Split I2P router from I2P services

Proposals for I2P
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Split I2P router from I2P services

Post by anonymousmaybe »

I2P is nice tool , but having it all together with other services making it less secure and less configurable/modifiable.

e.g:

in Whonix by design the GateWay acting as the router , and the WorkStation acting as the normal distro where the user doing his activity. So having I2P for this Design is not secure as if someone gonna install I2P it will be all installed inside the GW (Jetty,I2Psnark,Susimail ....etc) but we only needs the router (similarly in simplicity to Tor) while these services should work from the WorkStation.

this gives the opportunity to I2P things way much easier and safer.
Last edited by anonymousmaybe on 09 Oct 2018 17:28, edited 1 time in total.
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: Split I2P router from I2P services

Post by echelon »

Hi

Not easy to do, as the router itself is rahter useless, you need all the services around, like streaming, transports, addressbook,...
Also you already disable all unneeded services in the settings.

echelon
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Re: Split I2P router from I2P services

Post by anonymousmaybe »

echelon wrote: 09 Oct 2018 16:47 Hi

Not easy to do, as the router itself is rahter useless, you need all the services around, like streaming, transports, addressbook,...
Also you already disable all unneeded services in the settings.

echelon
Hey!

i know but make these running services as a separated services can be installed by the user will (not default).

e.g:

if he wants I2Psnark then

Code: Select all

sudo apt install i2psnark
and so one for the rest of the services(if needed).

i know its hard , but it will give I2P huge advantages to be used as router for different aspects of ideas and make it ease on their developers e.g:

I2P an OS
I2P a firmware
I2P just for X service
...etc.

thus this helping alot on a future vision for better/more I2P usage.
Last edited by anonymousmaybe on 14 Oct 2018 12:09, edited 1 time in total.
zlatinb

Re: Split I2P router from I2P services

Post by zlatinb »

I've been championing something very similar. Furthermore, I would like to see the I2P project focus solely on the router, similar to how kernel.org focuses only on the Linux kernel. Then someone else can put together a complete distribution like Debian does for Linux.

The benefits of this is that just like different Linux distributions target different markets, different I2P distributions can specialize for the needs of different users. This gives great flexibility to customize the I2P experience; for example, someone may choose to get rid of SusiDNS and implement a solution that resembles clearnet DNS. Someone may choose to build a distro which specializes in content creation, another may choose to specialize on Irc2P, yet another on filesharing, yet another on social networking, etc.
User avatar
zzz
Posts: 155
Joined: 31 Mar 2018 13:15

Re: Split I2P router from I2P services

Post by zzz »

Already in the works, although currently stalled:

http://trac.i2p2.i2p/ticket/2132

Need more of mhatta's time to make it a reality, and Tails is ahead of it on the priority list. Hopefully next year.
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Re: Split I2P router from I2P services

Post by anonymousmaybe »

in order this to happen , we should split any connection to the router within the same port.

this is dangerous in order to allow i2pbote or susimail ...etc then i should allow as well the same port of router 7657.

either make the apps which are built on top of I2P to prohibit the usage of the same port of the router (similar to irc2p uses 6668) or make the router to be configured on a different port.
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: Split I2P router from I2P services

Post by echelon »

hi

you do know you talk about completely differnet networks, protocols, services and mix all together?
Not a good idea, really.

echelon
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Re: Split I2P router from I2P services

Post by anonymousmaybe »

echelon wrote: 14 Oct 2018 21:12 hi

you do know you talk about completely differnet networks, protocols, services and mix all together?
Not a good idea, really.

echelon
I2Psanrk,Susimail,Jetty... these are services of I2P then its not safe or good idea so be working on the same port and only on the same place of the router.

one I2P service which is nice to use = Irc2p, because it uses different port and user can run it away from the router.

from the router we only need the connection/tunnel , but the service itself we want it to be running away from it.

when a user asking for a Door , you are giving him a whole House. This design cant be acting well to anonymity sake in nowadays.
echelon
Posts: 261
Joined: 10 Feb 2018 13:36

Re: Split I2P router from I2P services

Post by echelon »

Hi

Sorry, what? Did not understand a word of what you want to propose.
I2P is a complete set of router and apps to be used.
Users can disable single services in the router console (or config file).
Services are only on localhost running, in a system a user can control. If the local system is not a safe place, there is nothing I2P can do for you. Sorry.
Also thats not the target/goal for I2P, to run in a compromised system, thats far out of scope.
But users can easy change the settings to run each I2P settings on a different interface, port, system and use the remote. Or use SSH.

Also why run I2P and services on different system for a home user with only 1 computer, which is the biggest user group of I2P?

So, please explain what you propose.

echelon
anonymousmaybe
Posts: 35
Joined: 06 Oct 2018 17:06

Re: Split I2P router from I2P services

Post by anonymousmaybe »

let me rephrase what i wrote:

1- having a vulnerability in service X application will lead to de-anonymization of the I2P user because this will directly hit by default the router since they are up and running into the same path. solution:-

separate the two sources the Service X from the router , which mean even if someone hacked the Service he cant jump through the router and know the user IP. and this is Whonix design even if the hacker hacked the application in WorkStation and gained Root privilege he cant know the real IP of the user.

2- I2P router can be configured and entered with this port 127.0.0.1:7657 , well the problem it is as well allowing other applications/services to use the same port like susimail or i2p-bot or jetty ...etc all these services using 7657. except IRC2P which is uses 6668 and thats cool. solution:-

prohibit any running software to run/use the same port as the i2pconsole. like specifying 7657 only for the router configuration.

3- Whonix design can protect the user even if he got hacked with services out the scope I2P e.g he got hacked through malicious PDF. then his traffic will still be encrypted and anonimized through I2P. (same almost to point 1)

...etc of mitigating of insecurity if all of the services built and happened to be in one place.

i suggest for you to read Whonix Design (WS,GW) and so as Qubes Design (compartmentalization) then you will know the benefits of separating things better than aggregating them.
Post Reply