DEFCON 27 Trip Report

I2P talks and events I2P takes part
Post Reply
User avatar
zzz
Posts: 155
Joined: 31 Mar 2018 13:15

DEFCON 27 Trip Report

Post by zzz »

Trip Report
DEFCON 27
Las Vegas Aug. 8-11, 2019

idk and I attended DEFCON 27 and presented two workshops on I2P for application developers, with support from mhatta and Alex. I gave the workshop at Monero Village and idk gave the one at Crypto/Privacy Village. Here, I will summarize the Monero Village workshop, and a Tor talk by Roger Dingledine. idk will post a trip report covering his workshop.

We had about 8 attendees for the Monero Village workshop, entitled "I2P for Cryptocurrency Developers". We planned to discuss the particular networking needs for each application and work through the various i2ptunnel and SAM options available. However, all attendees were relatively unfamiliar with I2P, so we pivoted and gave an overview of I2P. As none of the attendees had a laptop with them, we helped several of them install I2P on their Android phone and walked through some of the features of the app. For all users, the app appeared to reseed and build tunnels fairly quickly.

One common question after installing the app was "what do I do now?". The app doesn't have a 'hidden services of interest' section or first-run wizard like our desktop application does, and most of the default addressbook entries are long-dead. There's improvements we could make to the first-run experience. Also, some of the more interesting parts of the app are hidden behind an advanced setting; we should review those items and consider un-hiding some of them.

It's always useful to go to Tor talks, not so much to find out what they're doing, but to hear how they explain things to people, and what terminology they are using. Roger's talk "The Tor Censorship Arms Race" was in a large room attended by about two thousand people. He gave a very brief overview of Tor with only three or four slides. He says they now have "two to eight million users a day". Most of the talk was a review of national blocking attempts over the years, starting with Thailand and Iran in '06-'07 through Tunisia, china, and Ethiopia in 2011. He called Tor bridges a "crappy arms race". He showed a new form to be showed to new users, with a checkbox "Tor is censored in my country".

Their new pluggable transport "snowflake" uses a combination of domain fronting, webrtc, javascript, brokers and proxies to reach a Tor bridge. Roger only had one slide on it, and I wasn't familiar with it, so we should do more research on what it's all about. He briefly mentioned some things they may be working on next, including "salmon" distribution of bridges, FTE/Marionette, decoy routing, and "cupcake" which is an extension of snowflake. While I don't have any further information about them, they may be good buzzwords to keep an eye out for on their mailing lists.

Much of Tor's censorship woes is due to Tor's popularity, but their TLS handshake is a particular issue and it's been the focus of much of the "arms race" over the years. In some ways we're in better shape, as we've taken several features of their current-best obfs4 pluggable transport and build them into NTCP2. However, we do have issues with our website and reseeds being blocked, as Sadie and Phong will be presenting at USENIX FOCI this week.

Notes for next time: I do recommend DEFCON, as long as we find a village to call our home. It's an enormous conference and the limited general hangout spaces are massively overcrowded. Both Monero Village and Crypto/Privacy Village were fantastic hosts and we had several hours at each spot to meet with people. We should find more opportunities to work with both organizations. There were also ZCash people at the Monero Village and we should work with them also. Any future workshop should be targeted at a more general audience. We do need a standard "Intro to I2P" slide deck; it would have been helpful at the workshops. Don't expect attendees to have laptops with them, focus on Android for any hands-on exercises. There's several improvements to be made in our Android app. Drink lots of water in Vegas... and stay away from the slot machines.
User avatar
eyedeekay
Posts: 75
Joined: 21 Jul 2018 06:53

Re: DEFCON 27 Trip Report

Post by eyedeekay »

I went to Def Con 27 last weekend to give a workshop on I2P application
development, and to meet zzz, mhatta, and Alex in person.

My workshop went well, we even had a few application developers attend! In
particular I had a pretty lengthy conversation with a person named Mary about
how I2P could be used to eliminate centralization and enhance privacy in
a "Magic Wormhole" type of application. While I wasn't totally familiar with
Magic Wormhole at the time, I think most of my advice was usable. I think Mary
had some very interesting and workable ideas about sharing information in more
human-centric ways that could be interesting in I2P applications, and am looking
forward to experimenting with some of those.

The materials I made for the application development workshop are available on
Github! https://github.com/eyedeekay/defcon Please consider it a living document,
your input is desired! As it is licensed permissively, you are free to fork it and make
it your own as well. Share your examples, your hacks, or correct my comma use,
complain about my document preparation style, or just print off your own copy in
booklet form!

I also talked to a guy who gives advice to the government about the differences
between I2P and Tor, why I2P is more P2P-friendly, and some scenarios in which
peers in a P2P application might want to have enhanced privacy from each-other,
and why I2P is perhaps uniquely suited to accomplish that.

In general, both the application development workshops went well, even though
they didn't go entirely according to plan in that only a small proportion of the
audience were application developers. The impression I got was that many people
are very interested in I2P, but also many people are confused by how interacting
with I2P works. By re-focusing on their questions and by teaming off with zzz,
mhatta, and Alex we were fairly successful at dealing with our audience, which
was more varied in terms of occupation, interest, and I2P knowledge than
expected.

Besides that, I also talked to Alex about my experimental contextual-identity
driven I2P proxy plugin for Firefox and eventually, Brave Browser. Got to talk
a little about bundling, but not too much, as it was a very busy convention. I'm
looking forward to following up with him on that soon.

mhatta and I almost won a lobster from a claw machine, but it was a real
fighter and got away at the last second. Really thought I had it for a moment
though. :lol:

To add to zzz's notes for next time, aside from being more general I believe our
workshops would not have been as able to adapt to the needs of the audience
without the support of mhatta and Alex. Having people who can help particpants
individually or in small groups was immensely helpful, many, many thanks to both
of them for helping us out.
Post Reply