Discussion:
[tor-talk] comparison of Tor and Kovri in regards to deanonymization attacks
Eugen Leitl
2018-12-06 16:17:51 UTC
Permalink
I was curious for Monero dev's rationale to pick I2P over Tor, and then even forking I2P as Kovri.

Whatever I've seen online doesn't strike me as particularly convincing.

Is there published research in regards to deanonymization attacks against both Tor
and I2P, and given the design changes of Kovri, should we expect the attacks to be easier, or harder?

I realize that the answer would be likely we don't know, which is probably an answer in itself.
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://
bo0od
2018-12-06 17:31:00 UTC
Permalink
I2P and Tor comparison:

https://geti2p.net/en/comparison/tor

Kovri and I2Pd C++ bloody war:

https://i2p.rocks/blog/kovri-and-the-curious-case-of-code-rot-part-1.html

I2P by design safer than Tor. but due to the usage and rapid development
of Tor , I2P left behind many steps which needs long time to catch up or
sudden magic stick effect.

I would summaries the success of Tor over I2P with these points:

- Tor is way faster than I2P in the few past years (because I2P support
torrenting , so the speed is slow).

- Due to the slow speed of I2P , its very unlikely you can stream or do
heavy connections on the clearnet. Tor you can do it with even up to 1MB
speed.

- I2P meant to be for inproxy which is in other word it wont target/suit
the average user. Tor is suiting the average users due to its high speed
bandwidth and its ease interacting with the outproxy/clearnet.

- Tor has a modified browser which is a fork of firefox-esr called Tor
Browser Bundle which is easy to click and run with Tor. I2P until now
there is no official browser supporting it and user needs to do the
configurations manually.

- Tor programmed in C which gives it the opportunity to run on small
resources like home routers. I2P is programmed in Java which needs
resources and cant be functioning well on very small resources.

Hope that answered your question :)
Post by Eugen Leitl
I was curious for Monero dev's rationale to pick I2P over Tor, and then even forking I2P as Kovri.
Whatever I've seen online doesn't strike me as particularly convincing.
Is there published research in regards to deanonymization attacks against both Tor
and I2P, and given the design changes of Kovri, should we expect the attacks to be easier, or harder?
I realize that the answer would be likely we don't know, which is probably an answer in itself.
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailma
s7r
2018-12-07 00:12:16 UTC
Permalink
Hello,
Post by bo0od
https://geti2p.net/en/comparison/tor
https://i2p.rocks/blog/kovri-and-the-curious-case-of-code-rot-part-1.html
I2P by design safer than Tor. but due to the usage and rapid development
of Tor , I2P left behind many steps which needs long time to catch up or
sudden magic stick effect.
I am a Tor supporter, but this is not the reason why I disapprove this
statement.

It depends from what perspective you look at it as "safer than Tor". It
does not have directory authorities, and there are no relevant points
that need to make a consensus in order to make the I2P network work, so
yes some attacker cannot take down 9 servers and disable the network,
but this does not necessarily mean is safer. I mean, Tor could any time
drop the system where known directory authorities vote for other relays
and make a consensus, in favor for a decentralized system that is
controlled only by code and cannot be shut down by seizing N servers,
but this does not happen because the directory authority system is
studied, well known, it works and we are sure it solves way more attacks
than it opens. Think about that. It's a piece of cake for Tor developers
to write code that somehow drop the directory authority consensus style
and adopt something else, but this opens huge attack surface that is not
yet well studied and well understood, so better no. I think this is a +,
not a -.

- I2P can be attacked with far less resources than Tor;
- Tor is deeply researched and various attack types and problems have
already been solved;
- Tor is larger as a network with more capacity, and more diversity;

They also have different purposes so they cannot be directly compared on
absolutely every feature, because:

- Tor is designed to allow people to access the internet (clearnet, or
better said destinations outside the Tor network) anonymously, by
routing the traffic via a chain of multiple servers, making the
trace-back to a certain user as close to impossible as possible.

- I2P is more oriented for traffic inside the I2P network (e.g. you
cannot browse cnn.com anonymously via I2P).

It's like comparing apples with bananas. Both are good, but quite
different.
Post by bo0od
- Tor is way faster than I2P in the few past years (because I2P support
torrenting , so the speed is slow).
That is not the reason. Tor has more network resources in terms of
servers available for users to use, it uses bandwidth weights to ensure
a server gets as much traffic as it can at least theoretically handle,
based on bandwidth authority measurements.

Tor also uses flags, in order to know what servers to pick for each
point in a given circuit.

These are the primary reasons why Tor is much faster and continues to be
reliable even when it was attacked by million of 'zombie' botnet
computers that were hidden behind Tor.

I don't think that was a good thing that happened, but I think it is a
good thing that we got through it with no problems for average users.
Even the worst critic should applause this.
Post by bo0od
- Due to the slow speed of I2P , its very unlikely you can stream or do
heavy connections on the clearnet. Tor you can do it with even up to 1MB
speed.
Correct.
Post by bo0od
- I2P meant to be for inproxy which is in other word it wont target/suit
the average user. Tor is suiting the average users due to its high speed
bandwidth and its ease interacting with the outproxy/clearnet.
- Tor has a modified browser which is a fork of firefox-esr called Tor
Browser Bundle which is easy to click and run with Tor. I2P until now
there is no official browser supporting it and user needs to do the
configurations manually.
It is easy to click and run with Tor, but it also makes the privacy
oriented necessary settings so users cannot be tracked by websites. This
is important, there is much work done to remove from Firefox stuff or
configure stuff in a way that is oriented for user privacy. Tor Browser
it does not just start Tor automatically and a portable Firefox for
browsing.
grarpamp
2018-12-07 05:25:53 UTC
Permalink
Post by s7r
- I2P can be attacked with far less resources than Tor;
Moot when $10k is probably enough to Sybil at least
some small fraction of either of them.
Post by s7r
- Tor is deeply researched and various attack types and problems have
already been solved;
So if Tor is done, why don't you start writing grants to reseach,
advance, and solve some of the undone, equally applicable,
and necessary problem space of mixnets and other potential
designs, instead of continuing to throw [government] money
at Tor's curve of diminishing returns.
Post by s7r
- Tor is larger as a network with more capacity, and more diversity;
Start advertising, using, analysing other types of networks then.
Post by s7r
They also have different purposes so they cannot be directly compared on
absolutely every feature
Why do so many reviews keep implying this copout,
"B network doesn't have X feature therefore B sucks"...
of course networks are different, unique features are
not detractions they're just incomparable items,
go compare and analyse the similar features then.

Both Tor and I2P generally claim their non-exit modes
to be anonymous advanced designs resistant to attack.
Go compare and analyze that. If you don't like the results,
go start new designs.

Reviews can even conform features... users can
actually torrent internally over both, and exit over
both... analyze that.

Many orthagonal features are modular ideas embeddable
in any decent network anyway, so they're not necessarily
unique, only a matter of doing it, if sensible of course.
Post by s7r
- I2P is more oriented for traffic inside the I2P network (e.g. you
cannot browse cnn.com anonymously via I2P).
Yes you can, you just have to find or be an exit outproxy service
and configure it manually.
Government: Initialed the Tor design, put in Decades of $Millions
of controlling interest funding, and programmed Marketing.

Throw those kind of resources at I2P or any other network
and they would be relatively equal contenders too.

Throw Voluntary versions of those kinds of resources
at any network, and it might be a bit more novel and free
to go up against the backer of the "successful" one above.
Post by s7r
Post by bo0od
- Tor has a modified browser which is a fork of firefox-esr called Tor
Browser Bundle which is easy to click and run with Tor. I2P until now
there is no official browser supporting it and user needs to do the
configurations manually.
So stuff I2P inside TBB's work and call it IBB.
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torpro
grarpamp
2018-12-07 05:34:03 UTC
Permalink
Post by grarpamp
instead of continuing to throw [government] money
Sorry, didn't mean to imply it was theirs...
https://www.youtube.com/results?search_query=taxation+is+theft

Carry on.
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://l
bo0od
2018-12-07 09:12:00 UTC
Permalink
i didnt reply to him on what he said because i knew he was a newbie user
with the statement "you cannot browse cnn.com anonymously via I2P".

and about IBB, like i said there is until now no official support for
any browser to I2P or coming with it. But there is work in progress:

- firefox.profile.i2p

https://github.com/eyedeekay/firefox.profile.i2p

- update-i2pbrowser , which convert TBB inside Whonix to work with I2P:

http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/i2p-integration/4981/248
Post by grarpamp
Post by s7r
- I2P can be attacked with far less resources than Tor;
Moot when $10k is probably enough to Sybil at least
some small fraction of either of them.
Post by s7r
- Tor is deeply researched and various attack types and problems have
already been solved;
So if Tor is done, why don't you start writing grants to reseach,
advance, and solve some of the undone, equally applicable,
and necessary problem space of mixnets and other potential
designs, instead of continuing to throw [government] money
at Tor's curve of diminishing returns.
Post by s7r
- Tor is larger as a network with more capacity, and more diversity;
Start advertising, using, analysing other types of networks then.
Post by s7r
They also have different purposes so they cannot be directly compared on
absolutely every feature
Why do so many reviews keep implying this copout,
"B network doesn't have X feature therefore B sucks"...
of course networks are different, unique features are
not detractions they're just incomparable items,
go compare and analyse the similar features then.
Both Tor and I2P generally claim their non-exit modes
to be anonymous advanced designs resistant to attack.
Go compare and analyze that. If you don't like the results,
go start new designs.
Reviews can even conform features... users can
actually torrent internally over both, and exit over
both... analyze that.
Many orthagonal features are modular ideas embeddable
in any decent network anyway, so they're not necessarily
unique, only a matter of doing it, if sensible of course.
Post by s7r
- I2P is more oriented for traffic inside the I2P network (e.g. you
cannot browse cnn.com anonymously via I2P).
Yes you can, you just have to find or be an exit outproxy service
and configure it manually.
Government: Initialed the Tor design, put in Decades of $Millions
of controlling interest funding, and programmed Marketing.
Throw those kind of resources at I2P or any other network
and they would be relatively equal contenders too.
Throw Voluntary versions of those kinds of resources
at any network, and it might be a bit more novel and free
to go up against the backer of the "successful" one above.
Post by s7r
Post by bo0od
- Tor has a modified browser which is a fork of firefox-esr called Tor
Browser Bundle which is easy to click and run with Tor. I2P until now
there is no official browser supporting it and user needs to do the
configurations manually.
So stuff I2P inside TBB's work and call it IBB.
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailm
s7r
2018-12-08 16:32:15 UTC
Permalink
Post by bo0od
i didnt reply to him on what he said because i knew he was a newbie user
with the statement "you cannot browse cnn.com anonymously via I2P".
and about IBB, like i said there is until now no official support for
- firefox.profile.i2p
https://github.com/eyedeekay/firefox.profile.i2p
http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/i2p-integration/4981/248
newbie user? In I2P?
Not even that, I am not an user at all of I2P.

But I know about it and read about it, and the information was extracted
from the official i2p website.

If the website is not properly formatted and updated in description in
order to match reality, than this clearly states how much we can count
on it for anonymity or important stuff.

https://geti2p.net/en/comparison/tor
Post by bo0od
Post by grarpamp
Post by s7r
- I2P can be attacked with far less resources than Tor;
Moot when $10k is probably enough to Sybil at least
some small fraction of either of them.
Post by s7r
- Tor is deeply researched and various attack types and problems have
already been solved;
So if Tor is done, why don't you start writing grants to reseach,
advance, and solve some of the undone, equally applicable,
and necessary problem space of mixnets and other potential
designs, instead of continuing to throw [government] money
at Tor's curve of diminishing returns.
Nobody said Tor is done. In fact it's far from done.
It's just decades ahead I2P, as stated on the I2P official website. You
keep implying non-sense and twist words in your reply, as I correct you
below. Nobody is implying Tor is done, just that is much more researched
than I2P.
Post by bo0od
Post by grarpamp
Post by s7r
- Tor is larger as a network with more capacity, and more diversity;
Start advertising, using, analysing other types of networks then.
Post by s7r
They also have different purposes so they cannot be directly compared on
absolutely every feature
Why do so many reviews keep implying this copout,
"B network doesn't have X feature therefore B sucks"...
of course networks are different, unique features are
not detractions they're just incomparable items,
go compare and analyse the similar features then.
Nobody said I2P _sucks_ because it does not have feature X.

The idea is that having different and different purposes they cannot be
compared plain and simple, in a table, they each have various downsides
and upsides. It's kind of like comparing oranges with apples.

apples aren't so juicy.
oranges are.

This does not mean we said apples suck.
Post by bo0od
Post by grarpamp
Both Tor and I2P generally claim their non-exit modes
to be anonymous advanced designs resistant to attack.
Go compare and analyze that. If you don't like the results,
go start new designs.
Reviews can even conform features... users can
actually torrent internally over both, and exit over
both... analyze that.
Many orthagonal features are modular ideas embeddable
in any decent network anyway, so they're not necessarily
unique, only a matter of doing it, if sensible of course.
Post by s7r
- I2P is more oriented for traffic inside the I2P network (e.g. you
cannot browse cnn.com anonymously via I2P).
Yes you can, you just have to find or be an exit outproxy service
and configure it manually.
As stated on the i2p website that could be risky, anonymity is not
guaranteed.

"outproxy functionality does have a few substantial weaknesses against
certain attackers - once the communication leaves the mixnet, global
passive adversaries can more easily mount traffic analysis. In addition,
the outproxies have access to the cleartext of the data transferred in
both directions, and outproxies are prone to abuse, along with all of
the other security issues we've come to know and love with normal
Internet traffic."
Post by bo0od
Post by grarpamp
Government: Initialed the Tor design, put in Decades of $Millions
of controlling interest funding, and programmed Marketing.
This is the first thing all critics say. So what if it's government
money as long as the code is open source and anyone can audit it? Anyone
can run a relay and be a part of the network.

I have absolutely nothing against government funding as long as they are
given to Tor Project Foundation as they are, and allow the foundation to
decide for itself how and when to use those financial resources, and for
what they think it's best.

Great things take money.

And currently I don't think government funding still represents the
majority % of the total funding.

You are not forced to use Tor - stop using it if you think government
money cursed it and made it evil.
Post by bo0od
Post by grarpamp
Throw those kind of resources at I2P or any other network
and they would be relatively equal contenders too.
Throw Voluntary versions of those kinds of resources
at any network, and it might be a bit more novel and free
to go up against the backer of the "successful" one above.
Okay, could be. But what does this have to do with anything? We are not
discussing "What could be done if the pig could fly" or all the
theoretical stuff. We were discussing current real situation, what is
I2P now, and what it does now, not what it could be if and if.
Post by bo0od
Post by grarpamp
Post by s7r
Post by bo0od
- Tor has a modified browser which is a fork of firefox-esr called Tor
Browser Bundle which is easy to click and run with Tor. I2P until now
there is no official browser supporting it and user needs to do the
configurations manually.
So stuff I2P inside TBB's work and call it IBB.
What does this have to do with it anything? Of course there are
solutions, who said there aren't? We was discussing the current existing
features not what could be done theoretically.
Masayuki Hatta
2018-12-11 06:18:00 UTC
Permalink
Hi,
Post by s7r
Post by bo0od
I2P by design safer than Tor. but due to the usage and rapid development
of Tor , I2P left behind many steps which needs long time to catch up or
sudden magic stick effect.
I might be a kind of a rare bird here since I'm involved with both I2P
and Tor. I was also involved with Freenet, too.

I don't know I2P is by design safer than Tor or vice versa, but at
least Tor has been more researched than I2P, both technically and
legally. Tor also seems to have far richer resources.

I agree that there are many areas I2P needs to catch up. One of the
great things about Tor is Tor Metrics. I2P has some stats sites, but
not on par with Tor Metrics. I heard someone is interested in working
on I2P Metrics or something like that next year, and I will definitely
help him.

BTW, I believe it's really nice to have multiple implementations for
the similar purpose. Trying out all of them is very educational and
quite fun. Recently I wrote a short introduction for I2P with Tor
users on my mind.
Post by s7r
- I2P is more oriented for traffic inside the I2P network (e.g. you
cannot browse cnn.com anonymously via I2P).
It's true that I2P is basically a closed network, but I think I2P plus
Orchid can skim the cream of both. With the I2P Orchid plugin, you
can access I2P eepsites (*.i2p) via the I2P network and *.onions or
clearnet sites via the Tor network, seamlessly.

Best regards,
MH

--
Masayuki Hatta
Associate Professor, Faculty of Economics and Management, Surugadai
University, Japan

http://about.me/mhatta

***@gnu.org / ***@debian.org / ***@opensource.jp /
***@surugadai.ac.jp
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.t
grarpamp
2018-12-07 04:35:53 UTC
Permalink
Post by Eugen Leitl
I was curious for Monero dev's rationale to pick I2P over Tor
Whatever I've seen online doesn't strike me as particularly convincing.
Same could be asked of Zcash strong cryptographic ZKP style
currencies users often using Tor. As well as a handful of other
cryptocurrencies explicitly advertised and designed to use
with Tor.
Post by Eugen Leitl
Whatever I've seen online doesn't strike me as particularly convincing.
Is there published research in regards to deanonymization attacks against
both Tor and I2P
Some are here, some are in sites of other messaging systems...
https://www.freehaven.net/anonbib


All overlay networks currently in production are
massively vulnerable to at least two classes of attack
by sufficiently interested and capable adversaries...


1) Sybil
a) This requires people to actually use PKI to make and use
assertions and identities and to punt the results they get from
their deep social anal probing of each other in real life as
operator peers worldwide... into the consensus, DHT, or whatever
mechanism each network uses for node approval and selection.
b) Also requires complete ongoing analysis of all known physical
and logical metadata and behaviour of the nodes themselves.


2) Global Passive Monitoring
The US NSA, Global and Regional Telecom Corporations,
and other Entities Worldwide, acting both separately and
together, have a complete passive and active view of the
internet from at minimum the Global Tier-1 ISP Level,
including significant analysis and recording capabilities
therein.

Yet everyone still stupidly fails to execute at least a few of
the seemingly available and reasonable countermeasures...

a) Encrypt Everything.
Automatic, on by default, strong crypto suites, forward
secrecy, tofu, psk, rekeying, whatever works best, etc... both...
1) By and between end to end users, same for server to server...
2) On all physical network links worldwide, every port
automagic and independant... fiber, copper, radio, etc...
embedded in the network hardware itself via RFC, IEEE, etc

b) Deploy fulltime network fill traffic aka chaff, to fill the committed
capacity that each node provisioned itself into the [overlay]
network with, dynamically yielding room for and upon native traffic.
This applies both to, logical nets 2a1, and physical nets 2a2, above.

c) Politics, Anarchism, Cryptocurrency Crowdfunding, and
whatever else works to uproot and route around persistant
known bad actors.


3) Etc


Nobody seems to want to do much on the above, to actually
shape those into effective global project efforts, to deploy any
sufficient mitigation finally therein, therefore the vulnerabilities
shall remain.

#OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz , #CryptoCurrency
, #Anarchism , #SybilBusters , #EncryptEverything , #FillEverything
... the list gets longer.


Anyone can launch rockets these days.
So there is no reason any of the above and more can't be done.
Go build and launch some rockets.
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://
qubenix
2018-12-06 18:09:00 UTC
Permalink
Post by Eugen Leitl
I was curious for Monero dev's rationale to pick I2P over Tor, and then even forking I2P as Kovri.
Kovri is just a new implementation of i2p that anonimal is working on
and Monero intends to use, not a fork of the i2p project. It still is
using the existing i2p network.
Post by Eugen Leitl
Whatever I've seen online doesn't strike me as particularly convincing.
I agree.
Post by Eugen Leitl
Is there published research in regards to deanonymization attacks against both Tor
and I2P, and given the design changes of Kovri, should we expect the attacks to be easier, or harder?
I think it's a fact that Tor is more battle tested and thus anti-fragile
than i2p, but I could be wrong. I'm also interested in what the list has
to say.
--
qubenix

CODE PGP: FE7454228594B4DDD034CE73A95D4D197E922B20
EMAIL PGP: 96096E4CA0870F1C5BAF7DD909D159E1241F9C54
IRC OTR: DFD1DA35 D74E775B 3E3DADB1 226282EE FB711765
--
tor-talk mailing list - tor-***@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.o
Loading...