Still Under DDOS, but here is a status update anyway. The Tor network is breaking.
/d/OpSec icon


17,155 subscribers

Anonymous Planet Onion

Discussion of OpSec, Threat Models, Protection, Assessment & Countermeasures.

Vendors: /d/vendor_handbook.

While the focus of this community's OpSec discussions may center around Dark Net (DN) activity, all members of this sub are encouraged to think about, discuss, and share ideas relating to OpSec.

I2P Fingerprinting

by /u/fineline · 3 votes · 1 week ago

I don't know much about I2P. While reading the whonix docs (whonix .org/wiki/I2P), there is a "Post-Tor I2P Tunnel Effects" table, which notes:

* I2P does not have stream isolation support which means that visits to Eepsites are linkable and fingerprintable -- each request includes the same X-I2P-Dest* headers, which are unique to each user. This might be true for outproxy requests as well.

* If you access site1.i2p followed by site2.i2p, site3.i2p and so on, each one of those operators will see the exact same X-I2P-Dest* values. This means if they are colluding, they will know that the same person accessed all of them.

* I2P operators can build a more detailed profile the longer I2P is left running. The X-I2P-Dest* values only change upon restart of the I2P instance or when the HTTP Proxy tunnel is stopped/started. I2P does not have a fix for this at present, [13] however an experimental plugin is being written to provide a stream-isolating mechanism for http-over-I2P, see: eeProxy

This seems pretty bad for anonymity. Can someone ELI5 the implications of this? To maintain anonymity, is it recommended to restart I2P each time you visit a new eepsite (similar to getting a new tor identity)?

Comments (6)
/u/genz · 1 votes · 1 week ago · Link

I personally have been doing that (restart I2P everytime I want to visit new sites) since day 1 following this guide from Alphabay's admin DeSnake: /d/AlphaBay/wiki?id=872a038c

(It's stated in the very bottom of that guide)

/u/fineline OP · 1 votes · 1 week ago · Link

Thanks! A little annoying, but makes sense.

/u/BlackMask · 1 votes · 1 week ago · Link

So you can't have 2 sites opened the same time? or you run few i2p controllers?

/u/genz · 1 votes · 1 week ago · Link

Yeah, currently I don't have 2 sites opened at the same time and yeah I've been thinking to run another I2P controller in another port and another Tor Browser instances to see if it's going to work!

/u/not_bob · 1 votes · 1 week ago · Link

With Java or Android I2P you can set your HTTP tunnel to go dormant when not in use for a period of time. When you try to use it again it restarts and resets the dest. This will make access after that period of time slower as the tunnel will have to "warm up" in order to be ready for use again. This is not default behavior because of this slowdown.

/u/UberShop · 1 votes · 1 week ago · Link

Yeah thats an issue, they saying its safe because its hard to target, FOR NOW