I2P AND THE DARK WEB

By John C. Liu, PhD CFA November 4, 2016

3 BIG IDEAS

WE VALUE PRIVACY

PRIVACY HAS A VALUE

ONLINE ANONYMITY

I2P IS BETTER

PRIVACY HAS VALUE

MONETIZING PRIVACY

LOSS OF PRIVACY IS BIG BUSINESS

BUSINESS OF TECH

CAPTOLOGY

FIGHTING BACK

ANONYMOUS COMM

Virtual Circuit

HOW TOR WORKS

Access to Clearnet

3-LAYER ENCRYPTION

EASY TOSET-UP

JUST INSTALL TOR BROWSER

TOR GUARANTEES

PRIVACYSOURCE, DESTINATION, PAYLOAD ENCRYPTION

ANONYMITY(OR DOES IT?)

FLAWS OF TOR

ExitNodeTarge.ng

EntryPointSurveillance

So7ware/HardwareFingerprin.ng

TimingAnalysis

Des.na.onFingerprin.ng

CentralServerRepository

MITM

STORY OF ELDO K.•  HARVARD STUDENT •  DIDN’T WANT TO TAKE FINAL EXAM •  EMAILED BOMB THREAT •  USED TOR TO DISGUISE HIMSELF

WHAT HAPPENED?•  ELDO USED UNIV NETWORK TO ACCESS TOR •  HE WAS IDENTIFIED AND ARRESTED IN HOURS •  ELDO SENTENCED TO COMMUNITY SERVICE

A BETTER WAY: I2PINVISIBLE INTERNET PROJECT

WHAT IS I2P?•  ORIGINATED IN 2003 AS

INVISIBLENET•  DECENTRALIZED NETWORK

LAYER•  END-TO-END ENCRYPTION•  NO OUTPROXY TO CLEARNET

FULLY DISTRIBUTEDSELF ORGANIZINGRESILIENT

NO CENTRALIZED DIRECTORY SERVER

PACKET SWITCHED VS.CIRCUIT SWITCHED

SHORT-LIVED, SIMPLEX TUNNELS

HOW IT WORKS

•  Layered Encryption

•  Message Bundling

•  Tunnel Routing

•  ElGamal/AES Encrypton

Message Message

Message Message

MessageMessage Message

MESSAGE BUNDLING

KEYS TO I2P

• GARLIC ROUTING

• MESSAGE BUNDLING

• E2E ENCRYPTION

• RANDOM DELAYS

EEPSITESI2P-ONLY WEBSITES

I2P & CRYPTOCURRENCY

I2P BOTE SECURE-EMAIL

SECURE, ANONYMOUS, HASH ADDRESS

COMPARISONTor I2PCell Message

Client Router

Circuit Tunnel

Directory NetDB

Hidden Service Eepsite

Onion Garlic

Less Secure More Secure

I2P LIMITATIONS

•  NO ACCESS TO CLEARNET •  SMALL USER BASE •  STILL VULNERABLE TO ATTACK

(BUT LESS SO THAN TOR)

I2P IS THE FUTURE

THANK YOU. JOHN@BEOWULF.IO

HTTPS://GETI2P.NET