Split I2P router from I2P services
-
- Posts: 35
- Joined: 06 Oct 2018 17:06
Split I2P router from I2P services
I2P is nice tool , but having it all together with other services making it less secure and less configurable/modifiable.
e.g:
in Whonix by design the GateWay acting as the router , and the WorkStation acting as the normal distro where the user doing his activity. So having I2P for this Design is not secure as if someone gonna install I2P it will be all installed inside the GW (Jetty,I2Psnark,Susimail ....etc) but we only needs the router (similarly in simplicity to Tor) while these services should work from the WorkStation.
this gives the opportunity to I2P things way much easier and safer.
e.g:
in Whonix by design the GateWay acting as the router , and the WorkStation acting as the normal distro where the user doing his activity. So having I2P for this Design is not secure as if someone gonna install I2P it will be all installed inside the GW (Jetty,I2Psnark,Susimail ....etc) but we only needs the router (similarly in simplicity to Tor) while these services should work from the WorkStation.
this gives the opportunity to I2P things way much easier and safer.
Last edited by anonymousmaybe on 09 Oct 2018 17:28, edited 1 time in total.
Re: Split I2P router from I2P services
Hi
Not easy to do, as the router itself is rahter useless, you need all the services around, like streaming, transports, addressbook,...
Also you already disable all unneeded services in the settings.
echelon
Not easy to do, as the router itself is rahter useless, you need all the services around, like streaming, transports, addressbook,...
Also you already disable all unneeded services in the settings.
echelon
-
- Posts: 35
- Joined: 06 Oct 2018 17:06
Re: Split I2P router from I2P services
Hey!
i know but make these running services as a separated services can be installed by the user will (not default).
e.g:
if he wants I2Psnark then
Code: Select all
sudo apt install i2psnark
i know its hard , but it will give I2P huge advantages to be used as router for different aspects of ideas and make it ease on their developers e.g:
I2P an OS
I2P a firmware
I2P just for X service
...etc.
thus this helping alot on a future vision for better/more I2P usage.
Last edited by anonymousmaybe on 14 Oct 2018 12:09, edited 1 time in total.
Re: Split I2P router from I2P services
I've been championing something very similar. Furthermore, I would like to see the I2P project focus solely on the router, similar to how kernel.org focuses only on the Linux kernel. Then someone else can put together a complete distribution like Debian does for Linux.
The benefits of this is that just like different Linux distributions target different markets, different I2P distributions can specialize for the needs of different users. This gives great flexibility to customize the I2P experience; for example, someone may choose to get rid of SusiDNS and implement a solution that resembles clearnet DNS. Someone may choose to build a distro which specializes in content creation, another may choose to specialize on Irc2P, yet another on filesharing, yet another on social networking, etc.
The benefits of this is that just like different Linux distributions target different markets, different I2P distributions can specialize for the needs of different users. This gives great flexibility to customize the I2P experience; for example, someone may choose to get rid of SusiDNS and implement a solution that resembles clearnet DNS. Someone may choose to build a distro which specializes in content creation, another may choose to specialize on Irc2P, yet another on filesharing, yet another on social networking, etc.
Re: Split I2P router from I2P services
Already in the works, although currently stalled:
http://trac.i2p2.i2p/ticket/2132
Need more of mhatta's time to make it a reality, and Tails is ahead of it on the priority list. Hopefully next year.
http://trac.i2p2.i2p/ticket/2132
Need more of mhatta's time to make it a reality, and Tails is ahead of it on the priority list. Hopefully next year.
-
- Posts: 35
- Joined: 06 Oct 2018 17:06
Re: Split I2P router from I2P services
in order this to happen , we should split any connection to the router within the same port.
this is dangerous in order to allow i2pbote or susimail ...etc then i should allow as well the same port of router 7657.
either make the apps which are built on top of I2P to prohibit the usage of the same port of the router (similar to irc2p uses 6668) or make the router to be configured on a different port.
this is dangerous in order to allow i2pbote or susimail ...etc then i should allow as well the same port of router 7657.
either make the apps which are built on top of I2P to prohibit the usage of the same port of the router (similar to irc2p uses 6668) or make the router to be configured on a different port.
Re: Split I2P router from I2P services
hi
you do know you talk about completely differnet networks, protocols, services and mix all together?
Not a good idea, really.
echelon
you do know you talk about completely differnet networks, protocols, services and mix all together?
Not a good idea, really.
echelon
-
- Posts: 35
- Joined: 06 Oct 2018 17:06
Re: Split I2P router from I2P services
I2Psanrk,Susimail,Jetty... these are services of I2P then its not safe or good idea so be working on the same port and only on the same place of the router.
one I2P service which is nice to use = Irc2p, because it uses different port and user can run it away from the router.
from the router we only need the connection/tunnel , but the service itself we want it to be running away from it.
when a user asking for a Door , you are giving him a whole House. This design cant be acting well to anonymity sake in nowadays.
Re: Split I2P router from I2P services
Hi
Sorry, what? Did not understand a word of what you want to propose.
I2P is a complete set of router and apps to be used.
Users can disable single services in the router console (or config file).
Services are only on localhost running, in a system a user can control. If the local system is not a safe place, there is nothing I2P can do for you. Sorry.
Also thats not the target/goal for I2P, to run in a compromised system, thats far out of scope.
But users can easy change the settings to run each I2P settings on a different interface, port, system and use the remote. Or use SSH.
Also why run I2P and services on different system for a home user with only 1 computer, which is the biggest user group of I2P?
So, please explain what you propose.
echelon
Sorry, what? Did not understand a word of what you want to propose.
I2P is a complete set of router and apps to be used.
Users can disable single services in the router console (or config file).
Services are only on localhost running, in a system a user can control. If the local system is not a safe place, there is nothing I2P can do for you. Sorry.
Also thats not the target/goal for I2P, to run in a compromised system, thats far out of scope.
But users can easy change the settings to run each I2P settings on a different interface, port, system and use the remote. Or use SSH.
Also why run I2P and services on different system for a home user with only 1 computer, which is the biggest user group of I2P?
So, please explain what you propose.
echelon
-
- Posts: 35
- Joined: 06 Oct 2018 17:06
Re: Split I2P router from I2P services
let me rephrase what i wrote:
1- having a vulnerability in service X application will lead to de-anonymization of the I2P user because this will directly hit by default the router since they are up and running into the same path. solution:-
separate the two sources the Service X from the router , which mean even if someone hacked the Service he cant jump through the router and know the user IP. and this is Whonix design even if the hacker hacked the application in WorkStation and gained Root privilege he cant know the real IP of the user.
2- I2P router can be configured and entered with this port 127.0.0.1:7657 , well the problem it is as well allowing other applications/services to use the same port like susimail or i2p-bot or jetty ...etc all these services using 7657. except IRC2P which is uses 6668 and thats cool. solution:-
prohibit any running software to run/use the same port as the i2pconsole. like specifying 7657 only for the router configuration.
3- Whonix design can protect the user even if he got hacked with services out the scope I2P e.g he got hacked through malicious PDF. then his traffic will still be encrypted and anonimized through I2P. (same almost to point 1)
...etc of mitigating of insecurity if all of the services built and happened to be in one place.
i suggest for you to read Whonix Design (WS,GW) and so as Qubes Design (compartmentalization) then you will know the benefits of separating things better than aggregating them.
1- having a vulnerability in service X application will lead to de-anonymization of the I2P user because this will directly hit by default the router since they are up and running into the same path. solution:-
separate the two sources the Service X from the router , which mean even if someone hacked the Service he cant jump through the router and know the user IP. and this is Whonix design even if the hacker hacked the application in WorkStation and gained Root privilege he cant know the real IP of the user.
2- I2P router can be configured and entered with this port 127.0.0.1:7657 , well the problem it is as well allowing other applications/services to use the same port like susimail or i2p-bot or jetty ...etc all these services using 7657. except IRC2P which is uses 6668 and thats cool. solution:-
prohibit any running software to run/use the same port as the i2pconsole. like specifying 7657 only for the router configuration.
3- Whonix design can protect the user even if he got hacked with services out the scope I2P e.g he got hacked through malicious PDF. then his traffic will still be encrypted and anonimized through I2P. (same almost to point 1)
...etc of mitigating of insecurity if all of the services built and happened to be in one place.
i suggest for you to read Whonix Design (WS,GW) and so as Qubes Design (compartmentalization) then you will know the benefits of separating things better than aggregating them.