Rodi and Tor/I2P

[larytet]

from http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-a5ef15d76002e00d4ce88c7d0a1a5110271ca5b3

In brief, Onion Routing is a connection-oriented anonymizing communication service. Users choose a source-routed path through a set of nodes, and negotiate a "virtual circuit" through the network, in which each node knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each node, which reveals the downstream node.

Basically Tor provides a distributed network of servers ("onion routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc) around the routers, and recipients, observers, and even the routers themselves have difficulty tracking the source of the stream.

i am not sure that UDP based Rodi can be tunneled  through Tor network

Tor presents a SOCKS interface to applications, so any application that supports SOCKS

Rodi does not provide SOCKS interface and most likely will never do. SOCKS means establishing of TCP connection - three way handshake where peer expose IP address. Today UDP based Rodi can use mutlicast to improve network peformance. TCP tunnel will prevent this.

i would consider tunneling of TCP over Rodi. But i do not see any clear gains for Rodi to be tunneled over low performance network of supposedly anonymous proxy servers.

Frankly i do not understand how Tor is in any way better than Mute or Ants.  After all

You are responsible for what passes through your system, end of story

Tor network reached 100 servers recently. it means that there are 100 IP addresses which are needed to be blocked to shutdown the whole network. i must say that Websense blocks about 10K websites related to proxy severs. Websense blocks lists of Proxys, commercial proxys like anonymizer and open source projects like HTTPTunnel. What prevents any government or ISP to block 100 IPs ?

i truly do not understand all the fuss about the application. With all respect to EFF, i think it was wrong to choose one application among may be 10 others. I will put it bluntly - i think EFF makes mistake encouraging this or that specific project.

[Nemo]

i am not sure that UDP based Rodi can be tunneled  through Tor network

AFAIK Tor tunnels only TCP.
If you think it's worth to hide Rodi-nodes, then I would suggest to use I2P as transport medium. I2P provides TCP tunnels (via i2ptunnel) and unreliable datagrams (like UDP). With I2P as transport medium every Rodi node is hidden AND the data is encrypted.

AFAIK Rodi can already provide anonymity via IP spoofing, so Rodi-over-I2P is double-anonymous. This is perhaps overkill and waste of CPU ressources... 

Frankly i do not understand how Tor is in any way better than Mute or Ants.  After all

You are responsible for what passes through your system, end of story

Tor network reached 100 servers recently. it means that there are 100 IP addresses which are needed to be blocked to shutdown the whole network.

Tor is a static network of Tor servers like JAP. I think another problem is a typical client-server-problem: scalability. If there were a million Tor users and only 100 trusted Tor servers should transfer all this traffic, then this system has a problem... What is the gain for a trusted Tor server owner? He has to pay all this traffic. He is perhaps someone with a problem, if an anonymous Tor user abuse his Internet access.

In I2P every new node is a new router, not only a client. This system could (should?) handle more users than Tor...

i truly do not understand all the fuss about the application. With all respect to EFF, i think it was wrong to choose one application among may be 10 others. I will put it bluntly - i think EFF makes mistake encouraging this or that specific project.

I also don't know why they choose Tor. IMO I2P has a better design for an anonymous Internet.

Greetings,
Nemo.

[larytet]

prob a couple of years ago  when EFF tried to choose between I2P, Tor and others Tor was the only project which worked and had some financing. + the project's history - Tor was initiaited with the US Government money.

i think that it was wrong to try to choose the Right Project in the first place. i am not telling about how Tor is good or bad. Every network has it's problems. It's just Tor is no different from any other project in any area and can not be silver bullet for everybody. Organization like EFF should not take part in spinning of one project when there are multiple comparable solutions. and i am not talking about Rodi - Rodi is way too different from any existing network and has it's own problems including "dirty networking" as one critc said. I talk about Mute, Ants, I2P, Freenet, ...

i wonder what one needs Tor for ? Just publish IPs of free SOCKS Proxys and you will not see end to the peers willing to use the network.

EFF could establish free anonymous  HTTP Proxys and create rings containing random sets of these proxys. Everybody could have access to the list of the rings and choose one of the rings randomly.

EFF could hire 3rd party to check that Proxys are independent, etc.

Back to Rodi. After i finish payload encryption, spoofing of RTP, DNS tunneling, obfuscation of HTTP, etc. Rodi  is going to be something which many will not like indeed. Rodi packets are going to be indistinguishable from any other traffic.

The other interesting part of the Rodi story is that Rodi bouncer can not be used for spamming. Publisher gains access to the bouncer only if there is some relationship between publisher and  bouncer. Publisher ASKs bouncer(s) to help to distribute content. Bouncer adds the routing rule manually. If publisher signs the packet and bouncer recognizes the signature as arriving from trusted party only than Bouncer will serve Publisher automatically.

[bitz]

Until version 0.6 of i2p it simply won't scale, as far as I know it's udp networking is not yet ready to be used instead of tcp. My understanding is that in order for the network to scale larger the tcp networking needs to be dropped due to an issue concerning threads.

Still I'd love to for enough people to test that theory. Perhaps if they were to enable udp and disable tcp in thier settings, we could find out what the state of the udp networking really is in.

I don't know about other people, but it would be something to do, until jrandom gets back. I wish he'd have put out 0.6 before he left for vacation or whatever.

So running rodi and whatever over i2p is going to be limited for awhile longer it seems.

[larytet]

Rodi is pure UDP. Rodi Core opens only one socket (binds only one port) and all traffic including management packets from GUI front end uses this single UDP socket.

I am not sure about how tunneling of Rodi packets over I2P will work. When Rodi issues request it sends the packet directly to the destination IP. It is not clear to me how Rodi can send packets to some local machine port  (127.0.0.1:xxxxx) and still reach different Rodi hosts.

No doubt that two Rodi hosts can talk each with other, but than Rodi can not use mutliple source download. I do not see clear gains for Rodi users.

Rodi utlizes IP scan and port scan to find Rodi peers in the network and penetrate NATs and firewalls. Responses to the requests Rodi client sends can arrive from arbitrary IP address not neccessary from one where the client sends requests to. all this complicates tunneling. You can disable IP scan (use masks 255.255.255.255 in the table of hosts) and you do not need NAT penetration (I2P allready handles the problem of NATs and firewalls), but than i'll repeat the question what is the difference between Rodi over I2P and Bittorrent over I2P. i do not see any.

I suggest to run one or more dedicated machines - Rodi bouncers and route the traffic using these proxys. I understand that it's simpler to use existing network when somebody else pays for the bandwidth. But think about performance of I2P. Dedicated Rodi bouncer will serve only well known hosts and can perform relatively well. It's a problem of immediate satisfaction. Rodi today does not provide this satisfaction. It requiers some effort to hide IP address and there is no content in the network.

What i suggest is creating a small community around PlanetPeer Forum. Call it Rodi Hub. it's possible today with the existing code

[Markus]

What i suggest is creating a small community around PlanetPeer Forum. Call it Rodi Hub. it's possible today with the existing code

Well, why not? As long as it is used for legal and test purposes only...

What are the requirements for such a hub?

[larytet]

copy your public key from file peers.trustees.script
publish the public key here under your favorite nickname
advertise IP range from which your ISP assignes IP addresses for your modem
that's more or less it.
if you want to restrict access to the file lists
you have to configure Rodi to sign all outgoing packets with your private signature

load keystore file (password rodiMng)

Code:

conf key load rodiMng.jks rodiMng

sign all outgoing packets

Code:

conf key signby rodiMng rodiMng

discard packets from untrusted hosts

Code:

conf key discardUnsigned true

Important ! there is no backdoors in the code. your private key and public key can not be reproduced without file rodiMng.jks and password.

to make this configuration automatic after restart add all commands to the file rodiCore.script