this post was submitted on 17 Jan 2025
11 points (92.3% liked)

The Invisible Internet Project

1519 readers
1 users here now

I2P Community Edition

This isn't the official I2P channel, if you want go there then you can find it in the links below.

Rules

"Don't be a dick" - Wil Wheaton

General

Media:

File Hosting and Pastebins

Torrents

Social Networks and Microblogging

Exploring I2P

I2P Name Registries

Search engines

IRC

Irc2P comes pre-configured with I2P. To connect with other networks, please follow this tutorial.

Syndie

An open source system for operating distributed forums in anonymous networks

Inproxies

You can use inproxies to surf the I2P network without having to have an I2P router.

Follow us on Twitter

founded 2 years ago
MODERATORS
 

The way DNS works in i2p makes it unreliable and vulnerable to attacks. It wouldn't be to hard for an adversary to do a man in the middle or even do a fake version of a site. Also resolving DNS names is hard and takes a lot of effort.

Honestly the entire system needs to be rethought.

top 8 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 4 days ago (1 children)

Are I referring to name resolution on the network or for when you’re trying to access open Internet webpages via an out proxy?

[–] [email protected] 2 points 4 days ago (1 children)
[–] [email protected] 5 points 4 days ago* (last edited 4 days ago) (1 children)

I still am not sure what your question is asking. Typically, name resolution is handled by your local I2P router using an address book. You trust whatever subscriptions are dumping into your address book. There isn’t really a central naming authority. Names can be set by whatever authority you choose.

Are you concerned about getting a bad address book subscription? What, concretely, do you mean by DNS?

[–] [email protected] 2 points 4 days ago (1 children)

I2p is vulnerable to a malicious party spreading a "alternate" base address for a domain name. All someone would need to do is get a bad entry into something like notbob.

Ideally domain names should work via consensus. A node could request a domain name and then the major of the network could agree to issue a cert. On the client side there could be some sort of cert verification.

[–] [email protected] 2 points 2 days ago* (last edited 2 days ago) (1 children)

non maliciously this is occasionally a problem. different registrars have different rules, some will delete a name after so long the destination is dead, others wont. so registrars will let you register an abandoned name with a new destination, but some wont. But local address books will default to the older destination over the newer one.

i think it was done this way so there could be no one thing declaring google.i2p goes to a destination, locally you decide. wouldn't be a bad idea to incorporate some sort of cert though, a lot of that work would fall to the registrars to agree i'd think, like on expiring names.

i think the idea of using dht for this so it's more like a network consensus thing has come up, but there's reasons not to do this.

[–] [email protected] 1 points 2 days ago

I think the reason it isn't like that is because it is incredibly complex to do. Also if there is a design flaw it could be used to attack people.

[–] [email protected] 1 points 4 days ago (1 children)

I think my big gripe with I2P is the speed. I expected it to be much faster than accessing a tor hit in service. And it just absolutely completely disappointed me. Connecting to a monero node on tor got me 500KiB/s, on i2p i got 40KiB/s at best. Very disappointed.

I was under the impression that I2P was built with hidden services in mind. And I've been disabused of that notion.

[–] [email protected] 3 points 3 days ago

I have gotten several mb/s

It really depends on the peers