Pages:
Author

Topic: Time to switch to i2P? - page 2. (Read 4310 times)

full member
Activity: 139
Merit: 100
November 09, 2014, 05:09:24 AM
#26
From what I was reading earlier today, multiple sites which were taken down were using the same Bulgarian host.

Link, please?
full member
Activity: 206
Merit: 100
November 09, 2014, 02:46:18 AM
#25
Well both attacks by the government on both SR's were user/admin error (although SR2 made much worse errors then SR1).

Ahhh.. Well, there you go.

SR3, don't host it in the United States. Morons. hehehe.

As for physical security, ... there are lots of methods, and although expensive you can host it yourself. Have any of the SR1 and SR2 operators seen "See More Buds" ? That talks a bit about physical security of grow houses.

I've never used SR1 or SR2 or any of the others that died, so I don't know if the user interface would be affected if I had done things differently or took care of things on my end, or set up shop in some remote mountain with walls like UBL (but UBL did not have internet, bummer.)

From what I was reading earlier today, multiple sites which were taken down were using the same Bulgarian host.  If you're using the same host as another illicit service, there's always the chance that you'll get caught in a dragnet intended for someone else.  Operator stupidity is also rampant.  The operator of C9 actually posted on reddit that one of her servers had been seized and that she was looking for a new host - not smart.
I believe that reddit accepts connections from tor exit nodes so it is very well possible that the operator of C9 was connecting from tor (I am not sure what C9 even is).

Also do you have a link to that many of the sites were all using the same hosting provider? This would explain how law enforcement was able to take down so many sites
hero member
Activity: 868
Merit: 1000
November 09, 2014, 02:16:48 AM
#24
Well both attacks by the government on both SR's were user/admin error (although SR2 made much worse errors then SR1).

Ahhh.. Well, there you go.

SR3, don't host it in the United States. Morons. hehehe.

As for physical security, ... there are lots of methods, and although expensive you can host it yourself. Have any of the SR1 and SR2 operators seen "See More Buds" ? That talks a bit about physical security of grow houses.

I've never used SR1 or SR2 or any of the others that died, so I don't know if the user interface would be affected if I had done things differently or took care of things on my end, or set up shop in some remote mountain with walls like UBL (but UBL did not have internet, bummer.)

From what I was reading earlier today, multiple sites which were taken down were using the same Bulgarian host.  If you're using the same host as another illicit service, there's always the chance that you'll get caught in a dragnet intended for someone else.  Operator stupidity is also rampant.  The operator of C9 actually posted on reddit that one of her servers had been seized and that she was looking for a new host - not smart.
hero member
Activity: 532
Merit: 500
November 09, 2014, 02:14:00 AM
#23
Would hidden service hosts not be relatively obvious, if only for the amount of data they upload? Users of dark and normal web through Tor would be downloading more than they ever upload. Does Tor use distributed storage? I2P I expect is even more obvious, just disrupt the connections and see a site go offline.  Huh
The entry guards and the "middle nodes" would also be uploading a large amount of tor related traffic.

It would probably be advantageous for a hidden service to also act as a middle node in order to hide it's identity
sr. member
Activity: 531
Merit: 260
Vires in Numeris
November 08, 2014, 07:43:08 PM
#22
Would hidden service hosts not be relatively obvious, if only for the amount of data they upload? Users of dark and normal web through Tor would be downloading more than they ever upload. Does Tor use distributed storage? I2P I expect is even more obvious, just disrupt the connections and see a site go offline.  Huh
legendary
Activity: 1540
Merit: 1000
November 08, 2014, 07:41:52 PM
#21
What we need are things like mesh networks and some nice speed to go with it so it's practical to use, the technology seems pretty far off right now though but I would love to play games and use a totally decentralised internet without the need for an ISP.
hero member
Activity: 658
Merit: 501
November 08, 2014, 07:29:56 PM
#20
I tried tor once and it was pretty boring so slow and it was a pain in the ass to search things so I gave up.
Is i2p faster and has it like a search page or you have to hop around sites?

Tor is better at security just from the fact that there is more oversight, more development, and an order of magnitude more nodes. I2P has properties that make it better for torrenting files.

Here is some more info :
https://gnunet.org/sites/default/files/herrmann2011mt.pdf

If an attacker has enough of the network they can effectively DeAnonymize the user on Tor with the entry and exit nodes.
The solution is simply to grow the amount of node relays , but especially exit nodes as trusted ones are in short supply.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
November 08, 2014, 07:15:01 PM
#19
Well both attacks by the government on both SR's were user/admin error (although SR2 made much worse errors then SR1).

Ahhh.. Well, there you go.

SR3, don't host it in the United States. Morons. hehehe.

As for physical security, ... there are lots of methods, and although expensive you can host it yourself. Have any of the SR1 and SR2 operators seen "See More Buds" ? That talks a bit about physical security of grow houses.

I've never used SR1 or SR2 or any of the others that died, so I don't know if the user interface would be affected if I had done things differently or took care of things on my end, or set up shop in some remote mountain with walls like UBL (but UBL did not have internet, bummer.)
legendary
Activity: 1372
Merit: 1252
November 08, 2014, 07:05:46 PM
#18
I tried tor once and it was pretty boring so slow and it was a pain in the ass to search things so I gave up.
Is i2p faster and has it like a search page or you have to hop around sites?
hero member
Activity: 658
Merit: 501
November 08, 2014, 05:33:18 PM
#17
The great thing about TOR is it has a lot of support and infrastructure. This is also what makes it so dangerous as a certain percentage of exit nodes, bridges, and relays are controlled and owned by the NSA/GCHQ. What we need to do is increase the amount of high speed nodes and especially exit relays.

With security it is impossible to become 100% secure but you can certainly make it impractical and costly to attack.

Shutting down SR1 and SR2 was probably a very costly exercise and individually investigating dealers on a decentralized platform where all escrow funds were held in a mutisig account that couldn't be seized would be an effort in futility. The "war on drugs" is mostly funded by asset forfeiture and the theft of both the dealers and clients money. What happens when those funds are held in method where they cannot be taken?
full member
Activity: 197
Merit: 100
November 08, 2014, 05:22:12 PM
#16
But attackers looking for the real IP of a target hidden service can significantly narrow the set of possible targets by enumerating all active Tor/I2P users (using widespread traffic analysis or by having a lot of nodes on the network), and then they can further narrow it by doing intersection attacks. Once they've narrowed it down to a few hundred possibilities, they can try timing attacks against each one to get solid proof that they're the target.
I would say a solution to this would be to have a lot more tor/onion sites that are legitimate and receive a lot of traffic. This would make a timing attack much more difficult as there would be more traffic to analyze which makes each data point less significant.
(I wonder if the hidden services that were not taken down in the recent bust have anything in common. Are they in a particular country that's unfriendly to NSA demands? Do they use a fixed set of trusted entry guards? Probably we won't find out, unfortunately.)
I am not 100% sure if this is technologically possible but maybe they were set up in a way so that only "x" percent of traffic will go to a specific server with each request being routed to a server at random. Another possibility is that whoever runs the sites that were not taken down were much better at fighting DDoS/timing attacks by shutting down/going offline whenever there is an increase in traffic above "x" percent.
I just don't think that low-latency client<->server networks can be secure. What we need are distributed data stores like Freenet so that the originator/owner of content doesn't need to always be online and moreover has plausible deniability even if they are under active surveillance. However, I really doubt that any existing anonymous data store could actually stand up to targeted traffic analysis of the content originator. Freenet seems to be put together in an especially haphazard way, without much theoretical basis for its claimed anonymity.
This sounds a lot like storJ to me

legendary
Activity: 1400
Merit: 1013
November 08, 2014, 05:20:53 PM
#15
The main problem with I2P and Tor is that they only try to protect you against mostly-passive attackers who have absolutely no idea of where you might actually be on the Internet. The Tor threat model says (and this is also true of I2P):

Quote
By observing both ends, passive attackers can confirm a suspicion that Alice is talking to Bob if the timing and volume patterns of the traffic on the connection are distinct enough; active attackers can induce timing signatures on the traffic to force distinct patterns. Rather than focusing on these traffic confirmation attacks, we aim to prevent traffic analysis attacks, where the adversary uses traffic patterns to learn which points in the network he should attack.

But attackers looking for the real IP of a target hidden service can significantly narrow the set of possible targets by enumerating all active Tor/I2P users (using widespread traffic analysis or by having a lot of nodes on the network), and then they can further narrow it by doing intersection attacks. Once they've narrowed it down to a few hundred possibilities, they can try timing attacks against each one to get solid proof that they're the target.

(I wonder if the hidden services that were not taken down in the recent bust have anything in common. Are they in a particular country that's unfriendly to NSA demands? Do they use a fixed set of trusted entry guards? Probably we won't find out, unfortunately.)

I just don't think that low-latency client<->server networks can be secure. What we need are distributed data stores like Freenet so that the originator/owner of content doesn't need to always be online and moreover has plausible deniability even if they are under active surveillance. However, I really doubt that any existing anonymous data store could actually stand up to targeted traffic analysis of the content originator. Freenet seems to be put together in an especially haphazard way, without much theoretical basis for its claimed anonymity.

I like a lot of what I've read about GNUnet. I think that a good path forward for anonymous networks would be:
- Make the GNUnet software user-friendly.
- Create message board and Web functionality (like FProxy) on top of GNUnet.
- Make GNUnet work over I2P.
- Increase the popularity of GNUnet+I2P so that attackers can't just do traffic analysis of every single user.
There's an solution to traffic pattern attacks - it's just really expensive.

They way you solve traffic pattern analysis is to make your protocol consume a constant amount of bandwidth all the time, regardless of whether anything is actually going on or not.
administrator
Activity: 5222
Merit: 13032
November 08, 2014, 05:07:28 PM
#14
The main problem with I2P and Tor is that they only try to protect you against mostly-passive attackers who have absolutely no idea of where you might actually be on the Internet. The Tor threat model says (and this is also true of I2P):

Quote
By observing both ends, passive attackers can confirm a suspicion that Alice is talking to Bob if the timing and volume patterns of the traffic on the connection are distinct enough; active attackers can induce timing signatures on the traffic to force distinct patterns. Rather than focusing on these traffic confirmation attacks, we aim to prevent traffic analysis attacks, where the adversary uses traffic patterns to learn which points in the network he should attack.

But attackers looking for the real IP of a target hidden service can significantly narrow the set of possible targets by enumerating all active Tor/I2P users (using widespread traffic analysis or by having a lot of nodes on the network), and then they can further narrow it by doing intersection attacks. Once they've narrowed it down to a few hundred possibilities, they can try timing attacks against each one to get solid proof that they're the target.

(I wonder if the hidden services that were not taken down in the recent bust have anything in common. Are they in a particular country that's unfriendly to NSA demands? Do they use a fixed set of trusted entry guards? Probably we won't find out, unfortunately.)

I just don't think that low-latency client<->server networks can be secure. What we need are distributed data stores like Freenet so that the originator/owner of content doesn't need to always be online and moreover has plausible deniability even if they are under active surveillance. However, I really doubt that any existing anonymous data store could actually stand up to targeted traffic analysis of the content originator. Freenet seems to be put together in an especially haphazard way, without much theoretical basis for its claimed anonymity.

I like a lot of what I've read about GNUnet. I think that a good path forward for anonymous networks would be:
- Make the GNUnet software user-friendly.
- Create message board and Web functionality (like FProxy) on top of GNUnet.
- Make GNUnet work over I2P.
- Increase the popularity of GNUnet+I2P so that attackers can't just do traffic analysis of every single user.
full member
Activity: 173
Merit: 100
November 08, 2014, 01:00:50 PM
#13
Did those onion sites get attacked technologically? Or did they get attacked because of user/admin error?

What could they have done different that would have prevented discovery?
Well both attacks by the government on both SR's were user/admin error (although SR2 made much worse errors then SR1).

I think the main issue is somewhat technological as there are very few large onion sites so any kind of DDoS attack on an onion site would make it easy for anyone with the ability to monitor overall tor traffic to be able to see where a lot of tor traffic is going when they are getting DDoS'ed
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
November 08, 2014, 12:49:55 PM
#12
You guys needs to know more about CJDNS and Hyperboria.    Wink
staff
Activity: 3304
Merit: 4115
November 08, 2014, 12:39:57 PM
#11
I2P just requires a more nodes to be up and running, that would mean it should be more secure than Tor, but of course if you want more nodes more people have to take the plunge initially when it's not so secure. Although, it's still going to be vulnerable to the attacks which Tor has undergone the past few years. Although, I believe it can be more secure than Tor with more people creating nodes.

At the moment Tor is probably more secure due to more nodes, but I2P why not be in the main scope at the moment because of the lack of users, thus this would make it more secure because of the lack of attacks, although there have been quite large attacks on both.
full member
Activity: 183
Merit: 100
November 08, 2014, 12:25:07 PM
#10

I don't believe that any anonymity network in existence today is safe enough to directly run an illegal website on, unfortunately.

You'd definitely need multiple layers of protection, and not just technological. If it were me, at the very least I would also like to have some passive eyes in the physical environment hosting the hidden services. E.g. an employee at the hosting provider in my payroll, preferably someone in security or compliance roles, whose task would be to discretely inform me if the feds came and started poking around.
The problem with having "eyes" in the physical environment is that this will expose your identity somewhat as well as the fact that you are hosing something that is illegal when the hosing provider may not otherwise notice the illegality of what you are hosing. Plus you would need to trust the person you are using as your "eyes" 
legendary
Activity: 1400
Merit: 1013
November 08, 2014, 12:16:25 PM
#9
I2P is very similar to Tor technologically. If the Feds are using technical attacks against Tor, then the same attacks will probably also work against I2P. In fact, some attacks are easier against I2P because it has far fewer users and its network isn't carefully managed in the same way that Tor's network is.
What I2P has going for it is a better theoretical basis, and a focus on hidden services rather than proxying to the clearnet.

The only thing Tor has going for it is more users - if I2P has the same number of nodes I'd expect their hidden services to be more secure than Tor's hidden services.
donator
Activity: 1617
Merit: 1012
November 08, 2014, 11:58:25 AM
#8

I don't believe that any anonymity network in existence today is safe enough to directly run an illegal website on, unfortunately.

You'd definitely need multiple layers of protection, and not just technological. If it were me, at the very least I would also like to have some passive eyes in the physical environment hosting the hidden services. E.g. an employee at the hosting provider in my payroll, preferably someone in security or compliance roles, whose task would be to discretely inform me if the feds came and started poking around.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
November 08, 2014, 11:46:57 AM
#7
Did those onion sites get attacked technologically? Or did they get attacked because of user/admin error?

What could they have done different that would have prevented discovery?
Pages:
Jump to: