Silk Road forums

Support => Feature requests => Topic started by: tripsget on December 11, 2011, 09:45 pm

Title: Silk Road via I2P
Post by: tripsget on December 11, 2011, 09:45 pm
I'd really like to see SR available via silkroad.i2p, but I'm not sure how difficult it is to make that possible.
Title: Re: Silk Road via I2P
Post by: DrBenway on December 13, 2011, 09:23 am
Seems to me this would unnecessarily create an additional attack vector for de-anonymizing the server, so I don't think it would be worth it.
Title: Re: Silk Road via I2P
Post by: TravellingWithoutMoving on February 06, 2012, 06:18 pm
...my experience of i2p is its slower than Tor...
Title: Re: Silk Road via I2P
Post by: cindylove on February 07, 2012, 10:38 am
Also, I hear I2P is less secure that TOR because is has less users.
Title: Re: Silk Road via I2P
Post by: Acidroper on February 08, 2012, 05:35 pm
Nevertheless wondering why it was chosen Tor, not I2P?  In my opinion, I2P is better suited for anonymous hosting than Tor because I2P is designed and optimized for hidden services.
Title: Re: Silk Road via I2P
Post by: luckymobility on February 08, 2012, 08:16 pm
Can anyone link some good i2p drug sites, or any sites for that matter? I've been looking around but haven't really find anything but cheese pizza, and I don't like that stuff.
Title: Re: Silk Road via I2P
Post by: kmfkewm on February 08, 2012, 10:40 pm
I2P has like 5 thousand users. (Nearly) all I2P nodes route for other nodes. Adding a few high bandwidth nodes to the I2P network will allow you to enumerate almost the entire I2P network. I2P has users spread out through the entire world. I would hate to be a vendor who leaks rough geolocation via mail and uses I2P, it will probably be pretty easy for the feds to determine that the one person using I2P within five hundred miles of where the vendor shipped from is the vendor.

Not to mention I hope you have zero down time if you use I2P. Since I2P Eepsites (hidden services) are also routers. All an attacker needs to do is see if there is a down time correlation between one of the I2P nodes and the hidden service to deanonymize the hidden service. I hope SR isn't running as a relay too actually, for the same reason (busts out Tor relay history and cross references it to SR down time periods....).

I2P also sucks for various other reasons. Tor was a good choice, quite possibly the best.
Title: Re: Silk Road via I2P
Post by: Acidroper on February 09, 2012, 05:56 am
kmfkewm,
What about this?

Quote
Benefits of I2P over Tor

Designed and optimized for hidden services, which are much faster than in Tor
Fully distributed and self organizing
Peers are selected by continuously profiling and ranking performance, rather than trusting claimed capacity
Floodfill peers ("directory servers") are varying and untrusted, rather than hardcoded
Small enough that it hasn't been blocked or DOSed much, or at all
Peer-to-peer friendly
Packet switched instead of circuit switched
implicit transparent load balancing of messages across multiple peers, rather than a single path
resilience vs. failures by running multiple tunnels in parallel, plus rotating tunnels
scale each client's connections at O(1) instead of O(N) (Alice has e.g. 2 inbound tunnels that are used by all of the peers Alice is talking with, rather than a circuit for each)
Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information.
Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing)
Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived.
I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality.
Essentially all peers participate in routing for others
The bandwidth overhead of being a full peer is low, while in Tor, while client nodes don't require much bandwidth, they don't fully participate in the mixnet.
Integrated automatic update mechanism
Both TCP and UDP transports
http://www.i2p2.de/how_networkcomparisons

TOR also has a vulnerabilities:
https://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf (Hot or Not: Revealing Hidden Services by their Clock Skew)
https://www.packetstormsecurity.org/0610-advisories/Practical_Onion_Hacking.pdf (Practical Onion Hacking: Finding the real address of Tor clients)
https://www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pdf (Tor (The Onion Router) Open To Attack)
http://web.crypto.cs.sunysb.edu/spday/presentations/Angelos.Keromytis.pdf (Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems)
Title: Re: Silk Road via I2P
Post by: kmfkewm on February 10, 2012, 07:10 am
Quote
Designed and optimized for hidden services, which are much faster than in Tor

This is probably still true. I2P has a lot more routing nodes than Tor does and a lot lot lot less clients than Tor does. It was also designed and optimized for hidden services. I would be surprised if Tor ever beats I2P for speed or scaleability. However Tor has made serious improvements to its hidden service load times since a few years ago (when this was written).

Quote
Fully distributed and self organizing

This is kind of neat but many people would argue it makes it less secure than Tor. Tor uses centralized directory authority servers because they think it is required for anonymity. I2P people disagree. I am kind of on the fence regarding this issue, but I certainly see the problems with both systems.

Quote
Peers are selected by continuously profiling and ranking performance, rather than trusting claimed capacity

I am pretty sure Tor does this too now

Quote
Floodfill peers ("directory servers") are varying and untrusted, rather than hardcoded

I2P people see this as a benefit, Tor people see this as a vulnerability. It isn't so black and white.

Quote
Small enough that it hasn't been blocked or DOSed much, or at all

security by obscurity

Quote
Peer-to-peer friendly

Meh so is Tor if you know what you are doing.

Quote
resilience vs. failures by running multiple tunnels in parallel, plus rotating tunnels

Do Tor circuits really fail so often?

Quote
Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information.

Dubious claim, research needs to be done to determine if I2P is more resistant to active correlation attacks than Tor is.  And it isn't any safer from passive correlation attacks. If it is safer from active correlation attacks or not will have to do with every node being a router, not using unidirectional tunnels. It may very well actually double your risk of being pwnt by an end point timing attack, since if you connect to a malicious hidden service if they have active nodes at either your inbound or outbound tunnel they should be able to correlate packets to deanonymize you. Tor uses one node for inbound and outbound traffic. You only need a few high precision measurements to deanonymize someone with a timing attack if you can position yourself properly, I2P tunnels have two nodes to target (inbound and outbound) that each have half the traffic going through them than a Tor entry guard would....Tor has a single entry guard with twice the traffic on it. Unless someone can show me otherwise, I think Tor has the better design in this aspect.

Quote
Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived.
]

Tunnels in I2P are short lived, increasing the rate at which you will eventually use a node owned by X attacker.

Quote
I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality.

True

Quote
Essentially all peers participate in routing for others

How is this a benefit over Tor? I don't want to participate in routing for others. This is a benefit if you want a fast network that scales, not if you want anonymity as a client. Having all clients participate in routing for others is actually one of the biggest weaknesses of I2P as far as I am concerned, it makes it easier for a weaker attacker to get a list of all I2P peers IP addresses. At least with Tor as a client the attacker needs to monitor the directory authority servers, or your connection at your ISP, or your entry guard. I2P lets anyone who adds some high bandwidth nodes to the network to get everyone elses IP address.

It also makes it so that if you have any down time your eepsite is as good as deanonymized. I also hope you are not in an IRC chat and running as an I2P router at the same time, because if you have down time you are going to be kicked from the IRC at the same time your I2P node goes down.

Quote
The bandwidth overhead of being a full peer is low, while in Tor, while client nodes don't require much bandwidth, they don't fully participate in the mixnet.

Which is great if you want a fast network that scales but shitty if you want membership concealment as a client. It probably is also bad for client anonymity in other ways, running as a Tor relay actually decreases your anonymity if you use the same node as a client.

Quote
Integrated automatic update mechanism

Integrated automatic backdoor mechanism is not a benefit over Tor...and Torbutton lets you know when your Tor is out of date and lets you update it yourself

Quote
Both TCP and UDP transports

This is certainly a benefit if you want to use UDP


Quote
TOR also has a vulnerabilities:
https://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf (Hot or Not: Revealing Hidden Services by their Clock Skew)
https://www.packetstormsecurity.org/0610-advisories/Practical_Onion_Hacking.pdf (Practical Onion Hacking: Finding the real address of Tor clients)
https://www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pdf (Tor (The Onion Router) Open To Attack)
http://web.crypto.cs.sunysb.edu/spday/presentations/Angelos.Keromytis.pdf (Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems)

Yes Tor has many vulnerabilities and it sucks, but for anonymity it sucks a lot less than I2P does IMO. I would use Freenet before I used I2P. But I think Tor is the best choice.

Also I2P is just as weak to all of those attacks as Tor is. Tor has had a fuck ton more research done on it than I2P has, but a lot of the attacks against Tor apply just as much to I2P.