Olá a todos,
Este é o primeiro dos meus posts sobre o anonimato na net. Embora algumas pessoas (e muitos governos) gostariam de vos fazer acreditar, numa era onde quem não tem facebook, hi5, twitter e afins, não é ninguem, existem ainda pessoas que gostam de ter alguma privacidade e anonimato.
Por privacidade não quero afirmar que quem procura privacidade é obrigatoriamente um elemento da sociedade a tentar fazer algo nefasto para a mesma. O proverbial homem de gabardine que atrai as donas de casa para escadas escuras a procura de algo….
Pode simplesmente ser zeloso, paranóico ou agorafóbico.
Em todo o caso, e depois das ultimas noticias que vieram da UE, temos que começar a pensar no futuro. É correcto que não devemos (nem em boa consciência o fazemos) efectuar o roubo do trabalho de outros, seja em formato musical seja em formato .avi.
Da mesma forma que eu, que sou um cidadão perto do exemplar, que pago os meus impostos, que faço as minhas obrigações cívicas, que participo positivamente na minha comunidade não deveria ser olhado com suspeição por empresas que não elegi para nenhum lugar politico e que agem como se fossem a policia politica, como um potencial criminoso, que só por ter internet. Não é por ter banda larga que estou a beira de cometer um crime (!) de efectuar um download pirata.
Para minha sorte, os meus gostos vão para musicas e videos indie, que são efectuados pela comunidade e para a comunidade sem interesse monetário.
Em todo o caso, saber que teria a minha ligação sobre investigação, sem a supervisão de nenhum magistrado, apenas ao doce sabor da ultima quebra nas vendas, levou-me ao nosso amigo google procurar uma forma de me defender contra tal violação dos meus direitos de cidadão nacional, europeu e mundial.
Assim sendo descobri o projecto I2P feito pelos nossos amigos comedores de Bratwurst e bebedores de cevada liquida.
É um projecto interessante com suporte directo a SMTP, POP3, IRC, MTM, etc, com a possibilidade acrescida de ser um protocolo aberto, com código aberto. Assim sendo podem escrever (se compreenderem aquele java todo) os vossos próprios plugins para as vossas aplicações.
Os pontos fortes desta coisa são (e sim vai mesmo em inglês):
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.
Many applications are available that interface with I2P, including mail, peer-peer, IRC chat, and others.
The I2P project was formed in 2003 to support the efforts of those trying to build a more free society by offering them an uncensorable, anonymous, and secure communication system. I2P is a development effort producing a low latency, fully distributed, autonomous, scalable, anonymous, resilient, and secure network. The goal is to operate successfully in hostile environments. even when an organization with substantial financial or political resources attacks it. All aspects of the network are open source and available without cost, as this should both assure the people using it that the software does what it claims, as well as enable others to contribute and improve upon it to defeat aggressive attempts to stifle free speech.
Anonymity is not a boolean – we are not trying to make something “perfectly anonymous”, but instead are working at making attacks more and more expensive to mount. I2P is a low latency mix network, and there are limits to the anonymity offered by such a system, but the applications on top of I2P, such as Syndie, I2P mail, and I2PSnark extend it to offer both additional functionality and protection.
I2P is still a work in progress. It should not be relied upon for “guaranteed” anonymity at this time, due to the relatively small size of the network and the lack of extensive academic review. It is not immune to to attacks from those with unlimited resources, and may never be, due to the inherent limitations of low-latency mix networks.
I2P works by routing traffic through other peers, as shown in the following picture. All traffic is encrypted end-to-end. For more information about how I2P works, see the Introduction.
O diagrama de como isto funciona é baseado no conceito do TOR mas levaram a coisa um passo mais a frente:
Legenda:
In the above, Alice, Bob, Charlie, and Dave are all running routers with a single Destination on their local router. They each have a pair of 2-hop inbound tunnels per destination (labeled 1,2,3,4,5 and 6), and a small subset of each of those router’s outbound tunnel pool is shown with 2-hop outbound tunnels. For simplicity, Charlie’s inbound tunnels and Dave’s outbound tunnels are not shown, nor are the rest of each router’s outbound tunnel pool (typically stocked with 5-10 tunnels at a time). When Alice and Bob talk to each other, Alice sends a message out one of her (pink) outbound tunnels targetting one of Bob’s (green) inbound tunnels (tunnel 3 or 4). She knows to send to those tunnels on the correct router by querying the network database, which is constantly updated as new leases are authorized and old ones expire.
If Bob wants to reply to Alice, he simply goes through the same process – send a message out one of his outbound tunnels targetting one of Alice’s inbound tunnels (tunnel 1 or 2). To make things easier, most messages sent between Alice and Bob are garlic wrapped, bundling the sender’s own current lease information so that the recipient can reply immediately without having to look in the network database for the current data.
To deal with a wide range of attacks, I2P is fully distributed with no centralized resources – and hence there are no directory servers keeping statistics regarding the performance and reliability of routers within the network. As such, each router must keep and maintain profiles of various routers and is responsible for selecting appropriate peers to meet the anonymity, performance, and reliability needs of the users, as described in the peer selection page.
The network itself makes use of a significant number of cryptographic techniques and altorithms – a full laundry list includes 2048bit ElGamal encryption, 256bit AES in CBC mode with PKCS#5 padding, 1024bit DSA signatures, SHA256 hashes, 2048bit Diffie-Hellman negotiated connections with station to station authentication, and ElGamal / AES+SessionTag.
Content sent over I2P is encrypted through three or four layers – end to end encryption (absolutely no routers get the plaintext, ever), garlic encryption (used to verify the delivery of the message to the recipient), tunnel encryption (all messages passing through a tunnel is encrypted by the tunnel gateway to the tunnel endpoint), and interrouter transport layer encryption (e.g. the TCP transport uses AES256 with ephemeral keys):
End-to-end (I2CP) encryption (client application to server application) was disabled in I2P release 0.6; end-to-end (garlic) encryption (I2P client router to I2P server router) from Alice’s router “a” to Bob’s router “h” remains. Notice the different use of terms! All data from a to h is end-to-end encrypted, but the I2CP connection between the I2P router and the applications is not end-to-end encrypted! A and h are the routers of alice and bob, while alice and bob in following chart are the applications running atop of I2P.
Inconvinientes desta tecnologia:
Como é um sistema de direct peering, irá ser necessário manterem uma maquina sempre em execução com isto. Se for abaixo, toda a rede, ou pares próximos terão de ser re-descobertos. E uma redescoberta que garanta utilidade no sistema demora umas horitas a dar frutos.
Assim sendo, recomendo que exprimentem isto. Pode não ser o futuro, mas será nesta direcção que as coisas irão progredir.
Lembrem-se Big Brother is Watching….