In reply to "Security.Expert@SANS.Institute" who wrote the following:
> Disclaimer: I have only spent about five minutes on the I2P website,
> but saw several points for concern. I need to study it further.
>
>
> Mort maybe totally innocent, just naive. You are potentially sharing
> your address with everyone on his peer-to-peer sharing network.
>
> Although I2P traffic is encrypted and cannot be read by anyone other
> that the sender and receiver, the users' IP addresses may be
> exposed!!!! Law enforcement can use this information to get your home
> address.
>
> I2P is using peer-to-peer sharing, whereas Usenet is Client-Server.
>
> What's the difference?
>
> On Usenet, only the Usenet provider knows the IP address of the poster
> and lurkers. Mort sends his post to the NewHosting servers, which can
> see his IP address. But it is not available to any of the lurkers.
> They only need to connect with their usenet provider to download the
> files. Lurkers never connect directly to Mort's system, so they don't
> need his IP. And Mort does not need your IP-address.
>
> I2P is decentralized, that means there is no server. You download the
> files from Mort's machine directly, so his system needs to know your
> return IP-address. Although this address is encrypted, it may be
> compromised!
>
> Maybe Mort is perfectly trustworth and properly configured to maintain
> security. But what about the rest of the peers participating in
> sharing the files?
>
> On peer-to-peer sharing networks, everyone's system is communicating
> with all the other systems. You are not just downloading the file
> from Mort, but also Tom, Bob, and Peter. Then once the file is on
> your machine, it allows others to download it from you. ( The court
> will say, ' ... you were not just download kiddy-porn, you were
> DISTRIBUTING it.' )
>
>
> How files propagating across peer-to-peer sharing networks.
>
> Mort provides a file for others to download. Tom, Bob and Peter
> download it on to their systems. Jack and Ralph request the file, not
> from Mort but from the entire network. So Mort, Tom, Bob and Peter's
> systems all send parts of the file to Jack and Ralph's systems. Forty
> five other lurkers download the file.
>
> When you request the file from this network of 50 machines, they all
> get a copy of your IP-address so they know where to send the pieces.
>
> Now that you have the file, your machine becomes part of the network,
> and it start sharing pieces of file with new downloaders. When
> another 50 downloaders request the file, they get your return address.
>
> So now 100 people have your encrypted IP-address. Are they all
> trustworth? Are they systems secure? Was one of them a police
> officer?
>
> Yes your IP-address is encrypt, while traversing the I2P network, but
> it must be decrypted at the Outproxy (exit node). At this poiint you
> are vulnerable. Law enforcement used compromised exit nodes on the
> TOR network to track down Ross Ulbricht, who ran the Silk Road. Note,
> he was much more knowledgible than any of us. He was smart enough not
> to login from home. Still the FBI caught him using his laptop at the
> public library to login through TOR.
>
> Another point of concern is the length of the tunnel.....it's
> variable...
>
>
>
> To be continured after I have had time to research this further.
LOL I'm not on I2P. That's others that are talking about it. Since you brought
up Newshosting? Is it worth switching to? Which ones do you recommend? Giganews
kinda sucks tbh. Slow and tons of broken files. I'm switching after the new year
for sure
-Mort
--
----------------------------------------- --- -- -
Posted with NewsLeecher v7.0 Final
Free Newsreader @ http://www.newsleecher.com/
------------------------------- ----- ---- -- -
|
|