I2P: Interview with the developer “idk” (Part 2)

In the first part of the interview with idk, a leading I2P network developer, we covered security and defense against external threats. In the second part of the interview, we will discuss current trends in p2p networks and the latest developments in the I2P ecosystem. Join us!

DIVA: Let’s talk about the development of the I2P network. What important things have been done in recent years?

Idk: I am still looking at this problem of remotely discernible shared state across the application, although I’ve moved more out of what the router itself does and into what the clients are doing.

So, in I2P everybody gets these return addresses called destinations, which can be used to send messages to you. When you communicate with somebody else, they usually get this return address and they use it to reply back to you. That’s all perfectly normal.

It becomes more complicated when you’re using the same address for many kinds of activity. If you’re not careful, you can end up with a sort of confused notion of where identity begins and ends, so you have to ask yourself some questions. Do you need to use a single destination for a single application? Or, do you need to use a different local destination for every single remote destination that you talk to? Does that destination, or does that identity need to be ephemeral in this context or does it need, or is it okay if it’s permanent? The answer to that and other questions might be different in different contexts. So for instance in a chat application, it’s probably valuable to present a different identity in terms of the network to every contact in your chat application. In I2P parlance, that would be a different destination. However, it’s probably not very valuable to eliminate that identity as soon as you’re done talking to your contact for a session, it actually is more valuable for you to keep that in that way. So this hypothetical chat application has a one-to-one relationship of local identities to remote contacts, whose identities are pseudonymous because they are long-term.

There are other applications that are a bit more complicated though, like what do you do with BitTorrent? What is the identity in BitTorrent? My hypothesis is that the identity may actually be the file that you’re sharing, that is, the contextual identity that you’re in when you’re sharing files is created by the files you’re sharing. So everybody who’s sharing the file only sees the one identity that may be of value, or maybe it’s, or maybe, or maybe not. Then in HTTP it actually breaks down, I think, along the lines of either origins or browser tabs. You are either speaking to people in the context of the contextual identity defined by the browser(A tab) or contextual identity defined by the server that you’re talking to(The origin).

So that’s what proposal 166 is on the I2P website now is the, is contextual identity aware proxies at the pipeline. And that’s one of the things that I am currently working on. The other big thing that I’m working on is I’m finally it’s time to work on Go I2P. It’s going to be a Go client library for I2P just as soon as I can make it happen.

DIVA:  I would like to ask you about a reseed server. Can you explain for our non-technical users, what are reseed servers doing? Why are they important in the context of an I2P network?

idk:  It’s actually that reseeds are a bit of a “necessary evil” on a certain level. The reason I say that is because they are centralized points that are used to join the network when connected to the network for the first time. What they send you is a signed bundle of information about the network itself in the form of these routerInfos. The reseed server itself tries to pick out the best routerInfos, which are reachable, have multiple transports, and are not currently experiencing congestion. Then it produces this bundle and sends it to you when you request it, and when you get this bundle for the first time, your router unpacks it and it picks two routerInfos out of that reseed bundle at random. Usually, there are between 70 and 140 routerInfos in a bundle. It will then attempt to build your first exploratory connections through those routersInfo that it got from the reseed bundle. In doing so, you get connected to the I2P network and start participating in the DHT, so you can explore the rest of the network and eventually have enough peers to build clients. That’s what reseeds do.

The reason that they’re necessary is because otherwise, it would be pretty hard to find a way to join the network. You would have to already know somebody using I2P to get in. You only actually need one routerInfo from a connected router to join the network, but you have to get it from somewhere. And other, if it weren’t for reseed servers, you probably have to get it from a friend or some, you know, potentially dubious service on the internet stuff place, that just hands you a .dat file and says, do this what you will. So the the reseed servers are sort of a happy median where system administrators who we mostly trust, can collaborate on making sure that these bundles are valid and join you into the real i2p network and not some fake one. So, that’s what reseed servers are for, is to provide an on-ramp to the network for people, so they don’t have to go looking for it.

DIVA:  Let’s talk about the MoneroKon conference held in June. Were you at the conference this year? What did you like about what you saw? What called your attention?

idk:  I think what I like about the Monero community is at least the folks who are going to the conference all seem to know each other. They’re quite close-knit and good communicators in many ways, sometimes better than we are. It’s just exciting to be welcomed somewhere, to be honest with you. It’s exciting to see my friends again.

DIVA:  You are right, Monero network is known for its community. Idk, what is the most memorable on MoneroKon this year? Maybe there’s one thing?

idk:  Let’s see. What is the most memorable thing about MoneroKon this year? I don’t necessarily know what I could put a single, put one finger on. I kind of went there with a mission this year to try and find somebody who I could speak to about adapting Monero to use some of I2P’s more sophisticated APIs for managing its connections.

So I didn’t get to see very many of the talks in person. I mostly watched them on my phone, but one I did talk about, or one talk I did see was the Simplex chat talk with Evgeny Poberezkin. I never really understood Simplex before but it was very interesting to me because there their means of doing peer-to-peer metadata obfuscation, I won’t necessarily call it anonymity in this context because we’re also talking about I2P. Their meta-data obfuscation technique relies on setting up relays within their network that provide a pair of one-way message queues across the relay. This was familiar because it is a little bit like how some parts of I2P work.

There’s a little bit of a difference here because the relays can store and forward messages that are encrypted with these noise-like prekeys or signal-like prekeys rather, but the design is not entirely dissimilar from the one-way tunnels in I2P, which I thought was quite interesting. And the presentation he made this point that traditional P2P can’t be, it is intrinsically non-anonymous because if you define traditional P2P as being building, using direct connections between peers, the very obvious definition of it, then that metadata between 2 peers is intrinsically visible. Electing an intermediary makes the communication between the 2 peers indirect. So it called out how the nature of I2P and also Simplex calls into question our definitions of and perceptions of what P2P communication is.

So, what they’ve done is just like I2P, they’ve built a peer-to-peer network out of which you select de facto relays, which is cool. That was a neat thing to see them need things to see them doing. So I think that’s one thing I remember about the conference.

DIVA:  Simplex, is it a messenger? Please tell me more about it.

idk:  It’s got this marketing thing that it does it threw me off at first. They talk about it as “this is the messenger with no user identifiers.” But it’s not that there are no user identifiers at all. You could actually for a working definition of identifier, pick out some things that identify people, but it is doing that thing I’ve talked about the one-to-one relationship of identifier to contact, maximizing the unlinkability of the identifiers.

DIVA:  Let’s get away from the topic of technology a little bit and talk about trust. Do you think we can operate with this term and use trust as a foundation for building relationships with users?

idk:  What you mean by it is there’s a certain notion of trust that is sort of 100% under constraints, where as long as you can rely on the, for instance, the certificate authority system, then you can trust that this TLS certificate belongs to this website. That is what I would describe as 100% under constraints is that you can guarantee it 100%, as long as you can give you can just say, trust the CA system.

And then there, when there’s, notions of trust that are sort of sliding scale,  where you trust people for or trust people or objects for certain things, or you, trust them a certain amount, or you only trust them when this other factor is present.  That is a bit more complicated, but I think that if you take a long view of it, that 100% under constraints, trust is sort of an illusion.

In fact, in the real world, trust is more similar to that sliding scale, trust, where expertise counts for something, and knowledge of a person before an interaction counts for something, and all of these go into this notion that we have of trust. So I do think that trust continues to exist in an anonymous system, even when it’s very thoroughly anonymous because it’s something that we, it is a time something that we formulate dynamically, and something also that we facilitate as it suits us. I do think there’s a path forward for trust there.

THIS IS DIVA.EXCHANGE

The non-profit association diva.exchange, Switzerland, uses a barrier-free and collaborative approach to create free banking technology for everyone. Open-source technology ensures the privacy of all participants in the financial system of the future. The blockchain-based system is fully distributed. Everyone can participate in diva.exchange.

Diva.exchange is committed to the belief that only commercially free technology can reliably protect user privacy.

Collaboration with the scientific community plays an important role in the development of diva.exchange. The results of diva.exchange research are constantly being validated by academic institutions and publicly presented at specialized conferences.

LEARN MORE ABOUT OUR WORK

All technical information is available at: https://github.com/diva-exchange/

I2P beginner’s guide and installation guide:https://www.diva.exchange/en/privacy/introduction-to-i2p-your-own-internet-secure-private-and-free/

All videos are here: https://odysee.com/@diva.exchange:d/

Introduction to I2P: https://en.wikipedia.org/wiki/I2P

Testnet of diva.exchange: https://testnet.diva.exchange

CONTACT US

Twitter: https://twitter.com/@DigitalValueX

Mastodon: https://social.diva.exchange/@social

If you still have questions you can always find us on Telegram: https://t.me/diva_exchange_chat_de (in English, German, or Russian)