i2p vs tor

Discussion in 'privacy technology' started by n33m3rz, Mar 21, 2009.

Thread Status:
Not open for further replies.
  1. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    For a mass communications system (aka a forum) being programmed in Java, which network would be better? I really like that I2p seems to focus on hidden services, and that it is already java code with java API makes it easier to work with. As far as hidden services go (I know I2P sucks as an out proxy) which of the two would people say is "more anonymous". I am thinking I2P might be, but the timing attacks on when a server goes up and goes down really seem to be a huge anonymity flaw to me. And which is more secure? I would guess Tor on that point but am not sure.

    In the end we will probably support both, but I am curious just to see what people think the actual best choice would be.
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I would consider either I2P or JAP. I2P because it is supposedly unobservable, adding greatly to your anonymity, or JAP because of the encryption techniques it uses.
     
  3. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    Doesn't JAP have a german government backdoor though?
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    It is disabled from my understanding.
     
  5. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    For what I remember, JAP does have a function that allows the logging of traffic for specific users, but it is usually disabled. When one (or more) valid warrant is presented, they start logging traffic for specific users. Also, they yearly report what logging activities have been accomplished during the year; you can check their website for further details.

    After all, this is, in my opinion, exactly what any anonimity provider does when presented with valid warrant from a valid jurisiction. Isn't it correct?
     
  6. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    Doesn't sound like much of an anonymity network if they can trivially enable logging lol.
     
  7. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    Hahaha I just went to their website they have an entire page on how they can log traffic for "crime prevention" . JAP imo is a joke of an anonymity network, they can even log all traffic to specific websites and have done so (last year by their own records they logged all traffic to a specific website per a court order).

    I don't see how they can even do that, I am pretty much positive Tor could not do the same.

    JAP and Hushmail should go in business with each other =).
     
  8. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Oh yeah, because you are sure that Xerobank, to name one with a good reputation, can't easily log any kind of traffic on their network? You sound really naive. Steve, can you confirm the ability to log any kind of traffic on your network?

    The anonimity and privacy is given, in this kind of service, by the ability and willingness of whoever run the service to fight court orders. On the other hand, anonimity service providers are not based on the moon, so they will HAVE to respond to at least one jurisdiction.
    So, really, don't believe that whatever your anonimity service provider is, you are TOTALLY anonymous.
     
  9. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Markoman is correct that there is a dichotomy of willingness and ability. Our ability to track the traffic is limited to live sessions, and is rather difficult since the traffic is multiplexed across cascades. It's something you would have to put on a rubber suit for and brave a swamp of alligators for. As for willingness, well just read our abuse report process flow and you'll get an idea.
     
  10. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Thanks Steve :)
    On the other hand, Steve, I believe that Xerobank would be willing to cooperate with LEO when investigating crimes against the human rights, if such investigation is supported by valid evidence. Panama jurisdiction, also, would probably force Xerobank to cooperate. Or am I wrong...?
     
  11. CaixFang

    CaixFang Registered Member

    Joined:
    Mar 24, 2009
    Posts:
    72

    Maybe you should go read the case from last year where LEO went to a specific TOR operator and demanded his TOR logs to track someone down. Needless to say, he complied fully and they prosecuted the individual with that proof.

    In reality, TOR may actually be LESS immune to these things, because you dont know anything about the nodes involved adn who those people are. I promise you most nodes are going to gladly hand over everything they have on traffic if LEO shows up.

    Put yourself in those shoes. Say you run a TOR server from home or work. LEO shows up demanding your server and everything related too it. Warrant or not, chances are you are going to hand it all over, because YOU dont want to be prosecuted for obstruction, or other charges. Do you REALLY think TOR operators believe SO much in "free speech" that when the cops come they are going to spend $1000's to fight handing over any traffic info?

    There is no such thing as truly anonymous on the internet. In some way, shape, or form, EVERYONE can be tracked down, its just a matter of how hard it is to track them, and if tracking them down is worth the resources in relation to the crimes. Its all cost/benefit.
     
  12. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    If we had confirmed human rights abuses, we wouldn't need any pressure from LEO, short of that, you would need court orders etc. which are pretty unlikely.
     
  13. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    What is the LEO?
     
  14. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114

    LEO = Law Enforcement Officer

    I know that a German Tor exit node got seized by the authorities. As far as I know they did not trace the individual they were looking for down, but rather arrested the Tor node owner and harassed him for a few days. I am pretty sure they didn't trace who they were looking for, if they did please provide me with a news article that says this.

    Markoman the anonymity in the majority of these networks has almost nothing what-so-ever to do with who runs the service and their ability to fight court orders. The Tor devs can not trivially enable logging like the Jap devs apparently can, it comes down to the volunteer run nodes on the network.

    Anonymity networks keep you anonymous by

    1. Splitting jurisdiction (A node in Russia, a node in Canada a node in Netherlands or whatever). This requires legal action to be taken in three different countries to get the Tor logs. It also requires three separate entities (the volunteers running the nodes) to be compromised by the legal pressure or what-not. It also requires them to log for the most realistic form of traffic analysis. Oh and it also requires the adversary to have international cooperation, that is more realistic these days but the chances of Russia and USA cooperating over legally forcing people to turn over tor logs are slim.

    2. Let's not forget some nodes are using WiFi to connect to the internet. That right there provides a major anonymity advantage. The person with the WiFi router couldn't cooperate even if they wanted, and the person using their WiFi for a Tor Node is a mile away with a long range antenna.

    3. Not everyone logs anyways, most probably do not. This will require ISP level traffic analysis, which is plausible but would be fairly expensive I imagine.

    Really if you trust your anonymity to the willingness of another to not cooperate in court, you are naive heh. I prefer to take non cooperative Tor Node operators as a bonus, I bank my anonymity on the technical design of the Tor network (and the fact that jurisdictions in different countries are not likely to cooperate trivially, but it seems the Jap Devs can trivially trace anyone using their service)

    I don't think Panama would be fast to force anyone to cooperate. Panama is highly unlikely to take the initiative, and there is a good chance they will drag their feet. Panama is good for privacy.
     
Loading...
Thread Status:
Not open for further replies.