Purpose:

The Invisible Internet Project (I2P) is an anonymous peer-to-peer communication layer, an offshoot of Freenet (GIZ01) designed to run any Internet service (email, IRC, file sharing, HTTP, Telnet) as well as distributed applications. Its aim is to “protect communication from dragnet surveillance and monitoring by third parties such as ISPs” (I2P01). A computer running the I2P software is called an I2P node.

All communication in I2P is encrypted end-to-end and forwarded through a network of nodes to conceal the source and destination of the traffic. The communication endpoints are identified by cryptographic keys (I2P01).

I2P can be used to host services that are only accessible via the anonymising network. Websites published via I2P, known as “eepsites”, use domain names ending with the ‘.i2p’ suffix.

Capabilities:

• Garlic routing – A variant of onion routing that encrypts multiple messages together to make it more difficult to conduct traffic analysis. Garlic routing is one of the key factors that distinguishes I2P from TOR and other networks where messages are encrypted multiple times.
• Peer-to-peer – The I2P network is decentralised. All users run the same software, which by default takes part in relaying data for other users. This means that unlike Tor, traffic does not enter and leave the anonymising network, which may make traffic confirmation more difficult.

Surveillance mitigation:

• Traffic analysis – Can be used to infer who is talking to whom over a public network. Knowing the source and destination of a person’s Internet traffic makes it possible to track their behaviour and interests.
• Decentralization – Having no central servers, I2P is not controlled by any one individual or organization, including the designers of the platform. There is no single point where content can be removed or access to the network can be blocked.
• Anonymity – Garlic routing separates identification from routing so that information can be published and accessed anonymously.

Vulnerabilities:

• Harvesting – It is easy to compile a list of I2P nodes because every node is continually attempting to find other nodes and connect to them.
• Sybil attacks – Peer-to-peer networks are vulnerable to ‘sybil attacks’ in which an attacker creates multiple identities in order to have a disproportionate influence on the operation of the network.
• Full list: https://geti2p.net/en/docs/how/threat-model.

Layers of operation:

• Transport layer: I2P provides an anonymous transport layer that can be used by other applications.
• Application layer: I2P nodes communicate across the Internet at the application layer.

Background:

I2P has been called a “super anonymous network” (GIZ01) where users can gain access to content that is not available outside the network. Unlike Tor, users cannot browse the public Internet with the I2P software.

People using I2P can control the trade-offs they make between anonymity, reliability, bandwidth usage, and latency by choosing the number of nodes their data passes through (I2P01).

Sources:

Gizmodo (GIZ)
1) http://gizmodo.com/i2p-the-super-anonymous-network-that-silk-road-calls-h-1680940282

Invisible Internet Project (I2P)
1) https://geti2p.net/en
2) https://geti2p.net/en/docs/how/threat-model

EFF: How Tor Works

Purpose:

Tor is software that directs Internet traffic through a network of relay servers in order to conceal the source and destination of the traffic. It allows for the anonymous sharing of information over the Internet, and can be used to circumvent Internet censorship (TOR01). Tor also enables the creation of hidden services, which hide the locations of people who publish content or run servers (TOR02).

Tor can be used by software developers to create new communication tools with built-in privacy features (TOR01).

Capabilities:

• Onion routing – A technique for concealing the source and destination of network traffic by encrypting it and forwarding it through a series of relays. Each relay decrypts a layer of encryption to reveal the address of the next relay and passes the remaining encrypted data on to it. The final relay, known as the exit node, decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or knowing, the address of the source. Because no single relay knows both the source and destination of the traffic, this method eliminates any single point at which the communication can be de-anonymised through network surveillance (DIN01).
• Hidden service – A service that is only accessible via the Tor network. The clients connecting to a hidden service cannot discover its location or vice versa. Hidden services use domain names ending with the ‘.onion’ suffix.

Surveillance mitigation:

• Traffic analysis – Can be used to infer who is talking to whom over a public network. Knowing the source and destination of a person’s Internet traffic makes it possible to track their behaviour and interests (TOR01).
• Anonymity – Onion routing separates identification from routing so that information can be published and accessed anonymously.

Vulnerabilities:

• Traffic confirmation – Tor cannot protect against the monitoring of traffic at the boundaries of the Tor network (TOR03). An observer who can monitor traffic entering and exiting the Tor network may be able to determine who is communicating with whom, even if the traffic is encrypted end-to-end.
• Exit node blocking – Administrators of Internet sites can prevent their sites from being accessed via the Tor network, or offer reduced functionality to Tor users (TOR04).
• Exit node eavesdropping – Tor cannot encrypt the traffic between exit nodes and Internet sites. This means that an exit node can capture or modify any traffic passing through it that does not use end-to-end encryption. For example, in 2007, a security researcher intercepted thousands of private email messages sent by embassies and human rights groups around the world by monitoring the traffic of an exit node he was running (TAI01).
• Application layer information leaks – Certain applications leak identifying information at the application layer even when they are used over Tor (MAN01).

Layers of operation:

• Transport layer: Tor provides an anonymous transport layer that can be used by other applications.
• Application layer: Tor relays communicate across the Internet at the application layer.

Background:

Tor is a volunteer network of computers, known as relays or nodes. These nodes receive traffic and forward it to other nodes so that it will eventually go to its final destination. Tor can be used to browse the web anonymously using the Tor Browser, a modified version of the Mozilla Firefox web browser. Opening the browser automatically connects to the Tor network (EFF01). The network is used by a variety of people who want to maintain their anonymity. It is regularly used by journalists, activists and whistleblowers (TOR05).

The NSA attacked the Tor network through its programme EGOTISTICAL GIRAFFE (GUA01). The programme exploited a bug in the web browser to de-anonymise Tor users (MOZ01, SCH01). The bug has since been fixed.

Sources:

Electronic Frontier Foundation (EFF)
1) https://www.eff.org/torchallenge/what-is-tor.html

Guardian (GUA)
1) http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document

Dingledine, R., Mathewson, N., Syverson, P. (DIN)
1) Tor: The Second-Generation Onion Router. 2004. https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf

Manils, P., Abdelberri, C., Le Blond, S., Kaafar, M., Castelluccia, C., Legout, A., Dabbous, W. (MAN)
1) Compromising Tor Anonymity Exploiting P2P Information Leakage. 2010. http://cryptome.org/2013/04/tor-p2p-compromise.pdf

Mozilla (MOZ)
1) https://blog.mozilla.org/jorendorff/2013/12/06/how-egotisticalgiraffe-was-fixed/

Schneier on Security (SCH)
1) https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

TAILS (TAI)
1)https://tails.boum.org/doc/about/warning/index.en.html

Tor Project (TOR)
1) https://www.torproject.org/about/overview.html.en
2) https://www.torproject.org/docs/hidden-services.html.en
3) https://blog.torproject.org/category/tags/traffic-confirmation
4) https://www.torproject.org/docs/faq-abuse.html
5) https://www.torproject.org/about/torusers.html.en

The Freenet logo

Purpose:

Freenet is a peer-to-peer platform designed to enable the anonymous publishing and retrieval of information, in order to counter the censorship of information on the Internet (FRE01).

Freenet is not a proxy for accessing the Internet anonymously; it allows access only to content that has been inserted into the Freenet network. It is not an application, but rather an application-neutral, anonymous transport layer that many different applications can use (FEH01). Users of these applications can publish and view websites, download files, use email and bulletin board systems, and other things that can be done on the Internet. In this respect, Freenet is similar to Tor’s hidden services. Freenet can be thought of as an anonymous Internet within the Internet.

Capabilities:

• Peer-to-peer – Information inserted into the Freenet network is distributed around the network and stored on several different nodes. Anyone can run a Freenet node, and users of the network are encouraged to contribute resources to the network by running their own nodes.
• Friend-to-friend – Each node may operate in ‘darknet’ mode, in which case it will only communicate with nodes that have been personally chosen by its operator, or ‘opennet’ mode, in which case it will communicate with any nodes it can find. The existence of darknet nodes that are only known to chosen individuals may make it harder to monitor the network.
• Encryption – Content inserted into the network is encrypted to prevent nodes from knowing what content they are storing and forwarding. Information travelling between nodes is encrypted to prevent external observers from determining who is inserting, requesting and storing content.

Surveillance mitigation:

• Decentralization – Having no central servers, Freenet is not controlled by any one individual or organization, including the designers of the platform. There is no single point where content can be removed or access to the network can be blocked.
• Anonymity – Relaying information through the network makes it difficult to determine who inserted content into the network, who requested content, or where content is stored.

Vulnerabilities:

• Harvesting – It is very easy for an attacker to find Freenet nodes and connect to them, because every ‘opennet’ node is continually attempting to find new connections (FRE03). Nodes that operate in ‘darknet’ mode are more difficult to find.
• Sybil attacks – Peer-to-peer networks are vulnerable to ‘sybil attacks’ in which an attacker creates multiple identities in order to have a disproportionate influence on the operation of the network.
• Data loss – If data is not accessed for a long time Freenet will no longer retain copies of it, resulting in the platform ‘forgetting’ data (FRE03).
• Traffic analysis – By observing encrypted traffic passing between Freenet nodes, it may be possible to determine who inserted or requested content, or where the content is stored.
• Full list: https://freenetproject.org/faq.html

Layers of operation:

• Transport layer: Freenet provides an anonymous transport layer that can be used by other applications.
• Application layer: Freenet nodes communicate across the Internet at the application layer.

Background:

Freenet is an overlay network that is constructed on top of the Internet. It was created to mitigate censorship and to facilitate the free flow of information and freedom of speech. A driving factor for developing the platform is that “you cannot have freedom of speech without the option to remain anonymous” (FRE02).

Sources:

Freenet (FRE)
1) https://freenetproject.org/whatis.html
2) https://freenetproject.org/philosophy.html
3) https://freenetproject.org/faq.html

Freenet Help (FEH)
1) http://www.freenethelp.org/html/FreenetForDummies.html