[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] comparison of Tor and Kovri in regards to deanonymization attacks



bo0od wrote:
> i didnt reply to him on what he said because i knew he was a newbie user
> with the statement "you cannot browse cnn.com anonymously via I2P".
> 
> and about IBB, like i said there is until now no official support for
> any browser to I2P or coming with it. But there is work in progress:
> 
> - firefox.profile.i2p
> 
> https://github.com/eyedeekay/firefox.profile.i2p
> 
> - update-i2pbrowser , which convert TBB inside Whonix to work with I2P:
> 
> http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/i2p-integration/4981/248

newbie user? In I2P?
Not even that, I am not an user at all of I2P.

But I know about it and read about it, and the information was extracted
from the official i2p website.

If the website is not properly formatted and updated in description in
order to match reality, than this clearly states how much we can count
on it for anonymity or important stuff.

https://geti2p.net/en/comparison/tor

> 
> 
> grarpamp:
>>> - I2P can be attacked with far less resources than Tor;
>>
>> Moot when $10k is probably enough to Sybil at least
>> some small fraction of either of them.
>>
>>> - Tor is deeply researched and various attack types and problems have
>>> already been solved;
>>
>> So if Tor is done, why don't you start writing grants to reseach,
>> advance, and solve some of the undone, equally applicable,
>> and necessary problem space of mixnets and other potential
>> designs, instead of continuing to throw [government] money
>> at Tor's curve of diminishing returns.

Nobody said Tor is done. In fact it's far from done.
It's just decades ahead I2P, as stated on the I2P official website. You
keep implying non-sense and twist words in your reply, as I correct you
below. Nobody is implying Tor is done, just that is much more researched
than I2P.

>>
>>> - Tor is larger as a network with more capacity, and more diversity;
>>
>> Start advertising, using, analysing other types of networks then.
>>
>>> They also have different purposes so they cannot be directly compared on
>>> absolutely every feature
>>
>> Why do so many reviews keep implying this copout,
>> "B network doesn't have X feature therefore B sucks"...
>> of course networks are different, unique features are
>> not detractions they're just incomparable items,
>> go compare and analyse the similar features then.
>>

Nobody said I2P _sucks_ because it does not have feature X.

The idea is that having different and different purposes they cannot be
compared plain and simple, in a table, they each have various downsides
and upsides. It's kind of like comparing oranges with apples.

apples aren't so juicy.
oranges are.

This does not mean we said apples suck.

>> Both Tor and I2P generally claim their non-exit modes
>> to be anonymous advanced designs resistant to attack.
>> Go compare and analyze that. If you don't like the results,
>> go start new designs.
>>
>> Reviews can even conform features... users can
>> actually torrent internally over both, and exit over
>> both... analyze that.
>>
>> Many orthagonal features are modular ideas embeddable
>> in any decent network anyway, so they're not necessarily
>> unique, only a matter of doing it, if sensible of course.
>>
>>> - I2P is more oriented for traffic inside the I2P network (e.g. you
>>> cannot browse cnn.com anonymously via I2P).
>>
>> Yes you can, you just have to find or be an exit outproxy service
>> and configure it manually.

As stated on the i2p website that could be risky, anonymity is not
guaranteed.

"outproxy functionality does have a few substantial weaknesses against
certain attackers - once the communication leaves the mixnet, global
passive adversaries can more easily mount traffic analysis. In addition,
the outproxies have access to the cleartext of the data transferred in
both directions, and outproxies are prone to abuse, along with all of
the other security issues we've come to know and love with normal
Internet traffic."

>>
>>>> I would summaries the success of Tor over I2P with these points:
>>
>> Government: Initialed the Tor design, put in Decades of $Millions
>> of controlling interest funding, and programmed Marketing.
>>

This is the first thing all critics say. So what if it's government
money as long as the code is open source and anyone can audit it? Anyone
can run a relay and be a part of the network.

I have absolutely nothing against government funding as long as they are
given to Tor Project Foundation as they are, and allow the foundation to
decide for itself how and when to use those financial resources, and for
what they think it's best.

Great things take money.

And currently I don't think government funding still represents the
majority % of the total funding.

You are not forced to use Tor - stop using it if you think government
money cursed it and made it evil.

>> Throw those kind of resources at I2P or any other network
>> and they would be relatively equal contenders too.
>>
>> Throw Voluntary versions of those kinds of resources
>> at any network, and it might be a bit more novel and free
>> to go up against the backer of the "successful" one above.
>>

Okay, could be. But what does this have to do with anything? We are not
discussing "What could be done if the pig could fly" or all the
theoretical stuff. We were discussing current real situation, what is
I2P now, and what it does now, not what it could be if and if.

>>>> - Tor has a modified browser which is a fork of firefox-esr called Tor
>>>> Browser Bundle which is easy to click and run with Tor. I2P until now
>>>> there is no official browser supporting it and user needs to do the
>>>> configurations manually.
>>
>> So stuff I2P inside TBB's work and call it IBB.

What does this have to do with it anything? Of course there are
solutions, who said there aren't? We was discussing the current existing
features not what could be done theoretically.

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk