Do the developers of Whonix plan to migrate project on more secure protocol i2p instead of TOR or at least cover TOR+I2P?
I am reading plenty of articles during last 2 months about TOR weaknesses and many strengths in favor of I2P. What do you think?
I2P will always be a secondary option for people to work with however not the only one. It is not designed for clearnet access and so its userbase will be much smaller and it will impact Whonix utility if it is the only option around. There is an ongoing effort to integrate I2P by default, but the effort needs more help to become ready.
Unless those articles are scientific papers, I wouldnāt make such conclusions. They are both designed in interesting, but different ways.
h702107 via Whonix Forum:
Do the developers of Whonix plan to migrate project on more secure protocol [ā¦]
Citation required.
Do the developers of Whonix plan to migrate project on more secure
protocol i2p instead of TOR or at least cover TOR+I2P?
Not as of now.
I doubt I2P is more secure than Tor. Sure, it has some advantages but there are also plenty of disadvantages like a much smaller userbase and lack of research papers.
Most āvulnerabilitiesā in Tor are way overblown or misunderstood.
Is there anything I could help with? Iām interested in the idea of multiple anonymity networks with Whonix.
We have a thread on the topic. Some headway was made, but unfortunately the main guy is MIA and their repo (concept not code) was deleted:
Here is an archived version:
We are at a point where some things need to be automated/scripted. I think concentrating on including I2P by default in the Workstation is the easier and higher yield route.
EDIT:
Main task would be to optimize and create a second TBB capable of connecting to localhost daemons. This would be useful for zeronet and Freenet and potentially many other uses. May also be relevant to out Tor Browser without Tor version for Hardened Debian.
Adding I2P repos by default and fetching binary from there during build time. We may need to make this part an optional build time parameter according to what @Patrick thinks is best.
This seems like it would be easy to do. Canāt you just disable Tor in the Tor Browser and configure it to use I2P?
How would it connect to I2P? Would it be via Tor or just straight to I2P? I think it would be best to connect straight to I2P to prevent users from sticking out from other I2P users.
Needs to be done in prefs in a consistent way that guarntees it carries over across updates. Privoxy needs to be configured to filter access and so on.
Via its localhost interface.
Since on the WS it will go thru Tor.
I2P comes with applications that are not easy/possible to separate from the node itself at the moment. Also tunneling thru Tor gives more protection in case the nodes are rogue or they are installed on spyware friendly systems like Windows.
There is I2P-Browser (looks like alpha stage) you can test it:
https://geti2p.net/en/download/lab
It will be extremely difficult to keep I2P as useful as connecting to directly to the interent , changing of circuits will disconnect I2P and continuation of re-connection (Though I2P in its normal state connecting to the clearnet is always in disconnecting/reconnecting state, adding it over Tor just real torture)
Tor discourage some I2P features like Torrenting. So when doing that over Tor (since the connection will go over Tor anyway) the state of anonymity&usability is unknown (unless there is good study which i didnt hear of).
Tor lacks IPv6 support (or few nodes support it) , so as the control of upnp (for users who are interested into using it)
So i think its better to keep I2P in parallel with Tor in GW. Not as one over another one.
True and zzz aware of it:
Very true statement , but sadly even Tor nodes itself we cant be sure its nodes not installed over spyware OSs like Windows or Ubuntu or Secure OS but configured to be spywareā¦ and even if we make sure then we cant help it.
Patches welcome.
(Donāt worry about build parameter. That is the easy part I can add later on.)
Custom TBB profile for localhost access + Privoxy
https://phabricator.whonix.org/T770
Customized welcome page and bookmarks for I2P / Alt TBB (keyword: homepage)
https://phabricator.whonix.org/T795
Do you know if it is based on Tor Browser? Can you ask on their forum?
Not in my experience if the I2P settings are adjusted, you can be connected seamlessly. You donāt need full circuit protection in a tunneled setup.āā
The download rate would be so slow that no one would even bother when they can just torrent with a VPN over Tor. Also we don;t have a huge userbase or see this as getting bug adoption to be a problem anyway.
IPv6 still hasnāt really picked up anywhere and is nt a good argument to shelf WS I2P.
Not really possible with the current I2P design with bundled apps as explained above. It would violate the VM separation design and push users to do actions on the GW. I2Pās main functionality is related to its bundled apps. Until this is resolved upstream WS support will do.
No need , i tested that and yes it is.
Tested in Whonix Workstation? Does it connect to an I2P instance also installed on WS?
Yes it did. whonix 15 + i2p 0.9.38 from debian repo.
(but be sure there are alot of issues more than i have mentioned to run I2P connection over Tor you can test that and see yourself)
I thought this was Windows only. The Linux version must have come out recently. There is even a docker image that can be used for extra isolation.
The work is on this is by eyedeekay who has regularly chimed in on the main I2P support thread.
I never knew eyedeekay did official projects for I2P. Iāve talked with him before and seen some of his projects.
The guyās an absolute powerhouse. Check his repos. He just released an apt-transport-i2p plugin.
Also TBB related code:
Yeah, Iāve looked at some of those. They look really interesting.