Hi, i was wondering if i2p traffic looks like normal traffic ?
And if not, why doesn't it look like normal traffic so it cannot be censored ?
Does i2p traffic look like normal traffic ?
-
AntibodyMama
- Posts: 29
- Joined: 18 Jun 2024 20:45
Re: Does i2p traffic look like normal traffic ?
As far as I know, it looks like total random garbage.
Both network transports (NTCP2 and SSU2) are obfuscated at all stages of connection.
It was made that way so that it doesn't look like anything and doesn't have any unique characteristics that it can be blocked by.
You can learn more about these two protocols at http://i2p-projekt.i2p/spec, in that list see "NTCP 2" and "SSU2".
Both network transports (NTCP2 and SSU2) are obfuscated at all stages of connection.
It was made that way so that it doesn't look like anything and doesn't have any unique characteristics that it can be blocked by.
You can learn more about these two protocols at http://i2p-projekt.i2p/spec, in that list see "NTCP 2" and "SSU2".
-
AntibodyMama
- Posts: 29
- Joined: 18 Jun 2024 20:45
Re: Does i2p traffic look like normal traffic ?
Thanks much
Re: Does i2p traffic look like normal traffic ?
The only way to block it is to block everything that does not look like something.
-
AntibodyMama
- Posts: 29
- Joined: 18 Jun 2024 20:45
Re: Does i2p traffic look like normal traffic ?
So its superior to Tor in this
Re: Does i2p traffic look like normal traffic ?
Yeah.
OP doesn't say what 'normal traffic' is, ofc there's lots of different kinds of traffic out there on the internet.
But there's basically three philosophical approaches:
1) Try to look like something else (Tor with all its various pluggable transports)
2) Try to have everything look random, every byte, every bit, and the port numbers, and do something with the packet lengths, especially in the handshakes (us, now)
3) Don't bother (e.g. wireguard)
Back in the beginning in 2003 the choice wasn't clear, jrandom went mostly with 2) but not fully, there were some holes. But this was before the rise of China's firewall and aggressive censorship around the world became a big issue, especially for Tor. Traffic identification resistance wasn't an explicit goal in the NTCP/SSU design documents, but implicitly he did make an effort.
Tor went all in on 1) but that requires a constant back-and-forth game, a pluggable architecture, a constant campaign to get users to run various relays and try different things. We're not set up for that and don't have the resources to do it.
As we started work on NTCP2 (and later SSU2) we reaffirmed we were on the right path with 2) and did our best to improve censorship resistance (traffic identification) as an explicit goal. I think we did pretty well, but there's still some things to do, especially on padding strategies (packet lengths and length distribution) and perhaps on packet interarrival times.
So I wouldn't claim 'superiority' over Tor, but what we're doing works best for us and it seems to be working, we rarely get reports of blocking.
OP doesn't say what 'normal traffic' is, ofc there's lots of different kinds of traffic out there on the internet.
But there's basically three philosophical approaches:
1) Try to look like something else (Tor with all its various pluggable transports)
2) Try to have everything look random, every byte, every bit, and the port numbers, and do something with the packet lengths, especially in the handshakes (us, now)
3) Don't bother (e.g. wireguard)
Back in the beginning in 2003 the choice wasn't clear, jrandom went mostly with 2) but not fully, there were some holes. But this was before the rise of China's firewall and aggressive censorship around the world became a big issue, especially for Tor. Traffic identification resistance wasn't an explicit goal in the NTCP/SSU design documents, but implicitly he did make an effort.
Tor went all in on 1) but that requires a constant back-and-forth game, a pluggable architecture, a constant campaign to get users to run various relays and try different things. We're not set up for that and don't have the resources to do it.
As we started work on NTCP2 (and later SSU2) we reaffirmed we were on the right path with 2) and did our best to improve censorship resistance (traffic identification) as an explicit goal. I think we did pretty well, but there's still some things to do, especially on padding strategies (packet lengths and length distribution) and perhaps on packet interarrival times.
So I wouldn't claim 'superiority' over Tor, but what we're doing works best for us and it seems to be working, we rarely get reports of blocking.
-
AntibodyMama
- Posts: 29
- Joined: 18 Jun 2024 20:45
Re: Does i2p traffic look like normal traffic ?
It's clearer for me now, thanks for the answer