Using only 1 hop for torrenting
Using only 1 hop for torrenting
Would torrenting be safe enough if everyone uses only a 1 hop setting. As far as I understand this should be as safe as using a vpn on clearnet while allowing faster transfer speeds. The default of 3 hops on both sides (seeder/leecher) seems to be a complete overkill if you only want to avoid a letter from a lawyer and not the NSA.
Re: Using only 1 hop for torrenting
In case of VPN, you know your VPN operator and you have choosen to give him "marginal" trust.
In i2p you don't know your next hop at all, it could be malicious.
In i2p you don't know your next hop at all, it could be malicious.
Re: Using only 1 hop for torrenting
After 2-hop proved to be insufficient in practice, the developers have corrected the tunnel length accordingly. However, the default settings made are expressly a non-binding offer. How many hops are actually used is up to the individual participants. If someone wants to distribute their work and uses I2P as an alternative to the established video portals such as YouTube or Vimeo, then a 0-hop setting would also be conceivable.
I2P preserves your right to informal self-determination.
Re: Using only 1 hop for torrenting
I think this is a question of automation.
I don't think they go after people manually, instead they have bots that collect IP addresses. There are not many people using I2P, so they probably didn't automate it, so that they won't catch even those who use zero hops.
Once there become many people using I2P for this thing, they might take a look at it and start automating. Then they will catch those who use zero hops.
If they want to catch people using more hops - they would have to run lots and lots of routers, to get a chance to participate in your tunnels and try to trace the traffic to your router.
Theoretically, it's possible, but we would surely notice the sudden increase of routers on the network.
In the current reality though, it's probably safe to use one hop. Unless you are a big and known target (i.e. worthy of manual inspection instead of IP collection bots).
I don't think they go after people manually, instead they have bots that collect IP addresses. There are not many people using I2P, so they probably didn't automate it, so that they won't catch even those who use zero hops.
Once there become many people using I2P for this thing, they might take a look at it and start automating. Then they will catch those who use zero hops.
If they want to catch people using more hops - they would have to run lots and lots of routers, to get a chance to participate in your tunnels and try to trace the traffic to your router.
Theoretically, it's possible, but we would surely notice the sudden increase of routers on the network.
In the current reality though, it's probably safe to use one hop. Unless you are a big and known target (i.e. worthy of manual inspection instead of IP collection bots).
Re: Using only 1 hop for torrenting
Yes, anikey, you have already explained the issue of the tunnel length on discuss. Your well-reasoned description is also understandable for laypeople.But people like the OP don't read it. Because if they had read it, they would ask specific questions. They don't find their way there either, they're simply not interested. Instead of arguing, they dump their libertarian flashes of thought here and expect someone to think them through to the end. If he succeeds, it will be a double win: he will get free advice, and he will quickly gain a competitive advantage.
To make it clear what this is about. File sharing does not become legal just because you use a VPN or I2P. Aside from the fact that the 195 or so countries in the world have their own copyright jurisdictions, it is basically impossible to give advice on how to bend the law in an official I2P forum. File sharing in I2P is just the background noise, file sharing is not the purpose of I2P. But if we make file sharing the purpose of I2P, then it doesn't matter how many hops and tunnels we use.
To make it clear what this is about. File sharing does not become legal just because you use a VPN or I2P. Aside from the fact that the 195 or so countries in the world have their own copyright jurisdictions, it is basically impossible to give advice on how to bend the law in an official I2P forum. File sharing in I2P is just the background noise, file sharing is not the purpose of I2P. But if we make file sharing the purpose of I2P, then it doesn't matter how many hops and tunnels we use.
I2P preserves your right to informal self-determination.
Re: Using only 1 hop for torrenting
Thank you all for responding to my question.
In order to improve my i2p torrenting performance, I reduced the number of hops to 1. So far, I think this improved my speeds a bit. However, as most people probably won't reduce the number of hops on their side, there will be still 4 hops in total between me and other torrenting participants.
I understand that if the movie industry begins to join swarms here with 0-hops on their side, I still have a constantly changing single hop one my side that protects me. Of course, if they begin to run their own routers serving as hops, eventually some of these routers will be my hop. But does my single hop know whether I am the receiver/distributor of the torrent or only a further hop forwarding the torrent?
Yes, I know that file sharing isn't legal, but be honest, the main reason for using i2p is torrenting. One of the most popular sites on i2p is the postman tracker and nearly all of its content violates the copyright of every western nation. If i2p would lose its torrenting capability, certainly more than 90% of its userbase would disapppear shortly. Thinking otherwise is self-deception. At present i2p is the best free anonymous torrenting solution. Naturally, running i2p isn't free of charge, as you have to pay the electricity bill to run it 24/7, but it's still cheaper than paying a VPN or paying for Netflix, Disney+, Prime etc.
In order to improve my i2p torrenting performance, I reduced the number of hops to 1. So far, I think this improved my speeds a bit. However, as most people probably won't reduce the number of hops on their side, there will be still 4 hops in total between me and other torrenting participants.
I understand that if the movie industry begins to join swarms here with 0-hops on their side, I still have a constantly changing single hop one my side that protects me. Of course, if they begin to run their own routers serving as hops, eventually some of these routers will be my hop. But does my single hop know whether I am the receiver/distributor of the torrent or only a further hop forwarding the torrent?
Yes, I know that file sharing isn't legal, but be honest, the main reason for using i2p is torrenting. One of the most popular sites on i2p is the postman tracker and nearly all of its content violates the copyright of every western nation. If i2p would lose its torrenting capability, certainly more than 90% of its userbase would disapppear shortly. Thinking otherwise is self-deception. At present i2p is the best free anonymous torrenting solution. Naturally, running i2p isn't free of charge, as you have to pay the electricity bill to run it 24/7, but it's still cheaper than paying a VPN or paying for Netflix, Disney+, Prime etc.
Re: Using only 1 hop for torrenting
In theory, they can't know it directly, the network is designed to provide plausible deniability. But they can watch you (the next hop) and if it never changes, it's probably the endpoint, because tunnel hops are usually chosen semi-randomly.
From http://i2p-projekt.i2p/en/docs/how/tunnel-routing:
You can read more things like these on the i2p project site (linked above). Also you should look at this forum thread: http://discuss.i2p/viewtopic.php?t=115.0-hop tunnels
With no remote routers in a tunnel, the user has very basic plausible deniability (since no one knows for sure that the peer that sent them the message wasn't simply just forwarding it on as part of the tunnel). However, it would be fairly easy to mount a statistical analysis attack and notice that messages targeting a specific destination are always sent through a single gateway. Statistical analysis against outbound 0-hop tunnels are more complex, but could show similar information (though would be slightly harder to mount).
1-hop tunnels
With only one remote router in a tunnel, the user has both plausible deniability and basic anonymity, as long as they are not up against an internal adversary (as described on threat model). However, if the adversary ran a sufficient number of routers such that the single remote router in the tunnel is often one of those compromised ones, they would be able to mount the above statistical traffic analysis attack.
Except Linux ISOs, public-domain media (or just permissive enough license), things from communities.
One of the main ones, but not the only one. Others include: hosting sites anonymously, circumventing internet censorship (via outproxy), accessing devices behind ISP NAT, IRC chatting.
Re: Using only 1 hop for torrenting
Hi nevidebla! I have a learning question.
Based on the above thesis that Postman's PaT is one of the main attractions here, and that 90 percent of the participants are here because of BitTorrent, it should be possible to check if this is actually the case. If possible, without having to turn off PaT. In February, I2P Metrics (an external source, unfortunately currently defective) recorded an average of 48,000 routers in the network for January, over a period of 30 days. (stats.i2p, not reliable, finds an average of 31497 Leasests for this week.) PaT claims to see 49025 active peers (of which 46386 seeders and 2639 leechers) as of noon today. But his top 10 swarms only have a maximum of 33 seeders and only one of them has 50 active downloaders, all the others have max. one active downloader.[fn:patstats] It is also known that all swarms stay in these very low ranges for weeks and months. We only see outliers when broken BitTorrent clients falsely inflate the numbers. So it is the regular downloads that are relatively meaningful, not the outliers. Let's also take the last automatic I2P update, which managed a total of 5392 downloads in 8 days.[fn:pat85780]
If nine out of ten participants here are for torrenting then that should be clearly visible. What I see is a relatively small group of seeds holding the bulk of the torrents and I see only a stagnant to minimal new entry in this area. So, what am I overlooking?
[fn:patstats] http://tracker2.postman.i2p/?view=Stats
[fn:pat85780] http://tracker2.postman.i2p/index.php?v ... l&id=85780
I'm interested to know where you got your numbers from.
Based on the above thesis that Postman's PaT is one of the main attractions here, and that 90 percent of the participants are here because of BitTorrent, it should be possible to check if this is actually the case. If possible, without having to turn off PaT. In February, I2P Metrics (an external source, unfortunately currently defective) recorded an average of 48,000 routers in the network for January, over a period of 30 days. (stats.i2p, not reliable, finds an average of 31497 Leasests for this week.) PaT claims to see 49025 active peers (of which 46386 seeders and 2639 leechers) as of noon today. But his top 10 swarms only have a maximum of 33 seeders and only one of them has 50 active downloaders, all the others have max. one active downloader.[fn:patstats] It is also known that all swarms stay in these very low ranges for weeks and months. We only see outliers when broken BitTorrent clients falsely inflate the numbers. So it is the regular downloads that are relatively meaningful, not the outliers. Let's also take the last automatic I2P update, which managed a total of 5392 downloads in 8 days.[fn:pat85780]
If nine out of ten participants here are for torrenting then that should be clearly visible. What I see is a relatively small group of seeds holding the bulk of the torrents and I see only a stagnant to minimal new entry in this area. So, what am I overlooking?
[fn:patstats] http://tracker2.postman.i2p/?view=Stats
[fn:pat85780] http://tracker2.postman.i2p/index.php?v ... l&id=85780
I2P preserves your right to informal self-determination.
Re: Using only 1 hop for torrenting
"In theory, they can't know it directly, the network is designed to provide plausible deniability. But they can
watch you (the next hop) and if it never changes, it's probably the endpoint, because tunnel hops are usually
chosen semi-randomly."
Thank you for the discuss-link and the quotation from the i2p project site. I read them, although I don't understand everything as I'm not very smart regarding this matter.
Let's say someone joins the swarm in order to harvest ip adresses (of course with 0 hops on their side). The ip address of this seeder remains stable. Also I, the leecher, has a stable ip address and I use a single hop on my side. Only this hop (my hop, the transferring router) between us always changes after a certain time period. Now this adversary who already joined the swarm additionaly sets up "malicious" routers in the i2p network working as hops to follow the data transfer up to me, the leecher. Sooner or later this malicious hop will be the one seeing me (my real ip address).
But when I understand this right, this hop does not know whether I am the end point in the transfer chain or only the next hop. This malicious hop sees me only a short time period, only until the next automatic change of my hop. So this malicious hop will never know if my ip address is not one of those also constantly changing other hops or if my ip address remains stable.
However, if this adversary sets up, for example, a dozen malicious hops or more and I receive them one after the other, he will see me a longer time span in the transfer chain. When all these compromised hops see my ip address within a short period of time, he could deduce with high probability that I am not a hop, but actually the end receiver, as I remain stable for a longer period than a typical hop.
In practice, as I don't think that the movie industry is currently watching i2p, let alone, setting up many additional routers in order to catch casual filesharers, I feel safe enough to continue my 1-hop strategy in order to speed dowmnloads up. However, if or when i2p becomes more popular maybe a second or even a third hop has to be added.
"Except Linux ISOs, public-domain media (or just permissive enough license), things from communities."
Why should someone come here for this, when you can get this on clearnet incredibly faster and easier?
"One of the main ones, but not the only one. Others include: hosting sites anonymously, circumventing
internet censorship (via outproxy), accessing devices behind ISP NAT, IRC chatting."
Yes, true, but I suppose they form a minority.
"I'm interested to know where you got your numbers from."
My estimation is based on observation and gut feeling, not on statistics. But please, let me explain. When you read about i2p on 4chan, the (official?) reddit channel and also in the forums here (this one and especially "discuss", thank you for that) one gets the impression that by the number of forum-threads, the topic-names and the particular questions there, p2p-filesharing is the first and foremost usage of i2p. A lot of questions usually are about how to setup i2p generally in order to get it work, followed by questions on how to speed it up in order to improve filesharing (tunnels, hops etc.). So I suppose, that, if a majority of users and would-be users talks mainly about filesharing-relates issues, this must be the main usage of the network. I addition, I was on notbob for a while to look around what's on offer here, but I couldn't find anything interesting or useful besides the postman tracker. Many sites seemed to be broken or only half-finished. There was nothing that I couldn't find similar or better also somewhere on clearnet (DHT-crawler, rutracker, libgen, 4chan etc.).
Another reason for my assumption is external software using i2p like qbittorrent, Biglybt, muwire and imule. What purpose do they have in common?
Of course, this is only my personal impression, maybe I'm wrong.
watch you (the next hop) and if it never changes, it's probably the endpoint, because tunnel hops are usually
chosen semi-randomly."
Thank you for the discuss-link and the quotation from the i2p project site. I read them, although I don't understand everything as I'm not very smart regarding this matter.
Let's say someone joins the swarm in order to harvest ip adresses (of course with 0 hops on their side). The ip address of this seeder remains stable. Also I, the leecher, has a stable ip address and I use a single hop on my side. Only this hop (my hop, the transferring router) between us always changes after a certain time period. Now this adversary who already joined the swarm additionaly sets up "malicious" routers in the i2p network working as hops to follow the data transfer up to me, the leecher. Sooner or later this malicious hop will be the one seeing me (my real ip address).
But when I understand this right, this hop does not know whether I am the end point in the transfer chain or only the next hop. This malicious hop sees me only a short time period, only until the next automatic change of my hop. So this malicious hop will never know if my ip address is not one of those also constantly changing other hops or if my ip address remains stable.
However, if this adversary sets up, for example, a dozen malicious hops or more and I receive them one after the other, he will see me a longer time span in the transfer chain. When all these compromised hops see my ip address within a short period of time, he could deduce with high probability that I am not a hop, but actually the end receiver, as I remain stable for a longer period than a typical hop.
In practice, as I don't think that the movie industry is currently watching i2p, let alone, setting up many additional routers in order to catch casual filesharers, I feel safe enough to continue my 1-hop strategy in order to speed dowmnloads up. However, if or when i2p becomes more popular maybe a second or even a third hop has to be added.
"Except Linux ISOs, public-domain media (or just permissive enough license), things from communities."
Why should someone come here for this, when you can get this on clearnet incredibly faster and easier?
"One of the main ones, but not the only one. Others include: hosting sites anonymously, circumventing
internet censorship (via outproxy), accessing devices behind ISP NAT, IRC chatting."
Yes, true, but I suppose they form a minority.
"I'm interested to know where you got your numbers from."
My estimation is based on observation and gut feeling, not on statistics. But please, let me explain. When you read about i2p on 4chan, the (official?) reddit channel and also in the forums here (this one and especially "discuss", thank you for that) one gets the impression that by the number of forum-threads, the topic-names and the particular questions there, p2p-filesharing is the first and foremost usage of i2p. A lot of questions usually are about how to setup i2p generally in order to get it work, followed by questions on how to speed it up in order to improve filesharing (tunnels, hops etc.). So I suppose, that, if a majority of users and would-be users talks mainly about filesharing-relates issues, this must be the main usage of the network. I addition, I was on notbob for a while to look around what's on offer here, but I couldn't find anything interesting or useful besides the postman tracker. Many sites seemed to be broken or only half-finished. There was nothing that I couldn't find similar or better also somewhere on clearnet (DHT-crawler, rutracker, libgen, 4chan etc.).
Another reason for my assumption is external software using i2p like qbittorrent, Biglybt, muwire and imule. What purpose do they have in common?
Of course, this is only my personal impression, maybe I'm wrong.
Re: Using only 1 hop for torrenting
i've thought about giving something like this a try to see how difficult it would be, but to deanon with one hop i think you could fully automate ip gathering without "too much" difficulty, it really just depends if the attackers consider i2p to be worth the effort. The automation aspect as anikey mentioned already is really the most dangerous thing for most torrent users.
i think what you could do as an attacker is use 0 hops and have some amount of real routers running on other ip addresses. Then whenever we send a tunnel through one of the routers we control, lets grab a snapshot of peer info from the torrent client and connections on the router our target peer is connecting through. If the target connects to the compromised router, i think we can associate an ip address with that action and rule out false positives by matching the upload speed/amount from the torrent client and ip address we're sending to with the compromised router.
if we get a hit, we could do some automated "proofs" like choking the suspected peer and seeing if the upload cuts out at the same time.
This is similar to automated methods in use on the clearnet with some extra steps. With even 2 hops, this kind of attack becomes a lot more expensive
i think what you could do as an attacker is use 0 hops and have some amount of real routers running on other ip addresses. Then whenever we send a tunnel through one of the routers we control, lets grab a snapshot of peer info from the torrent client and connections on the router our target peer is connecting through. If the target connects to the compromised router, i think we can associate an ip address with that action and rule out false positives by matching the upload speed/amount from the torrent client and ip address we're sending to with the compromised router.
if we get a hit, we could do some automated "proofs" like choking the suspected peer and seeing if the upload cuts out at the same time.
This is similar to automated methods in use on the clearnet with some extra steps. With even 2 hops, this kind of attack becomes a lot more expensive