure who did. Ever since then, I've been telling smooth that I2P is not sufficient against a high-powered adversary. It is one year hence and we still haven't solved the problem.
As AnonyMint I was the guy in the Anoncoin thread in 2013 (as kLee can attest) making the point their I2P integration lacked high-latency protection against timing attacks. Now 2 years later we are still in the same predicament.
Look I am just one guy. You can't expect me to do the work that requires dozens and dozens of highly skilled programmers working for years. I can only do so much. I am working 100+ hours a week and doing my best. I will try to fix all this shit but I won't be able to do it alone.
P.S. what got me off on this tangent was searching for a better alternative to Bitmessage, but unfortunately I think maybe there is none when obfuscating the link between sender and recipient. In terms of encrypting messages so only sender and recipient can read (and not concerned about linking the identities of sender and recipient), then I2PBote looks better than Bitmessage because
it has a 512-bit ECC encryption option (thus maybe providing a few more years of historical protection, perhaps even against early, less powerful quantum computers that may come) and better usability features.
To demonstrate how naive users are, I had asked a programmer for his Bitmessage address and he told me bitmsg.me! Cross that guy off the list for potential employment. He doesn't even understand how using a website would eliminate the entire point of using Bitmessage in the first place (unless of course that website is using client-side Javascript encryption and receiving all network messages from the server and attempting to decrypt them client-side and not relying on the server hosting bitmsg.me to do that instead, which may be the case but I doubt it).
Edit: I am reading I2P's technical documentation. They are talking about maybe implementing some high-latency delays for version 3.0 (they aren't even at version 1 yet since starting in 2003), and worse is they plan to let the sender set the delays at each hop of the garlic layer! I guess they don't realize that this will allow a high-powered, omniscient attacker to flood inbound tunnels with specifically timed delays so they can unmask the tunnel! These I2P devs should not be trusted about anonymity.
