caution with i2p and browser fingerprinting

Guys, it's only a matter of time before a lot of you turn to i2p for your darknet market needs, but please be aware that unlike using the TOR browser bundle which has been packaged up to maximize end user security, getting on i2p quickly and easily may leave you vulnerable to browser fingerprinting attacks.

Browser fingerprinting is a technique that marketting companies developed in response to widespread public awareness of cookie based tracking. A few people have written extensions to try to thwart these techniques but none of them (that I'm aware of) are current and up to date. Stopping fingerprinting is like trying to hit a moving target, the people researching this are already well ahead of the privacy minded people in this particular area of privacy invasion.

I suggest setting up a separate cheap computer for your i2p use if you can at all manage it.

Simply using your every day browser with i2p and changing it to use the i2p service as a proxy is asking for trouble!

Cookies and javascript are only one small part of the picture when it comes to tracking and identifying a user on the web. Sites can poll your browser to find out what extensions/addons you have installed and what fonts are on your system to get a scarily accurate picture of who you are.. a hostile i2p site can match this against the same information gathered from your browser on the clearnet to identify you with a high degree of precision.

At the very least install noscript and use it with the most restrictive settings possible, including font request blocking.

Academic examples of fingerprinting so you can see for yourself what I'm talking about:

http://fingerprint.pet-portal.eu/?lang=en#

https://panopticlick.eff.org/

If you have javascript turned off these sites might not work, but don't take it for granted that this is sufficient to block commercial grade or gov.co grade fingerprinting, the techniques evolve constantly.

Please, stay out of prison guys. :)


Comments


[12 Points] Jmosty:

Use tails to mitigate these issues


[12 Points] al_eberia:

Just use the Tor browser. Change the proxy settings to a http proxy at port 4444 and browse away. Just hit the reset to default button when you are done. This way you don't have to worry about hardening a new browser or leaving permanent evidence of accessing a hidden site.


[7 Points] paregoric_kid:

Someone needs to put out an i2pbrowser bundle.


[3 Points] None:

It's super easy and cheap to pick up an old IBM thinkpad (under $100) and throw your linux distro of choice on it. Then go through a vpn to tor or i2p for a perfect burner laptop. Shit hits the fan, throw the laptop in a fire or off a bridge.


[3 Points] futuredracula:

Very good advice, especially considering that idiotic guide that was posted that tells you "just use IE since you have probably have it and don't use it anyways"


[-1 Points] Pepys_luvs_big_tits:

this is a reason why i was skeptical of TMP. why all of a sudden switch to i2p? ddos attacks? there are literally no other competition atm.