lainchan archive - /sec/ - 133
[ Return /
Go to bottom ]
File: 1492095614995.png (49.91 KB, 300x110, i2p+tor.png)
Is the future on dark nets (intra-nets under the Internet)? Day after day the design of websites of Internet became more insecure, bloat and invasive in the technical side and political/law side don't see the problems of surveillance in a long run.
While looks pretty complex to fix this on the political side, in technical side looks more promising with refine from some old projects like I2P and Tor.
Well, what is your opinion, lainon?
While looks pretty complex to fix this on the political side, in technical side looks more promising with refine from some old projects like I2P and Tor.
Well, what is your opinion, lainon?
We need a new internet altogether
I'm in favor of internet/outernet through radio signals
I'm in favor of internet/outernet through radio signals
If the West follows Russia and China in having greater control over the Internet, it might be possible. I don't think each country is going to have a "national internet", but there are attempts by different governments (notably the UK) that limit privacy and freedom. So it is possible that dark net is going to rise in importance in future.
Should I install linux for information security? Now I use windows 7.
>>135
*outer
>>136
New infrastructure and new protocols if that infrastructure requires them.
that is why I'm behind radio signals, we can't cover the world with cables, here in latin america we have very thin connection because everything come and leaves in just 3 cables.
Also look up High Speed Multi Media, HSMM, people already has made radio meshnets but commercial radio and local law are making its adoption impossible.
*outer
>>136
New infrastructure and new protocols if that infrastructure requires them.
that is why I'm behind radio signals, we can't cover the world with cables, here in latin america we have very thin connection because everything come and leaves in just 3 cables.
Also look up High Speed Multi Media, HSMM, people already has made radio meshnets but commercial radio and local law are making its adoption impossible.
The protocols are insecure and so is the whole deal. There is a need for an anonimity friendly protocol.
Kovri seems interesting. Its a c++ version of i2p being maintained by the monero people (monero is the anon crypto coin)
https://github.com/monero-project/kovri
https://github.com/monero-project/kovri
I2P has a much more interesting architecture than Tor, however, Java cannot be trusted as the official binaries are by Oracle, a capitalist corporation in the US. That means the official binaries nearly certainly have backdoors.
As for OpenJDK, sure, but how many people have that installed? I don't have any Java installed at all, and many people simply have Oracle's binaries.
I wonder why the I2P and Freenet people continue to use Java when it's known that US companies can't be trusted. Oracle wasn't on any PRISM slides, but it's really in a similar position.
On the topic of trusting compilers, while Clang and GCC aren't made by corporations, both of those are written in C++, meaning, one needs a C++ compiler to compile them. Suspicious: why wouldn't a compiler for Unix be written in C?
That said, I miss using I2P and Tor, haven't used them much lately. I used to participate in some hidden service webforums, but the one I was using most was taken down when a government found some guy who was giving out free hidden service hosting and stopped him.
>>134
What do you want to replace TCP/IP with? Is something wrong with TCP/IP?
>>138
Windows is not secure since it is not open source or audited.
>>146
https://privacysolutions.no/
I remember this project was also started to try making a different i2p router.
As for OpenJDK, sure, but how many people have that installed? I don't have any Java installed at all, and many people simply have Oracle's binaries.
I wonder why the I2P and Freenet people continue to use Java when it's known that US companies can't be trusted. Oracle wasn't on any PRISM slides, but it's really in a similar position.
On the topic of trusting compilers, while Clang and GCC aren't made by corporations, both of those are written in C++, meaning, one needs a C++ compiler to compile them. Suspicious: why wouldn't a compiler for Unix be written in C?
That said, I miss using I2P and Tor, haven't used them much lately. I used to participate in some hidden service webforums, but the one I was using most was taken down when a government found some guy who was giving out free hidden service hosting and stopped him.
>>134
What do you want to replace TCP/IP with? Is something wrong with TCP/IP?
>>138
Windows is not secure since it is not open source or audited.
>>146
https://privacysolutions.no/
I remember this project was also started to try making a different i2p router.
OP here.
>>138
Maybe. First, give us your threat scenario and the motive you need to use windows.
>>137
I see in a different way. Try to create a "Great Firewall" is a pretty complicated step. The first step for control of web is create/control a "gated community" like the Facebook and his clones. Then control WEB friendly major services, google and clones to finally create a great firewall to just do the "extra work".
>>139
I'm from America Latin too, but in SA we have a lot of scenarios. Radio Signal maybe be cheaper but bandwidth will be pretty slow. Also, sadly the smartphones were the first computers of most Latin Americans and I don't like see the Internet become a group of apps.
>>142
I agree, but I think the correct word is obsolete instead insecure. The problems the organization instead change the protocols prefer to fix the same with silver tape (best ex: HTTP and HTTPS).
>>143
Well, we have a start with Tor, Tox, I2p and others.
>>138
Maybe. First, give us your threat scenario and the motive you need to use windows.
>>137
I see in a different way. Try to create a "Great Firewall" is a pretty complicated step. The first step for control of web is create/control a "gated community" like the Facebook and his clones. Then control WEB friendly major services, google and clones to finally create a great firewall to just do the "extra work".
>>139
I'm from America Latin too, but in SA we have a lot of scenarios. Radio Signal maybe be cheaper but bandwidth will be pretty slow. Also, sadly the smartphones were the first computers of most Latin Americans and I don't like see the Internet become a group of apps.
>>142
I agree, but I think the correct word is obsolete instead insecure. The problems the organization instead change the protocols prefer to fix the same with silver tape (best ex: HTTP and HTTPS).
>>143
Well, we have a start with Tor, Tox, I2p and others.
>>149
>>151 (Me)
Sorry, I will elaborate a bit.
There are really good arguments against C, one relevant to your concern is that you no longer can know what the output of the compiler will be because so much is done by the optimizer. In this light, the trust you talk about is mitigated.
Then, different unices have different compilers, and often projects and compilers are incompatible with one another (see >>326), so while in principle this may be the case, in practice you really don't have that trust.
Looking back at your post, you were actually talking about gcc and clang being written in C++. I have nothing to argue there, they are essential to the unix environment so yeah, you're right.
>>151 (Me)
Sorry, I will elaborate a bit.
There are really good arguments against C, one relevant to your concern is that you no longer can know what the output of the compiler will be because so much is done by the optimizer. In this light, the trust you talk about is mitigated.
Then, different unices have different compilers, and often projects and compilers are incompatible with one another (see >>326), so while in principle this may be the case, in practice you really don't have that trust.
Looking back at your post, you were actually talking about gcc and clang being written in C++. I have nothing to argue there, they are essential to the unix environment so yeah, you're right.
After I finish my degree I'd like to design meshnet software for mobiles. That way any high density area would have a decentralized net available.
>>144
>Which protocols? Why are they insecure?
Let's go down on the OSI model:
- Physical Layer: most of the devices run proprietary firmware and have bad security. That's the case of bluetooth, for example
- Data link layer. Your machine should not have a unique identifier (such as MAC address) because a good protocol should not have (or minimal) metadata leak.
- Network layer. IPv4 and IPv6 is not encrypted by default. It should be. Attempts to encrypt it, like IPsec, have been controlled (by NSA) to be weak by itself (source: bruce schneier)
- Transport layer. TCP is bad because it leaks metadata and because of DDoS attacks. UDP is not that bad, though. Although the (dead) SCTP project seems better
- Session layer. PPTP was a joke
- Presentation layer. nothing to talk
- Application layer. Most of then are a joke, especially HTTP and FTP, because of metadata and not encrypted by default (yes, TLS is a joke too).
>>147
>What do you want to replace TCP/IP with?
- Physical Layer: DASH7
- Data link layer: Should not have a UID
- Network layer: check Netsukuku IPv7 approach
- Transport layer: SCTP seems good. UDP is not bad too, if encrypted by default
- Session layer: no need
- Presentation layer: don't seem much problem here
- Application layer: something new, that don't leak any or very little metadata and is encrypted with strong crypto by default
>Which protocols? Why are they insecure?
Let's go down on the OSI model:
- Physical Layer: most of the devices run proprietary firmware and have bad security. That's the case of bluetooth, for example
- Data link layer. Your machine should not have a unique identifier (such as MAC address) because a good protocol should not have (or minimal) metadata leak.
- Network layer. IPv4 and IPv6 is not encrypted by default. It should be. Attempts to encrypt it, like IPsec, have been controlled (by NSA) to be weak by itself (source: bruce schneier)
- Transport layer. TCP is bad because it leaks metadata and because of DDoS attacks. UDP is not that bad, though. Although the (dead) SCTP project seems better
- Session layer. PPTP was a joke
- Presentation layer. nothing to talk
- Application layer. Most of then are a joke, especially HTTP and FTP, because of metadata and not encrypted by default (yes, TLS is a joke too).
>>147
>What do you want to replace TCP/IP with?
- Physical Layer: DASH7
- Data link layer: Should not have a UID
- Network layer: check Netsukuku IPv7 approach
- Transport layer: SCTP seems good. UDP is not bad too, if encrypted by default
- Session layer: no need
- Presentation layer: don't seem much problem here
- Application layer: something new, that don't leak any or very little metadata and is encrypted with strong crypto by default
Yet another re-implementation of the i2p router, in an even more sane language:
https://github.com/hkparker/go-i2p/tree/master/lib/common
https://github.com/hkparker/go-i2p/tree/master/lib/common
>>157
>cjdns
It's not bad, but:
- It's not an anonymous routing
- Has no concerns about leaking metadata
- Uses IPv6, that had some flaws in it's history (although it's encrypted by default on cjdns, which is good)
- Still relies on cable and not on EM waves such as DASH7
- Do nothing about the application layer, therefore, using the same soykaf we use normally: http
It's not bad, as I said, but I think a new network should be:
- Anonymous and distributed by default (maybe use steganography on the tranmission of the packets)
- Work as a meshnet, using something like DASH7
- Have it's own name resolution system, such as OpenAlias
- Leak very little metadata (the network should not give any UID to users... don't ask me how it would work, it's just an hypothesis)
- Use strong crypto, preference to PQ-crypto
- Have a formal proof and formal verification of the code (check Isabelle/HOL and Coq)
- Capability based, secure by default and simple code
- Have privsep by default
>cjdns
It's not bad, but:
- It's not an anonymous routing
- Has no concerns about leaking metadata
- Uses IPv6, that had some flaws in it's history (although it's encrypted by default on cjdns, which is good)
- Still relies on cable and not on EM waves such as DASH7
- Do nothing about the application layer, therefore, using the same soykaf we use normally: http
It's not bad, as I said, but I think a new network should be:
- Anonymous and distributed by default (maybe use steganography on the tranmission of the packets)
- Work as a meshnet, using something like DASH7
- Have it's own name resolution system, such as OpenAlias
- Leak very little metadata (the network should not give any UID to users... don't ask me how it would work, it's just an hypothesis)
- Use strong crypto, preference to PQ-crypto
- Have a formal proof and formal verification of the code (check Isabelle/HOL and Coq)
- Capability based, secure by default and simple code
- Have privsep by default
File: 1492355825193.png (29.08 KB, 200x199, 1487543662925.jpg)
I think I2P has to be the future. Tor is centralized by design. I2P is the best of both worlds between Tor and Freenet. Everybody acts as a node, but there are no negative consequences to doing such. Nobody has to store data for each other.
I think IPFS inside of I2P is the future. Almost permanent data on an entirely anonymous web. This needs to be the future if we are ever to be free.
I think IPFS inside of I2P is the future. Almost permanent data on an entirely anonymous web. This needs to be the future if we are ever to be free.
>>159
>- Still relies on cable and not on EM waves such as DASH7
>- Do nothing about the application layer, therefore, using the same soykaf we use normally: http
You talked about the OSI model earlier, but apparently you have no idea what its actual purpose is.
>- Leak very little metadata (the network should not give any UID to users... don't ask me how it would work, it's just an hypothesis)
>don't ask me how it would work, it's just an hypothesis
Could you please refrain from speaking further about this subject until you actually have a clue as to how networking works? Doing this would require every packet be broadcast to every node on the network and would be unusable, as each computer trying to connect to the network would need to sort through every packet on the network to find out what packets are meant for them.
>>163
>I think I2P has to be the future. Tor is centralized by design. I2P is the best of both worlds between Tor and Freenet
You do know that I2P, Tor, and Freenet are designed to accomplish different things, don't you?
>- Still relies on cable and not on EM waves such as DASH7
>- Do nothing about the application layer, therefore, using the same soykaf we use normally: http
You talked about the OSI model earlier, but apparently you have no idea what its actual purpose is.
>- Leak very little metadata (the network should not give any UID to users... don't ask me how it would work, it's just an hypothesis)
>don't ask me how it would work, it's just an hypothesis
Could you please refrain from speaking further about this subject until you actually have a clue as to how networking works? Doing this would require every packet be broadcast to every node on the network and would be unusable, as each computer trying to connect to the network would need to sort through every packet on the network to find out what packets are meant for them.
>>163
>I think I2P has to be the future. Tor is centralized by design. I2P is the best of both worlds between Tor and Freenet
You do know that I2P, Tor, and Freenet are designed to accomplish different things, don't you?
any mod here? please move this thread to >>/sec.
I just want to escape ISP snooping my requests.
A place to go where few people have access can be found anywhere.
A place to go where few people have access can be found anywhere.
File: 1492838019179.png (100.33 KB, 232x300, dc-15-lindqvist-WP.pdf)
>>164
>Doing this would require every packet be broadcast to every node on the network and would be unusable
I understood >>159 to imply that every networked device would have a disposable/temporary unique identifier that isn't based upon a baked-in value (a la MAC). Yes, you can spoof MACs but that's a bandaid at best and shouldn't need to exist to begin with. It never should have been the job of the hardware to provide a unique identifier for a given device (of which, the NIC is only part of). IPv6 is a clusterfuck because of this and, privacy extensions or not, the base IPv6 standard is what everyone will deploy--all of the extensions, not a good guarantee. People need to propose standards like IPv6 with the expectation that mass surveillance exists, is a real threat to individual freedom, and design them around this from the beginning--not after the fact, although I do concede that it's better than nothing. Attached PDF related.
>>133
I really hope i2p sees greater adoption, as that's where the future of anonymous networks lie. I contribute to the network by running the router on an idle desktop though I would like to set up a VPS (or, even better, bare-metal) running it in the future.
>Doing this would require every packet be broadcast to every node on the network and would be unusable
I understood >>159 to imply that every networked device would have a disposable/temporary unique identifier that isn't based upon a baked-in value (a la MAC). Yes, you can spoof MACs but that's a bandaid at best and shouldn't need to exist to begin with. It never should have been the job of the hardware to provide a unique identifier for a given device (of which, the NIC is only part of). IPv6 is a clusterfuck because of this and, privacy extensions or not, the base IPv6 standard is what everyone will deploy--all of the extensions, not a good guarantee. People need to propose standards like IPv6 with the expectation that mass surveillance exists, is a real threat to individual freedom, and design them around this from the beginning--not after the fact, although I do concede that it's better than nothing. Attached PDF related.
>>133
I really hope i2p sees greater adoption, as that's where the future of anonymous networks lie. I contribute to the network by running the router on an idle desktop though I would like to set up a VPS (or, even better, bare-metal) running it in the future.
File: 1492845628616.png (1.28 MB, 188x200, sakuragnunet.png)
reminder that gnunet is still the future
The internet isn't the same thing as the world wide web. I'd like lainchan's community to move over to freenet's fms... no more accidental server erasures, or the website's owner making a dime of our collective content. Also, anonymity.
>>147
>I wonder why the I2P and Freenet people continue to use Java when it's known that US companies can't be trusted.
easier cross-system compatibility, managed memory, etc.
If you really hate java that much(just install OpenJDK ffs) there's i2pd which is written in C++, but it doesn't have as much maintenance work put into it so use at your own risk.
>Suspicious: why wouldn't a compiler for Unix be written in C?
because C is a soykafty, soykafty language for anything but kernels.
>>149
I trust things written in C *less* than things written in other languages.
>>155
tbh you should contribute to one of the existing ones. There are dozens.
>>159
>Still relies on cable and not on EM waves such as DASH7
afaik it's just a routing protocol, it's link-independent.
>>163
same. I2P really does provide stronger security, at the expense of speed.
>I think IPFS inside of I2P is the future. Almost permanent data on an entirely anonymous web. This needs to be the future if we are ever to be free.
Eh, Freenet is the better tool for that job imo.
>I wonder why the I2P and Freenet people continue to use Java when it's known that US companies can't be trusted.
easier cross-system compatibility, managed memory, etc.
If you really hate java that much(just install OpenJDK ffs) there's i2pd which is written in C++, but it doesn't have as much maintenance work put into it so use at your own risk.
>Suspicious: why wouldn't a compiler for Unix be written in C?
because C is a soykafty, soykafty language for anything but kernels.
>>149
I trust things written in C *less* than things written in other languages.
>>155
tbh you should contribute to one of the existing ones. There are dozens.
>>159
>Still relies on cable and not on EM waves such as DASH7
afaik it's just a routing protocol, it's link-independent.
>>163
same. I2P really does provide stronger security, at the expense of speed.
>I think IPFS inside of I2P is the future. Almost permanent data on an entirely anonymous web. This needs to be the future if we are ever to be free.
Eh, Freenet is the better tool for that job imo.
>>213
>GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old insecure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and applications towards the creation of a GNU internet.
>GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old insecure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and applications towards the creation of a GNU internet.
>>213
I'm seeing a recent push for GNUNet, but I'm still haunted by that horrible UI screenshot. You know the one. Is GNUNet in an easily usable state with content yet?
>>220
>Eh, Freenet is the better tool for that job imo.
Freenet needs other people to host your content though. That's why it's so easy to wage slave against from a civilian view. I really can't see a future for it, it's the opposite of "the cloud."
IPFS means people can pull a file if at least one person is hosting it, and I2P would make this anonymous. Freenet has an issue with government groups publicly admitting to monitoring packets of concern and sending false packets. With IPFS, this isn't possible because it requests the specific hash of the file.
I'm seeing a recent push for GNUNet, but I'm still haunted by that horrible UI screenshot. You know the one. Is GNUNet in an easily usable state with content yet?
>>220
>Eh, Freenet is the better tool for that job imo.
Freenet needs other people to host your content though. That's why it's so easy to wage slave against from a civilian view. I really can't see a future for it, it's the opposite of "the cloud."
IPFS means people can pull a file if at least one person is hosting it, and I2P would make this anonymous. Freenet has an issue with government groups publicly admitting to monitoring packets of concern and sending false packets. With IPFS, this isn't possible because it requests the specific hash of the file.
File: 1492978639837.png (221.61 KB, 200x191, 52592491gnunet.png)
>>227
don't even install the gui
everything else works fine, it's just that there's only like 10 users and no interesting media right now
upon the next major release, a couple of us have plans to flood it with music and currently airing anime and really start pushing it hard
setting up gnunet `trackers' might be a nice transitionary thing to help some people make the switch from torrents
what you have to understand is this is a suite of protocols, not a program
if you can make a better prettier file sharing client that works over gnunet, by all means, you are enthusiastically encouraged to do so
but it doesn't have to just be file sharing, they're aiming to replace the whole of IP, you can make anything work over gnunet
it will be the internet done right, how we didn't yet know it should have been from the beginning
don't even install the gui
everything else works fine, it's just that there's only like 10 users and no interesting media right now
upon the next major release, a couple of us have plans to flood it with music and currently airing anime and really start pushing it hard
setting up gnunet `trackers' might be a nice transitionary thing to help some people make the switch from torrents
what you have to understand is this is a suite of protocols, not a program
if you can make a better prettier file sharing client that works over gnunet, by all means, you are enthusiastically encouraged to do so
but it doesn't have to just be file sharing, they're aiming to replace the whole of IP, you can make anything work over gnunet
it will be the internet done right, how we didn't yet know it should have been from the beginning
>>251
GNUnet looks cool in theory. GNS is pretty awesome, I had it in my NSS for a while. But I stopped running it after I read the code. It's horrendous. If there were a router in Go or Rust, or even C++, I would consider running it, but as of now it's a pile of soykafy C code sprinkled with memory and file descriptor leaks and buffer overflows written by some students. fuarrrk that soykaf.
GNUnet looks cool in theory. GNS is pretty awesome, I had it in my NSS for a while. But I stopped running it after I read the code. It's horrendous. If there were a router in Go or Rust, or even C++, I would consider running it, but as of now it's a pile of soykafy C code sprinkled with memory and file descriptor leaks and buffer overflows written by some students. fuarrrk that soykaf.
>>251
The GUI says I have no connections, the terminal gets no results from searching anything. No documentation to get help from online.
Though once I can get the thing working, I'm absolutely happy to help flood it with content. Will look out for GNUnet threads here. Though I wonder if GNUnet will actually get a major release, since it's got GNU in the name...
I thought GNUnet was a single program, not a suite of protocols. If it's possible to develop a "www" like browser for GNUnet, I can see it competing with I2P+IPFS (which isn't even in existence yet).
>>258
That's a benefit to I2P, multiple router software. Not sure if IPFS has anything like that though.
But the other poster said that GNUnet is a suite of protocols, so if it's anything like I2P, people can write new routers.
The GUI says I have no connections, the terminal gets no results from searching anything. No documentation to get help from online.
Though once I can get the thing working, I'm absolutely happy to help flood it with content. Will look out for GNUnet threads here. Though I wonder if GNUnet will actually get a major release, since it's got GNU in the name...
I thought GNUnet was a single program, not a suite of protocols. If it's possible to develop a "www" like browser for GNUnet, I can see it competing with I2P+IPFS (which isn't even in existence yet).
>>258
That's a benefit to I2P, multiple router software. Not sure if IPFS has anything like that though.
But the other poster said that GNUnet is a suite of protocols, so if it's anything like I2P, people can write new routers.
i2p is more prone to traffic analysis, more hops isn't better and everyone using different browser setups make you stand out even more.
https://www.freehaven.net/anonbib/cache/timpanaro:inria-00632259.pdf
https://www.freehaven.net/anonbib/cache/timpanaro:inria-00632259.pdf