Shoalsteed / I2P-Secure-Design-Collective

1 stars 0 forks source link

Add to "About I2P" - Get rid of Gentle Intro. #83

Open Shoalsteed opened 1 year ago

Shoalsteed commented 1 year ago

https://geti2p.net/en/about/intro

The Invisible Internet Project (I2P)

The Invisible Internet Project began in 2002. Initially the project began as a proposed modification to Freenet to allow it to use alternate transports, such as JMS, then grew into its own as an 'anonCommFramework.'

The vision for the project, as described in an interview with Lance James was for the I2P Network "to deliver full anonymity, privacy, and security at the highest level possible. Decentralized and peer to peer Internet means no more worrying about your ISP controlling your traffic. This will allow (people) to do seamless activities and change the way we look at security and even the Internet, utilizing public key cryptography, IP steganography, and message authentication. The Internet that should have been, will be soon." Since then I2P has evolved to specify and implement a complete suite of network protocols capable of delivering a high level of privacy, security, and authentication to a variety of applications

The project is open source. The router and most of the SDK are public domain with some BSD and Cryptix licensed code, while some applications like I2PTunnel and I2PSnark are GPL. The core software is written in Java (1.5+), and some third party applications are being written in Python and other languages. The code works on Sun Java SE and other Java Virtual Machines.

What is the Invisible Internet? The Invisible Internet is an encrypted peer-to-peer overlay network that has been developed for traffic protection and blocking resistance by design. The network uses two protocols (NTCP2 and SSU2) that are based on TCP and UDP with the purpose of providing the best encryption and blocking resistance possible within the network. Traffic, location and message contents are protected. Both sender and recipient are unidentifiable to each other, as well as to third parties.

The network supports dynamic reconfiguration in response to various attacks, and has been designed to make use of additional resources as they become available.

The network hides the server from the user and the user from the server. Encrypted unidirectional tunnels are created between peers. No one can see where traffic is coming from, where it is going, or what the contents are.

Because the network relies on peers to route traffic, location blocking is also reduced and there is resistance to pattern recognition and blocking by censors.

An essential part of designing, developing, and testing the network is to define the threat model.

There is no such thing as "true" anonymity. From a network perspective, there are only ways to make it more difficult to observe and identify traffic contents. The network handles queries and delivers messages in a way that makes this more difficult for potential network observers. On the I2P network all messages are essentially indistinguishable from the others.

A Brief Technical Overview of the Network The network uses cryptography to achieve a variety of properties for the tunnels it builds and the queries and messages it transports. Tunnels use transports, NTCP2 and SSU2, to protect the contents of the traffic being transported. Connections are encrypted from router-to-router, and from client-to-client(end-to-end).

Forward-secrecy is provided for all connections. I2P network addresses are cryptographically addressed and self-authenticating and only belong to the user who generated them. This protects from things like Man In The Middle attacks.

I2P is a peer-to-peer overlay network. The network is made up of peers ("routers") and it creates unidirectional inbound and outbound virtual tunnels. Routers communicate with each other using protocols built on existing transport mechanisms (TCP and UDP), passing messages. Client applications have their own cryptographic identifier ("Destination") that enables them to send and receive messages. These clients can connect to any router and authorize the temporary allocation ("lease") of the tunnels that will be used for sending and receiving messages through the network. The network has its own internal network database using a modification of the Kademlia DHT for distributing routing and contact information securely.

About Decentralization and I2P The I2P network is almost completely decentralized, with exception to what are called "Reseed Servers," which is how you first join the network. This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem. Basically, there's not a good and reliable way to get out of running at least one permanent bootstrap node that non-network users can find to get started. Once you're connected to the network, you only discover peers by building "exploratory" tunnels, but to make your initial connection, you need to get a peer set from somewhere. The reseed servers, which you can see listed on http://127.0.0.1:7657/configreseed in the Java I2P router, provide you with those peers. You then connect to them with the I2P router until you find one who you can reach and build exploratory tunnels through. Reseed servers can tell that you bootstrapped from them, but nothing else about your traffic on the I2P network.

I2P is Peer -to Peer You will see IP addresses of other I2P nodes in the software router console. This is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.

What I2P Does Not Do The I2P network does not officially "Exit" traffic. It has outproxies to the Internet run by volunteers, which are centralized services. I2P is primarily a hidden service network and outproxying is not an official function, nor is it advised. The privacy benefits you get from participating in the the I2P network come from remaining in the network and not accessing the internet. I2P recommends that you use Tor Browser or a trusted VPN when you want to browse the Internet privately.

Visit the project on Gitlab.

For more in-depth information about the network, its protocols and encryption methods, please see the I2P Technical Docs.

Shoalsteed commented 1 year ago

https://geti2p.net/en/docs/how/intro - this page completely outdated.

Shoalsteed commented 1 year ago

new infographic needed and better description required.