De-anonymizing I2P users by camb

privacy · @camb · Feb 26 '17 (edited)

$44.04

De-anonymizing I2P users

# Understanding a threat is key in choosing appropriate counteractions to take.
![itoopie.png](https://steemitimages.com/DQmV2N6HvGd4MBazvauTRhWXTDte2beps5mhuVrHVFhx1yq/itoopie.png)

In my opinion I2P is a bit more interesting than Tor since in theory I2P should be more difficult to attack than Tor. In reality Tor has a larger community and has been reviewed and inspected more than I2P.

This is part of a white-paper I wrote on tracing users in an "anonymous" DHT network. For the following attack on I2P users the attacker will use multiple nodes and it's assumed the attacker has no previous idea who or where the victim is.

# Attacking I2P users
The attackers router A keeps a fixed location in keyspace and router B moves closer to the source with every intercepted insert or request by the victim.

The attackers routers will have to wait until they are the final hop of an inbound or outbound tunnel of the victim's insert of a lease set before they will be able to determine a closer location of the victim's source in order to track eepsites. When running I2P-Bote an attacker can log and trace insert's and request's for a Bote ID. The attacker can recognize if a final hop was in the path of a victim since it will show a lease-set that can be associated with the victim's eepsite or Bote key.

## Only 1 out of 3 times the attacker participates in the correct tunnel will it become the last hop since average tunnels are 3 hops.

Becoming the final hop in a request's or insert's tunnel is necessary to recognize a destination and requires very high connectivity as the attackers chances of being part of a tunnel are lower the further away in keyspace the attacker is.

## By using "floodfill routers" for this attack on eepsites the required time will be reduced greatly since the attacker will be able to intercept newly inserted or requested lease sets

By intercepting new lease set inserts to the netBD the attacker will be able to move significantly closer in the network before needing to worry about being the final hop in a tunnel. Only after the attacker has narrowed the victims keyspace down to a small enough area will he have to eventually become part of every hop in a relevant tunnel to be sure that the victim is located at a certain keyspace and IP.

# I am not trying to bash I2P at all
By explaining how I2P can be attacked I hope I can point out how safe it actually is and convince more users to join the network. I2P works on desktops, servers and Android devices. Take a look if you are interested. https://geti2p.net
![routerconsole-light.png](https://steemitimages.com/DQmW1WReihNGhbuaFuFgyem7yVjQWXCDovbbqy3SVvLjPGW/routerconsole-light.png)

Bottom line: I think I2p is pretty hard to attack.

## Good luck out there friends. @camb

👍 blocktrades, transisto, sochul, abit, teamsteem, idealist, doitvoluntarily, ausbitbank, marius19, will-zewe, jamtaylor, felixxx, mindfreak, stevescoins, stephenkendal, awesomenyl, alexandergomez, matrixdweller, qubes, neogia, crazymumzysa, craigwilliamz, unhorsepower777, steemprentice, oholiab, ixindamix, angel76, ssekulji, ashleywilliamz, breezin, randyclemens, lamech-m, proctologic, gamer00, ffane, pairmike, jonathanxvi, fisteganos, sqube, steemitawards, sokal, gildar, glie, madlenfox, karenmckersie, jamesjarman, richardcrill, giantbear, barrydutton, irawandedy, konelectric, tonylondon, whatageek, forrestwillie, steemitguide, ubg, sergey44, steemland.com, thedeplorable1, meysam, chamviet, jphenderson, timelapse, stray, and 26 others

`author`	camb
`permlink`	de-anonymizing-i2p-users
`category`	privacy
`json_metadata`	{"tags":["privacy","security","i2p","anarchy","anonymous"],"users":["camb"],"image":["https://steemitimages.com/DQmV2N6HvGd4MBazvauTRhWXTDte2beps5mhuVrHVFhx1yq/itoopie.png","https://steemitimages.com/DQmW1WReihNGhbuaFuFgyem7yVjQWXCDovbbqy3SVvLjPGW/routerconsole-light.png"],"links":["https://geti2p.net"],"app":"steemit/0.1","format":"markdown"}
`created`	2017-02-26 00:21:18
`last_update`	2017-02-26 03:50:54
`depth`	0
`children`	5
`last_payout`	2017-03-29 11:42:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	33.056 HBD
`curator_payout_value`	10.988 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	2,786
`author_reputation`	2,733,578,557,743
`root_title`	"De-anonymizing I2P users"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	0
`post_id`	2,594,038
`net_rshares`	78,025,660,422,712
`author_curate_reward`	""

properties (23)vote details (90)

voter	rshares	pct
blocktrades	64,558,637,361,257	100%
abit	622,024,850,337	1%
pairmike	3,727,015,615	1%
proctologic	4,490,975,477	1%
abcd	116,786,944	1%
konelectric	812,160,489	1%
jamtaylor	72,166,691,987	100%
idealist	213,552,478,120	100%
forrestwillie	646,585,854	1%
teamsteem	419,733,313,454	100%
oholiab	12,751,792,223	100%
will-zewe	72,985,137,992	100%
andrei	248,908,166	1%
grey580	373,850,061	1%
ffane	3,839,495,559	100%
chamviet	506,063,025	100%
ausbitbank	133,518,429,531	100%
jamesjarman	1,703,113,676	1%
transisto	10,216,290,837,957	100%
karenmckersie	1,892,584,097	1%
ubg	587,493,740	1%
sokal	2,880,685,815	100%
crazymumzysa	18,485,335,224	100%
sergey44	543,720,475	100%
marius19	92,152,952,290	100%
dirty.hera	143,101,623	100%
felixxx	54,374,513,720	100%
toxichan	162,288,585	1%
timelapse	462,654,920	1%
tannukas6	63,576,844	1%
randyclemens	5,510,074,090	100%
darthnava	379,504,445	1%
quitothewalrus	333,379,891	100%
matrixdweller	22,480,231,550	100%
lamech-m	4,840,687,416	100%
mindfreak	47,266,071,468	100%
stevescoins	45,751,799,787	100%
craigwilliamz	18,130,025,541	100%
barrydutton	1,237,222,169	1%
stephenkendal	32,754,567,174	100%
ashleywilliamz	7,520,799,046	100%
steemitguide	629,068,017	1%
richardcrill	1,439,936,368	1%
doitvoluntarily	146,982,147,352	100%
jacobts	229,277,401	1%
patelincho	110,995,105	1%
ssekulji	7,894,835,130	100%
awesomenyl	28,311,852,834	100%
steemitawards	2,944,558,481	100%
gamer00	4,457,095,563	1%
unhorsepower777	16,945,120,168	100%
revostrike	115,663,685	1%
giantbear	1,238,218,406	1%
stray	422,858,639	1%
sochul	983,447,156,482	100%
daisyd	255,670,224	1%
steemland.com	528,094,441	10%
angel76	11,215,559,947	100%
sqube	2,968,338,880	1%
whatageek	691,835,158	1%
breezin	6,606,212,753	100%
jonathanxvi	3,600,706,113	100%
steemprentice	15,973,747,167	30%
ixindamix	12,070,524,122	100%
irawandedy	978,854,280	100%
seablue	342,988,728	1%
gildar	2,674,352,264	100%
qubes	19,763,143,906	100%
meysam	507,704,580	1%
kyra-kristian	77,542,766	100%
madlenfox	1,896,483,475	100%
jphenderson	487,600,150	30%
johnthehoan	302,275,107	1%
alexandergomez	24,873,181,545	100%
driptorchpress	76,912,960	1%
nik69	124,158,152	100%
fisteganos	3,418,318,114	40%
thedeplorable1	527,297,228	1%
neogia	19,667,228,245	100%
tonylondon	758,112,862	100%
denmarkguy	251,872,805	1%
mestyz	87,109,563	100%
vegaiq	125,469,416	100%
camb	366,157,617	100%
ambyr00	63,645,203	30%
developpsoft	382,973,600	100%
kamidela	51,025,493	100%
glie	2,041,501,657	100%
poksinblog	291,523,942	100%
hagbardceline	364,398,984	100%

voter	rshares	pct
abit	26,125,043,714,192	100%
abcd	3,386,821,395	100%
escrow	500,923,995	100%
camb	0	0%
hagbardceline	357,111,004	100%