Обновить

Internet censorship. When basic measures are not enough - I2P

Время на прочтение 8 min
Количество просмотров 32K

IN last article I told you what tricks you can do with just a browser. We will need this knowledge further

Hot August 2020 showed that basic measures are too few and ineffective. Need something more

When choosing a solution, I set myself several goals:

  1. The solution must be open

  2. The solution must be free - this is the only way it can become widespread

  3. The solution must be decentralized - there should be no single point of failure

  4. Homeless VPN. I wanted to be able to connect to any network node for free

  5. Bum hosting. Corollary of the previous point. Possibility to roll out a test resource for free

The VPN fell off immediately: even the working VPN died. VPN requires a centralized external server - a single point of failure. Finally, the VPN is paid - I wouldn’t call myself a rogue personally, but it’s definitely not a mass option

I haven't considered TOR yet. This is a completely viable solution, but I lack the expertise. In the comments, I call for an explanatory team about the strengths and weaknesses of the actual operation of TOR. Comparison of I2P and TOR networks

I started learning I2P. The idea seemed nice to me. It is especially interesting that the network will not only withstand a sharp increase in the number of users, but this will only make it work more reliably (but this is not certain). On the lurka very inspiring description of the possibilities, and wiki brings down from heaven to earth and makes it clear that I2P is not a silver bullet, and de-anonymization attacks are a reality. Difficult and expensive, but possible. For comparison, without I2P it’s like using your passport to introduce yourself and prepare for a search

Opportunities, limitations and pain points

Just like the TOR network, the I2P network has exit nodes. This means that you can access the regular Internet through the I2P network. However, you should understand that the speed of operation leaves much to be desired - streaming video via I2P is a so-so idea

Interestingly, you can reach TOR nodes from the I2P network. We will definitely set this up

I2P does not limit itself to any protocol. Instead, the network provides a medium for transmitting data. I was forwarding a connection to the database over an I2P network. I2P tunnels allow you to forward any resource, thus making it available for use by any program. If someone is not familiar with tunnels, the idea is simple and consists in opening a port on your machine for some open port on a remote server, and then using any local program to connect to the local port, which is exactly what any program can do, and the intricacies of transfer bytes to that port of the remote machine and back are already handled by the tunneling program (special case of a tunnel).

The consequences of tunnels are bum VPN and bum hosting. I'm happy - I can roll out the resource for free. I can connect 2 machines for free. Any other network member can do the same for free. Tasty

The network will be able to function even if playful hands again reach for the Big Switch - the Belarusian realities are exactly like this, he exists

The sore point is changing routes (hence dest hash). But I hope that the problem can be solved - there is a version for Android, which involves switching between the operator’s network and different wifi access points, and an experimental “Laptop Mode” has appeared in the router settings»

Errors and misconceptions

I've noticed several patterns of misconceptions

Oh, they told me on TV that they show this on your i2p! Is this actually legal??

Believe rumors more. There is nothing there that is not on the regular Internet. I2P aims to be a data transmission medium. The TCP and UDP protocols transmit more than 99% of information on the Internet, including illegal content. Let's fight the content, not the transport of its delivery

When the Internet is turned off, I’ll definitely install it

And you will cuckoo until the network is restored. I2P is not magic to bypass censorship, but a very real overlay network of flesh and blood, which receives information about other network participants only during its work

Okay, I installed it, launched it, poked something, and turned it off. As soon as the Internet is turned off - wow, seven of me! I’ll turn on I2P and everything will be wonderful for me!

Same problem. With a high probability, you will not be able to find any of those with whom you previously established a connection. Run I2P as a service and let it hang in the background. She doesn't ask for food (well, except for memory). This is the only way you will meet the hour in readiness

I'll be a minute. There and back

Nodes that often break connections with other network participants, according to established tradition get in the jug end up on ban lists. This rule should not be taken as an absolute; it is simply desirable that the service runs in the background. Don't jerk her every time she sneezes - she doesn't bite and doesn't ask to eat.

Well, a completely kosher stop of the I2P service is to press the “Shutdown” / “Turn off” button in the router console. The I2P daemon will stop itself in the worst case after 10 minutes - as soon as the already established connections with other participants in the i2p network expire

The “Restart” / “Restart” and “Shutdown” / “Turn Off” buttons are located in the screenshot in the lower left corner
The “Restart” / “Restart” and “Shutdown” / “Turn Off” buttons are located in the screenshot in the lower left corner

Installation on desktop

It consists of two mandatory parts - installing a gateway (inproxy) and setting up a browser (light or hard - we choose it to your taste). It is important to complete both stages; they do not make sense separately.

Gateway installation

on official project website there is a list of downloads - you can take it from there

The same list contains a section «Packages for Debian/Ubuntu»

After installation we try to open http://localhost:7657/ — router web console. I highly recommend bookmarking the page or even Pin Tab. If the page opens, you did everything right

Browser settings. Light

In this case, we are making the assumption that you are doing nothing wrong and are simply seeking access to information that has upset your government. And the government, like a whiny little girl, tends to be offended by any information. For example, linkedin is blocked in Russia. A terribly dangerous and extremist resource, yeah

In this case, we are not afraid of information leaks. For example, a site on the i2p network may request some jquery from a CDN. What is it about a js library that is requested millions, if not billions of times a day??

We assume that we are not doing anything wrong, and we are not interested in the decoy site of Comrade Major Vasily Musorov with some kind of tin, which downloads resources directly bypassing I2P or TOR using absolute links, giving out your real IP address. Look for the original image somewhere here: http://vasya-lozhkin.ru/pictures/. I did not find =(
We assume that we are not doing anything wrong, and we are not interested in the decoy site of Comrade Major Vasily Musorov with some kind of tin, which downloads resources directly bypassing I2P or TOR using absolute links, giving out your real IP address. Look for the original image somewhere here: http://vasya-lozhkin.ru/pictures/. I did not find =(

To configure we need an add-on SmartProxy. Setup is done in 2 simple steps - you need to add the I2P input gateway to the list of proxy servers and create proxy rules

Adding an I2P input gateway to the list of proxy servers
Adding an I2P input gateway to the list of proxy servers
Creating proxy rules for i2p sites
Creating proxy rules for i2p sites
Creating proxy rules for onion sites
Creating proxy rules for onion sites

Browser settings. For those who like it harder

Paranoia may require guarantees that there will be no leaks. It does not follow from the presence of paranoia that we will rush to look at the previously mentioned website of Comrade Major Vasily Musorov. Setup is carried out in a few simple steps

I don't have an extra browser on my system to dedicate it entirely to I2P. I will use the already installed firefox. The following option works on Linux:

FIREFOX_PROFILE="firefox-i2p"
FIREFOX_HOME="${HOME}/${FIREFOX_PROFILE}"
mkdir -p "$FIREFOX_HOME"
env HOME="$FIREFOX_HOME" firefox

That is, the idea is simple: make Firefox work with a completely clean profile, which will not affect the main one in any way, and which we can demolish at the first hint of problems, like a grandfather’s testicle. No matter what additions we install there, no matter what settings we make there, you can continue to use the main profile

I don't have a single Windows or MacOS machine. In the comments, please tell us how to do a similar trick with your ears in Windows. And on MacOS this trick should work, but I haven’t tested it

Open the settings and find “Network Settings” / “Network Settings”»
Open the settings and find “Network Settings” / “Network Settings”»
And specify the I2P input gateway
And specify the I2P input gateway

Installation on Android

The essence is exactly the same, but the tools are slightly different

Gateway installation

Still the same downloads page there is a section “Android»

Download section for Android
Download section for Android

Browser settings. Light

Find FoxyProxy in the add-on manager and install
Find FoxyProxy in the add-on manager and install
Go to its settings, click “Add»
Go to its settings, click “Add»
Specify the gateway address, scroll down and click “Save”»
Specify the gateway address, scroll down and click “Save”»
And add templates for the entire i2p and onion domain
And add templates for the entire i2p and onion domain
In the FoxyProxy settings, make sure that it is enabled
In the FoxyProxy settings, make sure that it is enabled

Recipes for setting up

I'll tell you about a few optional steps

DNS-over-HTTPS

For those who haven't read it previous article: needs to be added I2P And onion to exceptions. Otherwise, the browser will try to resolve these domains on Cloudflare with predictable results

I2P + uBlock Origin

We know how to learn from mistakes, therefore, we will add the i2p and onion zones to the exceptions, thus completely disabling the ad blocker for all i2p and onion resources

Open uBlock Origin settings
Open uBlock Origin settings
Adding exceptions to i2p and onion domains to uBlock Origin
Adding exceptions to i2p and onion domains to uBlock Origin

It’s better than it was, but not perfect—you lose control over downloading third-party content. I would just like to disable the resolution of i2p and onion names

Additional subscriptions

IN subscription list it makes sense to add addresses:

  1. http://stats.i2p/cgi-bin/newhosts.txt

  2. http://identiguy.i2p/hosts.txt

  3. http://isitup.i2p/alive-hosts.txt

  4. http://reg.i2p/export/hosts.txt

  5. http://inr.i2p/export/alive-hosts.txt

Feed java memory

The I2P ingress gateway is written in java. By default it starts with a limit of 128M. This is enough to get acquainted and slowly immerse yourself in the brave new world of the invisible Internet. The component that consumes the most memory is NetDB, a database of other hosts on the I2P network. The more of them are known, the higher the reliability and the higher the likelihood that at hour H, when the Internet dies again, you will still be able to find a loophole - an accessible host from the list of known ones. True, there are no guarantees

In case of Ubuntu/Debian:

sudo dpkg-reconfigure i2p

I don’t know how to do this for Windows and I really hope for comments

When you can’t open a port less than 1024, but you really want to, then you can

A very controversial recipe. In general, there is no need to do this. But if you really want to, then you can. I did this to test out the capabilities of I2P. That is, just for fun

The adventures began with the question “so where is java?”?»

which java | xargs file --mime-type
/usr/bin/java: inode/symlink

OK

which java | xargs readlink | xargs file --mime-type
/etc/alternatives/java: inode/symlink

More symlinks for the symlink god!

which java | xargs readlink | xargs readlink | xargs file --mime-type
/usr/lib/jvm/java-11-openjdk-amd64/bin/java: application/x-pie-executable

Please understand that my configuration may not be the same as yours. The idea is simple - add a section in the middle xargs readlink until enlightenment occurs - for now file won't tell application/x-pie-executable. As soon as java is found, we remove the last 2 words from the resulting command file --mime-type, for example, by pressing ^W twice, and add instead setcap 'cap_net_bind_service=+ep':

which java | xargs readlink | xargs readlink | xargs setcap 'cap_net_bind_service=+ep'

You may also need to add the ability to open a raw socket setcap 'cap_net_raw=+ep':

which java | xargs readlink | xargs readlink | xargs setcap 'cap_net_raw=+ep'

But next time I'll just deploy docker with nginx

What else is there??

I highly recommend reading it Russian-language wiki and look through the lists identiguy or isitup. And there is also search engine

Suddenly a web version of telegram. True, I have no idea whether the telegram administration knows about this mirror. However, through the output node you can reach the original
Suddenly a web version of telegram. True, I have no idea whether the telegram administration knows about this mirror. However, through the output node you can reach the original

And there is also Telegram MTProto proxies. The idea comes down to creating tunnels to the specified i2p hosts. Instructions on the website

There are also torrents and mail. I haven't tried any of this yet

Found filibuster And ebooks.i2p — the latter looks generally expensive and rich

Instead of a conclusion

It should be understood that I2P is not an independent resource, but primarily a feeder - a data transmission medium. Therefore, the scope of applicability of the technology is quite wide and rests, rather, on the imagination

I didn't say a word about i2pd. The project is worthy of attention: it is more productive with less resource consumption. I don't have any expertise yet

Tags:
Hubs:
Всего голосов 46: ↑44 и ↓2 +42
Комментарии 93
+93

Comments 93

Can you tell us about the pros/cons of integrating IPFS with I2P??

Well, just that these are different things. The key difference is that IPFS is about statics. But I have no expertise in this matter.

Now in i2p, instead of a large java router, many recommend installing i2pd. It is written on the pros and eats less memory. Suitable for weak devices such as routers.

I wrote about him at the end of the article

Author, what do you think about this?: vasexperts.ru/blog/klassifikatsiya-trafika-i-deep-packet-inspection (cluster analysis, which allows you to deal even with encrypted traffic?)
And:
This is within the framework of the use in the very near future of signature analysis on the technical means of countering threats currently installed (TSPU).
There is far from zero probability that both encryption and obfuscation will no longer help.
Additionally:
1) icmmg.nsc.ru/sites/default/files/pubs/sh2013-1.pdf
2) And: ru.wikipedia.org/wiki/Attack via_side_channels

Even without reading it, I suspected that this was possible. I don't know yet. I would bet on mimicry and an increase in the number of false positives - so that completely legitimate traffic, be it games or YouTube, will fall off. The fewer people will remain uninterested, the louder the problem of blocking will be discussed, the more obvious it will be that it must be solved by administrative methods, not technical ones. But these are still fantasies about a distant joyful future

It is not very clear what kind of classification of encrypted traffic based on signatures we can talk about, because simply by definition, signature analysis is a search for regular patterns, and encryption is a fight against the regularity of messages.
If after encryption you still have some patterns in the data, your encryption is not working. It's not just bad - it doesn't work at all.
And if it works, what patterns are we talking about??

This is exactly the question. The developers claim that even encrypted traffic can be analyzed and determined. Above I cited an article from Wiki, according to which it turns out that this is still possible…
There was also some kind of i2p browser. Something like a tor browser, only for the i2p network.
Once about 5 years ago I installed it, you could go to websites in i2p if you knew the address.
What is his privacy? I have no idea, I probably don’t have it..
The question is still about trust in the alternative implementation. Its creator is Russian-speaking (and seems to even be on the hub) and maybe Comrade Major regularly visits him and checks that everything is as it should be, and not safe.

This, by the way, is one of the big problems of modern Russian society - social mistrust. It is on this that the infrastructure of “comrade majors” rests".
Low social trust creates a feeling of constant threat. It’s not for nothing that people in the Soviet Union were very fond of making posters like “Don’t talk!”, and in our country now people see not partners, but enemies.


And if there are “enemies all around,” then security is needed. And after that we wonder why we have so many “comrade majors” per 100k population.


In general, there is no need to do this. A Russian-language author is neither bad nor good, but normal. Although, the fact that the author of i2pd hangs out here on Habré (even in the comments to this post, original ) — it's definitely nice.

Great article, thanks!
I hope to continue this series of articles..
Ideas for the following topics (that would be interesting to me personally)):
tor (where would we be without it), onion resources
retroshare (also an interesting network), unseenp2p (a variation of it that works through tor)
other p2p networks (freenet, zeronet, tribbler, ipfs, etc..)
as a related topic - truecrypt/veracrypt crypto containers
and installation of all this software for permanent operation on some router or NAS (maybe there are even ready-made distributions, where everything is “out of the box”? similar to Tails, but tailored for p2p exchange)

Yes sir! Thank you :)

Whonix will be better than Tails
By the way, this is also an interesting topic..
Thanks for the tip i2pd!
Not so long ago, out of habit, I complained that i2p is in Java and therefore install I won't laziness.
But it turns out that i2pd was written quite a long time ago. I tried it under Win & Linux (Gentoo has a standard package) - it even seems to work:)
All that remains is to assemble the torrent client.

Why is TOR not suitable??
No, I understand that for some reason everyone seems to think that anonymity is a whole article of hundreds of pages. But we live in the 21st century) Everything can be done in a couple of clicks/commands.
Not only “evil” people develop, but also “good” ones." )))


PS. You can exclude the countries listed in the config from the output nodes. If you get paranoid.

Article: I understand technology X. I have no expertise in technology Y.
Comment: Why is Y not suitable??


Answer. Only because I didn’t understand technology Y.


I also asked you to tell me in the comments about the features and pitfalls of using TOR. Maestro! Your exit

I didn’t read the article, but I saw I2P and decided to check in )
Maestro makes an exit ru.wikipedia.org/wiki/Tor
The whole point is that the torus is “for people”, and not “strangers made it for predators”»

I can read Wikipedia. I was asking about actual experience using TOR, not about Wikipedia. Thanks for the incredibly helpful comment.

I didn’t mean to offend, but simply hinted that everything there was “just».
The real experience “in operation” is that I installed the Tor browser and that’s it )
Although there are a couple of bugs in the latest releases (I’m waiting until they’re allowed to dry up). For example, js/css with the integrity property are stupidly not loaded (you can check it on getbootstrap.com)

BUT, Tor is not a Tor browser) Essentially it is a Sox server on a localhost.
But no one bothers you to configure it as a transparent proxy, etc..
> Essentially this is a Sox server on localhost.

I'll expand on the idea. You install the `apt install tor` package (yes, I'm a Debian guy). and you can even sit in Chrome via Tor by setting up a proxy in Sox 127.0.0.1:9050
This is a pretty bad idea. Mainline browsers have a huge number of problems related to fingerprinting and deanonymization. It is better to use tor browser - a fork of Firefox that includes workarounds and has adequate default settings (noscript, duckduckgo as a search engine, etc.). At the same time, it raises its own tor, you don’t need to install anything separately.

… through which only he works and this is the attack vector.

Nope, the “attack vector” is spread from “you personally” to “all users of the Tor browser».
No. It’s enough for you to inadvertently open a link in another application..
On a system running Tor, all applications must go through Tor..
What “other application” if we are talking about the Tor browser? )
Doesn't Tor browser provide anonymity if you don't use Tor browser? Original )
I said “at least in...” emphasizing the simplicity )
But I wanted to say “in any program that supports sox proxy».
And yes, comments on the case.
The same facebookcorewwwi.onion makes me laugh )
Let's leak everything through contacts and think you're protected )
I've been using tor since the days when Roskomnadzor actively blocked the cart, and once killed half the Internet.
The main advantage compared to i2p is speed!
The downside, like everyone else, is that you shouldn’t trust the output nodes, all unencrypted traffic goes to whoever needs it.
My config:

StrictNodes 1
ExcludeNodes {ru},{ua},{kz},{by},{us},{ca},{de},{??}
ExitNodes {nl}
NewCircuitPeriod 3600
ExitRelay 0

Bridges were configured, but abandoned due to their uselessness and instability. Because of my crooked hands, they constantly fell off (obfs4).
TOR's main sponsor is DARPA, not even just a sponsor, it's actually their development.
Whether it’s good or bad, everyone decides for themselves, we won’t delve into politics.
And the asymmetric RSA cipher (which is the essence of the standard now in the same https certificates) suddenly came from the NSA. How scary it is to live, nothing can be trusted.
And computers/components are generally produced in “enemy” countries. What are they putting into ours/theirs??
And networks are generally tapped by everyone.

Attention question!!!
What's scarier, "Comrade Colonel" or "Agent Smith"»?
Is there anything that can be done that would apply to all devices on the home network? For example, through a router (in my case, a kinetic without a USB port) of course for free.

You can easily try to raise i2pd on the router - as long as there is enough power
True, with DoH exceptions you still need to go into each browser

True, with DoH exceptions you still need to go into each browser

I don't know if this is good or bad, I'm just a noob.

I described this mechanism in previous article

*the link and the Lurk site itself from Belarus are not working, for certain reasons.

I also solved this problem in previous article

By the way, why are they? When connecting through an HTTP proxy, at what point does the browser begin to learn the host's IP address? He always just passed the domain name to the proxy server...

If the router is “smart”, then the package is installed and UDP packets are sent to port 53 where needed. Those. everything is solvable )

The article constantly mentions a hypothetical Internet shutdown - are we talking about blocking specific sites? Indeed, in the event of a complete shutdown, as is sometimes done in other countries, not a single overlay network will help. It would be interesting to read about mesh networks in this context

Hypothetical? Throughout the Republic of Belarus, the Internet was completely absent, not hypothetically, from August 9 to 11, and after that every Sunday the mobile Internet disappeared. Never hypothetical

That's what I'm asking - how do you suggest using i2p or any other overlay network in such a situation??

As well as Psiphon. He worked

So there was no Internet at all or access to specific resources?
Do you propose to ultimately use the remaining accessible i2p fragment or something like that??
It would be interesting to see network anarchy. How likely is it that such a network will be captured if a conditional 60% of the nodes belong to a certain organization??

Return to the real world :)

Come back you )
You have a “local conflict”, but for some reason you are using the technologies of the last century (no offense).

The man identified a real “threat”) Although it’s more realistic to simply turn off the Internet )))

A user cannot access the network without an i2p router. Each user of the i2p network has a router installed, which is called a node. This means that for 60% of nodes you need to install more routers than there are real users on the network. This is a lot of $$, especially considering that the nodes will be used equally by all network participants. That is Nick and Mike from distant Germany and Warsaw will use these nodes just like you and me

That is, security is based on the fact that a sufficient number of ordinary people obviously have more resources than the intelligence services?

It's funny to note that the security of cryptocurrencies is initially based on the same.

Better than nothing. Maybe you have a better idea?
Let me note that we are approaching the realm of engineering solutions. This is the area of ​​compromise where we trade strengths for weaknesses. There is no ideal. In this area, the most important thing is to get a successful combination of strengths in order to run into weaknesses as little as possible. Submarines are poorly suited for space travel

The 51% attack has already been carried out on crypto twice, if I remember correctly from the news, and it was carried out on fairly well-known “brands”"

Hmm, you can raise many inexpensive instances in the clouds for a short time, thereby getting some noticeable percentage of participation. You should try to find the number of routers on the network and estimate the price per hour of work, for example. And don't forget about botnets.

What's the point? i2p assumes that every node can be compromised. This is built into the architecture. And it’s strange that I’m quoting Wikipedia here. Have you opened the wiki article? What color is the textbook?

>Especially considering that the nodes will be used equally by all network participants

This is not entirely true. In Java, the profiler identifies fast nodes and tries to build tunnels through them. And at the moment, a rather curious situation has arisen that the tunnels go mainly through i2pd nodes, since the profiler reasonably considers them faster. Therefore, the problem outlined above really exists and is being discussed.

Thank you. The problem is clear

In my opinion, an attempt to bypass blocking is simply an attempt to postpone the inevitable, to let off all the steam of hatred towards the regime.

Nice try. Alas, the question of the darknet is more fun and exciting

There's nothing particularly interesting about these overlay networks in terms of resources. At most there will be a mirror from the regular Internet and that’s it. There are no normal search engines either; there are a lot of dead resources in the search engine. Those. It’s not very clear how to use this network itself. It’s better to write an article about this, but the installation is not difficult to handle.

ABOUT! Expert in the thread. Tell us what is not yet on the darknet?

Tell us what interesting/useful things are on the darknet. Since you understand this issue better.

They gave you the tunnels. You can forward any traffic through them. Therefore, as I said above, the applicability of i2p rests more on the imagination than on technical limitations. I can't lend you my imagination, sorry. My imagination screams: “This is a space of endless possibilities!” How to explain infinity?

But traffic can also be forwarded through a regular VPN…
It’s also not entirely true about the unlimited ones: the speed is limited, and so is the response. You can’t watch the video online, the pictures load slowly, there’s no talk of online games either..
This is the problem, there are no real cases when such a network will be a must-have. Only completely anonymous forums come to mind…
For example, if you make a site about cats in i2p, then simply 99% fewer people will visit it and that’s it, I don’t see any particular benefits from placing it in i2p now.
For example, if you make a website about cats in i2p,
then simply 99% fewer people will visit it
and that’s all, especially the benefits from placing it in i2p
I can't see now.

Well, yes. For this reason, a site in i2p and in other unusual environments now needs to be created, of course, not to replace a regular site, but only for backup cases, so that in the event of loss of access to the regular site (RKN blocked or some kind of hackers there or cybersquatters profited, etc.) etc.), there was still an opportunity for people to go to backup sites.


Of course, not all ordinary people will go back to backup sites quickly, but only geeks. Some other people will join the backup sites a little later. Well, some of the very ordinary people, who have nowhere to learn how to get to backup sites, will have no access to them at all. Well, these are inevitable losses that cannot be completely avoided..

I2P is not only the invisible Internet, but also invisible resources. In other words, those who use I2P for their own purposes try to avoid publicity.

Not all >:3

Everything is cool in I2p, except
1. he (she, it) is not about accessing the clearnet, the speeds there are scanty, i.e. if it is a proxy, it is very slow and sad
2. There are quite a few resources in the network itself, and their lifespan is short (enthusiasts are needed)
3. the data exchange speed is low (this is the price of security and these hops with garlic), when *chans with pics load, you remember dialup

of the pros:
A. Comrade Major will not ban IRL for a post about a bunker dweller. The question is where to post this post (see p.. 2)
b. you can create your own website safely and anonymously (if you have direct hands)
V. you can communicate very safely with friends without the risk that the correspondence will end up with some Stzuckenberg or comrade major

The network is good, with certain reservations, and it clearly lacks enthusiasts for its development.
I’m not an expert in networks, but I think that I2P can somehow be married with mesh networks, and then, in theory, the network will be both indestructible and also more anonymous. But this is not certain (about working in a mesh network).
I2P is Invisible Internet, what is the point of it in a mesh network?
There is a highly non-zero probability that I2P traffic will be detected on modern sophisticated hardware as part of the development of a “sovereign Internet”».
habr.com/ru/post/544516/#comment_22749490
>I’m not an expert in networks, but I think that I2P can somehow be married with mesh networks, and then, in theory, the network will be both indestructible and also more anonymous.

i2pd, starting with release 2.36.0, already supports working on top of Yggdrasil.

This is delicious! Unless it requires writing 2 more articles: setting up Yggdrasil for the little ones and experience in combat use, and especially why to do this, and setting up i2pd

Installed :) Thanks for the article!


PS: since writing this article I have already switched to i2pd. Thanks a lot, original! Currently, yggdrasil is also deployed and installed. Testing

It seems to me that you are not using the tool for its intended purpose. Anonymizers and alternative networks are needed in non-authoritarian countries as a means of counteracting not a crazy government, but snickering corporations. Of course, they have many similarities, but there are also plenty of differences..
But against the “Big Switch” it’s all useless. This is what the events of 9-11 actually showed. The provider thoughtlessly mowed down all encrypted or unrecognized connections: VPN, MTProto, HTTPS, SSH - literally everything went under the knife. If desired, they could simply stop servicing all individuals, and in conditions of government lawlessness, you can prove something to someone for a long time and to no avail.
But against the “Big Switch” it’s all useless.
This is what the events of 9-11 actually showed. Provider
thoughtlessly mowed down all encrypted or not
recognized connections: VPN, MTProto, HTTPS, SSH
— Literally everything went under the knife. If they wished, they could
just stop servicing all individuals,
and in conditions of government lawlessness
you can prove something to someone for a long time and
to no avail.

It is to prevent the negative impact of the “Big Switch” that mesh networks are needed, the usefulness of which was doubted a few messages ago (above).


Mesh network nodes will not block each other.
Although mesh networks have another small disadvantage:
In one populated area (with areas not very far from each other), one mesh network can cover the entire populated area. But to communicate with other cities, you will need some kind of long-distance connections (well, almost like before, fidosh nodes exchanged information). And this is still only possible through the communication systems of the “Big Switch”"...

Question for the experts: how safe is I2P from the point of view of detecting the fact of its use??
Same question about TOR - do I understand correctly that using obfs4 bridges makes it difficult to detect whether a user is using TOR?
It is still safe, like TOP, for individuals. But it’s not a fact that the relevant Articles 149 of the Federal Law will not be amended for the worse…
I meant something slightly different - can the provider determine that the user is using I2P or obfs4 TOR bridges?
It can, using signature analysis. At least that's what the developer says.
Just a collection of anti-patterns, what not to do, and shoot yourself in the heel.
The very possibility of simultaneous access to the regular network and i2p from one browser can already be used for de-anonymization.

Which is what was written about. It all depends on the goal. In light mode, I have no goal of achieving anonymity. I am not afraid of the resource I connect to. I am not doing anything bad. My goal is efficiency. Once again and literally: it all depends on the goal


PS: previous speaker rights in general, there is no need to minus it. All he missed was that goals and requirements may be different

Well, with this formulation of the question and goal, yes. Here recently on Habré they generally suggested using I2P and Tor as a replacement for the NAT Traversal technique (well, this is when two nodes behind different NATs try to establish a “direct” connection). Why not.
The main thing is that readers don’t get confused.

I am no better and suggest using it as a decentralized free VPN. The level of the article is introductory - it tries to interest the user, give him a tool and say “learn.” Where and how he will study next - I don’t know

A UFO flew in and published this inscription here
Thor, in the absence of competition, will very quickly begin to introduce “policies”, “rules of conduct” and other delights of the modern clearnet, given that it is officially developed by an American corporation.
A UFO flew in and published this inscription here
> and is positioned as a non-profit tool for circumventing censorship in countries where it exists and is aimed at suppressing the rights of the population, one of the many possible tools for countering totalitarian regimes

Here they directly say that it is exclusively for “non-democratic” countries. And about “democratic” countries, or rather countries, they don’t say anything.
Statistics of the work of plus i2pd (2.36.0 on Freebsd):
Main page

Uptime: 36 min, 2 seconds
Network status: OK
Tunnel creation success rate: 39%
Received: 163.10 MiB (127.39 KiB/s)
Sent: 137.65 MiB (119.99 KiB/s)
Transit: 137.74 MiB (119.85 KiB/s)
Data path: /var/db/i2pd
Hidden content. Press on text to see.
Routers: 3678 Floodfills: 1479 LeaseSets: 0
Client Tunnels: 26 Transit Tunnels: 738

I have a case of unsuccessful use of Thor. In order not just to use the network, but to somehow support it, I launched a Middle node at home on Raspberry. After some time, it appeared in the official list of nodes. After which Sberbank banned me from accessing the mobile application and Mi Home began dropping packages (I have a Chinese server selected). Without figuring it out for a long time, I stopped the node and changed the ip.

Without figuring it out for a long time, I stopped the node and changed the ip

Changed which IP?
The provider gave you a white IP, and then you asked the provider to assign you another IP?

Yes, you understood everything correctly.
I wonder if IPv6 will help? They will block the node address or the entire prefix?

Only full-fledged users can leave comments. Sign in, Please.