'Silk Road Reloaded' Launches On a Network More Secret Than Tor

rossgneumann writes A new anonymous online drug market has emerged, but instead of using the now infamous Tor network, it uses the lesser known "I2P" alternative. "Silk Road Reloaded" launched yesterday, and is only accessible by downloading the special I2P software, or by configuring your computer in a certain way to connect to I2P web pages, called 'eepsites', and which end in the suffix .i2p. The I2P project site is informative, as is the Wikipedia entry.

can sombody say....

[ganjadude]

Honeypot???

Re:can sombody say....

[TWX]

Yes. I have no speech impediments in English.

Don't ask me to properly say, "burrito," in Spanish though, as I cannot roll my Rs...

Re:

[Ed Avis]

As an English speaker learning Spanish I found it easiest to start with the word 'corrida'. Somehow the O vowel before helped to roll the RR. After that, 'corrida de burritos'. More difficult still, 'corrida de perritos'.

Re:

[WorBlux]

i2p isn't meant to be very good at being an out-proxy, so no.

Re:

[Immerman]

You ever make engine noises while playing with toy cars as a kid? Flutter your tongue against the roof of your mouth/back of your top teeth and go nuts for a while. RrrrRRrRRRrRRRRRRRrrrrrrRRRrrRR... Keep it up - you want to get your tongue comfortable with the motion.

Now say burrRRrrito. Then dial it back a bit and you're golden. Well, bronzed at least.

Re:

[cayenne8]

Now say burrRRrrito. Then dial it back a bit and you're golden. Well, bronzed at least.

I've never had a problem with this. No matter how I pronounce burrito, rolled R's or not....they give me what I want at Taco Bell, no problems, no big deal.

:D

Re:

[Immerman]

But then if you're only eating at Taco Bell, you've never had a real burrito (or any kind of actual food for that matter), so why should it matter if you can pronounce it or not?

Re:

[OurDailyFred]

I've found it amazing that many otherwise intelligent people will believe that Taco Bell got its name because it was originally owned by the Mexican telephone company.

Try mentioning it the next time you drive past a TB when you have non /. readers in the vehicle.

Well, if you are eating American food

[publiclurker]

why would you feel the need to roll your R's?

Re:

[anagama]

It isn't called Taco Hell for nothing you know.

Re:

[cayenne8]

True..b.ut they are open till after 2am i the morning and when driving home from the bar...it can taste mighty good.

That leftover couple of burritos helps during the hangover the next day too.

Re:

[anagama]

Nice -- that's even better.

Re:can sombody say....

[ShanghaiBill]

Honeypot???

I downloaded it from www.fbi.gov/downloads/i2p.exe and it looks okay. Why do you think it is a honeypot?

Just to be sure, compile it from source

[Anonymous Coward]

I downloaded it from www.fbi.gov/downloads/i2p.exe and it looks okay. Why do you think it is a honeypot?

You should download the source code and compile it yourself. Be sure to use the compiler that is supplied as part of the package.

www.fbi.gov/downloads/i2p/sources/WindowsFullPackage.zip .

Re:

[beastofburdon]

But if you are using the supplied compiler then it could still be compromised. The compiler could be programmed to inject the malicious code.

Re:

[slashdotwannabe]

But if you are using the supplied compiler then it could still be compromised. The compiler could be programmed to inject the malicious code.

I felt a great disturbance in the Force, as if millions of voices suddenly cried out WHOOOSH and were suddenly silenced. I fear something terrible has happened.

Re:

[Cito]

If so, they deliver.

To test it out ordered little pot and a single dose of DMT

Items received

Re:

[Strangely Familiar]

Big deal. Intelligence agencies deal in drugs to accomplish their own ends. It's called establishing trust. Look at the team members on the development of this project. They are all anonymous, as far as I can tell. I have no idea who KillYourTV is. Nor do I know who you are. For me personally, a typical citizen, I have no idea where to go or what to do to maintain my privacy. This goes beyond wanting to look up medical conditions without my ISP and government looking over my shoulder. I don't know who to t

Re:

[Strangely Familiar]

Oh, Anonymous Coward, you are funny! I wish I had mod points today.

Re:

[nuckfuts]

Can somebody spell "somebody"?

Re:

[ganjadude]

no

Re:

[RuffMasterD]

Sumbodee... shit. Sumebodie... dammit. Sombodii... fuck. Summ... far out. Say it again? My dicklessia playing up something orfull.

Re:

[Applehu Akbar]

Let's just introduce the new top-level domain .nsa, and have done with it.

Re:

[Crashmarik]

Imagine how big the NSA's porn collection must be.

Re:

[AmiMoJo]

We know for a fact that if you live in the UK or talk to anyone in the UK over Yahoo webcam chats, you are part of GCHQ's porn collection. You don't need to be naked, just hot enough for the wank bank.

Some people think citations are for the lazy

[tepples]

In the past, some Slashdot users have responded to a request for clarification or citation by trying to shift the burden of proof: "This isn't Wikipedia; if you want a citation, do your own search. It's not my job to teach you how to choose and use a search engine."

Re:

[circletimessquare]

this is a casual forum, not a job or a research paper

if you don't understand what the topic is, yes, you should do your research. if someone is nice and points the way, thank them. if someone doesn't respond, yo don't have a right to feel angry or slighted: nobody is your father here. no one owes you holding your hand and explaining a topic to you

yes, it would be nice if people who are knowledgeable would offer sources more often. the problem is not that they don't. the problem is thankless lazy and immatur

Re:

[gweihir]

Well said. There is a host of literature on security of TOR and I2P. Basically all cannot really be understood by non security-experts and basically all is easy to find for security-experts. Hence I see indeed no reason to elaborate. What I can see here is a lot of people that jump on everything they do not like, regardless of whether it is true or not. That is the "head in the sand" tactics that is typically employed by fanatics. It is also quite telling that these people often do not even have the minimal

Infamous Tor Network?

[hodet]

One crappy drug site and the whole Tor network is now infamous.

Re:

[Anonymous Coward]

It wasn't one crappy drug site, but yes the prominent "dark web" front leader is as a result infamous. There are plenty of innocent and justified uses for systems like tor, but for the average person associates tor with drugs by mail, child porn and murder for hire thanks to the media.

Re:Infamous Tor Network?

[Great Big Bird]

How would you do a traffic study on a network that is encrypted or otherwise as private as it is?

Re:Infamous Tor Network?

[IamTheRealMike]

Why don't you watch the talk and find out? [youtube.com]

Actually I'll just summarise it for you. If you run a lot of Tor nodes you will eventually get picked to host a hidden service directory. Then you can measure lookups for the entries of hidden services to measure their popularity, and crawl them to find out what's on them.

Re:

[cayenne8]

Whatever happened to Freenet?

I thought that was supposed to be the big deal with anonymous websites, etc?

Re:

[Em Adespoton]

It got closely linked with kiddie porn, has abysmal throughput and drops "non-fresh" content.

It actually seems like the perfect solution for hosting torrent magnet files though (not so good for static content you want to sit around for any given amount of time).

Re:

[WorBlux]

Freenet is a little too anonymous. A freesite isn't hosted on a particular computer, rather it is just released and migrates and is cached based on people looking accessing it. You can't delete a listing, and updates can take a while to propogate.

Re:

[lgw]

That measures hidden services traffic, not TOR traffic. I'm not surprised, with Silk Road gone, that 80% of the remaining hidden server traffic is CP - hidden services are mostly for protecting the host (which they've historically done a suspiciously terrible job of), so you expect hidden services to mostly be serving stuff that's illegal for the host. I'd guess the main use of TOR is anonymous access to normal web sites - sites which may be illegal (or just embarrassing) where the client is, but not wher

Re:

[jareth-0205]

How would you do a traffic study on a network that is encrypted or otherwise as private as it is?

Well I imagine you run an exit node and see what comes through it. Exit nodes are unencrypted (necessarily) so it should be fairly easy to do.

Re: Infamous Tor Network?

[Ben Tasker]

Except the study was on hidden services, not through traffic. The study was somewhat flawed (not that I'm claiming I could have done any better) in that lookups do not necessarily mean genuine traffic. A lot of the lookups may also have been LEA monitoring known scumpots. They also only checked whether services were legit at the end of the study, so any non-scummy sites that dissappeared in the meantime weren't counted.

Re:

[jareth-0205]

Ah, shame then that everyone took traffic to equal hidden services... Of course hidden services are likely to be dodgy, but that is itself a proportion of tor traffic, I would expect most tor traffic is evetually accessing public websites.

Re:

[rot26]

"There was a study done recently" that shows anything you want it to.

Re:

[morgauxo]

I do my best to lower that percentage by using it to post anonymous trolls.

Re:

[WorBlux]

A large chuck was porn, not specifically child porn. Makes since as several countries try to filter all explicit material from the Internet, and one of the main aims of the tor project is to bypass filters and firewalls.

Re:Infamous Tor Network?

[Immerman]

Bit of cognitive dissonance there. Even if the overwhelming majority of usage really is for nefarious purposes, that still implies a non-negligible minority of usage for legitimate purposes. That's not "in theory", that's in practice.

Couple that with the fact that I suspect such claims of "overwhelming majority" are looking at bandwidth, and porn is liable to be much more bandwidth-intensive than accessing information suppressed by oppressive regimes, and you could end up with a very different picture.

But hey, stamping out kiddie-porn is a much bigger priority than coordinating people fighting against oppressive governments that would casually murder those children instead, right?

Re:Infamous Tor Network?

[rmstar]

here are plenty of innocent and justified uses for systems like tor, but for the average person associates tor with drugs by mail, child porn and murder for hire thanks to the media.

Truth be told, it's not the media. We live in a world that is far freer than many would like to acknowledge, and for most purposes tor is a hassle or pointless. The end result is that tor is mostly only used when there is a very good reason for it, and since we live in fairly free society, that reason tends to be stuff that gives tor a bad reputation.

There is also this paradoxon that, if we lived in a society where tor would make a difference, tor would most likely not exist or be useless. This is the situation in Saudi Arabia and other similar places. This is so because the real weakness of tor is that, since it is not possible to hide the exit or entry nodes themselves, the network is easy to shut down or to filter out.

Re:Infamous Tor Network?

[jythie]

One of the things that makes pointing this out difficult for some people though is that there are a non-trivial number of people who use it for ideological reasons, so they always have their own small community to point to as examples for legitimate use. But just like the other groups you point out, ideological usage is still not common usage since it provides an inferior network experience for mostly symbolic gains, which the average user has no use for.

Re:

[rmstar]

but I have seen it used in the real world to protect those dissenting against their government.

That's good news, and I'm happy to be wrong on this count. I worry, though, that TOR usage tells the SA secret service who is a dissenter.

Re:

[Anonymous Coward]

As a sysadmin, Tor was infamous for the attacks coming from exit nodes. So much that it became a policy to block all traffic coming from those IPs at the routers, application level, and even the OS level via group policies or recipes. This way, if someone was using TOR for C&C, there was a good chance, something somewhere would block it.

IP blocks are a wise thing in any case for every single public service. If there is no need for Elbonian sites to connect to a VPN service, they get blocked by IP. E

Re: Infamous Tor Network?

[Ben Tasker]

Although it gives your IP some semblance of legitimacy, having a fixed endpoint after Tor (as would be the case with a VPN through tor) is a bad idea in practice - though obviously the measure of bad depends on what your exact threat model is.

Re:

[mi]

for the average person associates tor with drugs by mail, child porn and murder for hire thanks to the media.

That's what I for one think of this entire newfangled "internet" thing, thank you very much...

Re:

[GameboyRMH]

For drugs, and not child porn. I call that progress!

Re:

[jythie]

It is more likely to become quickly forgotten then infamous. The more technologically difficult you make it to access services, the fewer people will actually use them. Sure you will get technolibertarians and other people with both the skill, money, and incentive to use it, but given the extra hassle people are unlikely to bother unless they have some ideological or subculture reason to even consider it. Thus I2P will likely remain niche and probably quickly forgotten outside rather small circles.

Re:

[sudon't]

But I2P is not more difficult to use than Tor. There is no "extra hassle".

With the Tor Browser, there's almost no setup involved, just a few preference settings as I recall. My mother could use Tor if she needed to. I can't imagine her figuring out how to setup I2P on her own. So sure, if you know your way around a computer you can do it, but it's definitely more involved than Tor.

Re:

[sudon't]

Right. There were already drug markets on I2P, and mostly flying under the media radar. Now, Silk Road will bring the same notoriety to I2P that was brought to Tor. I don't blame Silk Road, of course. But, here's to hoping we're approaching the day when it's no longer thought appropriate to lock people in cages, simply because they want to get high.

Re:

[Anonymous Coward]

They insist on you using your real name for your accounts, but let you use Tor. Priceless.

Re:

[gweihir]

Indeed. I am pretty convinced the propaganda implying TOR had been broken serves mainly to drive people to less secure alternatives like I2P. Would not be the first time this happened. A while ago, "they: even succeeded in causing some jihadists to make the terminally stupid decision to roll their own ciphers. Of course, with that the NSA can actually break encryption itself.

Re:

[Anonymous Coward]

propaganda implying TOR had been broken

TOR's own developers admit that PRISM-level metadata collection is sufficient to break the anonymity of TOR.

Millions of idiots pay for millions of servers with credit cards in their own names. What made this idiot special, other than being able to track the packet to the server through the onion?

Was this the case where the government claimed they connected to the server and got an IP address? Where other people took the computer configuration the government released

Re:

[gweihir]

Really, mindless propaganda. TOR is not developed by the US government. You should as Roger Dingledine how that funding came to pass (I did in 2002). Turns out that if TOR was an US government project, it would have been really easy to hide the source of funding. They did not.

What people like you do it drive people to less secure alternatives. That tells me a lot about your motivation.

Re:

[tnk1]

The minute the government presented a valid means of compromising the network, it ceased mattering whether they actually had or not. The resources to make the compromise happen are relatively trivial compared to cracking/bypassing the actual scheme. Those resources are completely within the capability of the government to allocate, so as long as they *can* overwhelm the network with their own nodes, they can do so any time they wish to.

It's much like demonstrating that you can break a previously unbreakab

Re:

[linuxrocks123]

I think the Tor developers personally keep track of who's running the exit nodes. They've been able to catch fake exit nodes and ban them before.

Re:

[gweihir]

You do not get a new padlock that is even easier to defeat....

Re:

[tepples]

Tell us what about I2P makes it "even easier to defeat" than Tor and we'll address that.

Re:

[gweihir]

Have a look into the relevant security research literature. Really.

Re:

[tepples]

Neither I nor a lot of other users who have posted comments to this story know how to find which items of security research literature are relevant to this claim. Where should we start?

What's that saying again?

[OzPeter]

Two people can keep a secret, but only if one of them is dead

But then, from the I2P page [wikipedia.org]

I2P is beta software since 2003. Developers emphasize that there are likely to be bugs in the software and that there has been insufficient peer review to date. However, they believe the code is now reasonably stable and well-developed, and more exposure can help development of I2P.

So while "More secret than TOR", may be true, actually being secret is unknown by the users. But I bet the TLA LEAs will be keeping an eye on it and directing resources to test I2P limits (if they already haven't - they kinda don't like communications they can't tap)

Yeah, until just now

[wonkey_monkey]

'Silk Road Reloaded' Launches On a Network More Secret Than Tor

*sigh* Sure was a nice secret network we had going up until five minutes ago. Thanks a bunch, timothy!

TL;DR - shut uuuuuuup!

Re:

[Immerman]

Okay, so, what exactly do you need torrent-friendliness for on a "secret" network? Aside from the obvious distribution of illegal porn and pirated movies I mean.

I'm assuming there must be *some* legitimate common usage - you make it sound like an important feature, and I just can't see anyone really caring who knows that they're downloading the latest version of Ubuntu.

Re:

[Immerman]

Are there really that many hour-long videos used for such things? Because unless I'm much mistaken there's just not much use for torrenting a website or similarly tiny file.

I suppose a Snowden-style information dump could qualify though.

Re:

[Rosco P. Coltrane]

Oh come on: anyone with a passing interest in trying to get away from ubiquitous corporate and state tracking knows of i2p. It takes a minute of googling to find Tor first, and i2p second.

Re:

[OzPeter]

Oh come on: anyone with a passing interest in trying to get away from ubiquitous corporate and state tracking knows of i2p. It takes a minute of googling to find Tor first, and i2p second.

Do you hear that close-by whooshing sound? It's gotta be pretty loud where you are.

Re:

[smallfries]

Only if he is close to the first echo. Otherwise it could be any volume when it finally passes him by. That is just the price that he pays for his privacy.

Security by obscurity?

[gstoddart]

So, does this provide any actual additional security, or is is just security by obscurity because nobody is using it?

If it's just security by obscurity ... well, good luck with that.

Re:

[quietwalker]

I was going to post this. It's not some secret, kept hidden from folks. It's just simply neither popular nor well known.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Rosco P. Coltrane]

Tor has something i2p doesn't: exit nodes (or outproxies, in i2p parlance). That's what keeps me on Tor, despite the fact that most exit nodes are probably ran by state surveillance agencies: I use it to throw Google and other nosy corporations off my tracks when I browse the regular internet, not to escape state surveillance or buy drugs. There's no escaping the latter anyway...

Re:

[Paco103]

Peer pressure. . . .you ever try saying no?

Re:

[crow]

I run a Tor relay, but I set it up to also allow exit for specific sites, such as Google.

I don't use Tor much myself, but I figure I'm a step ahead of the game by being in the habit of opening most links in a private browser (killing tracking unless I'm tethered to my phone--thanks Verizon).

Re:

[jythie]

As the saying goes, 'standard is better than the best solution'.

Tor is more well known, so it has more people and services on it, which makes it a better protocol to actually use if you want to connect to other people and services. i2p, no matter how much additional technical advantage it has, is useless unless there is a critical mass of users to make it worthwhile. It does not take shadowy state or media manipulation to keep it on top, just simple emergent behavior.

please re-write in C

[SethJohnson]

Not trying to launch a debate here. I do like Java for a LOT of things. But a software router needs to be lightweight so it can run in very low-overhead environments. Tor runs nicely on settop boxes and many SOC hardware opportunities like RaspberryPI or low-end VPSs.

The memory footprint of a JVM is going to keep a java-based software router like i2p off those devices.

Re:

[rdnetto]

I'd say the bigger issue is that Java is not as portable as C, partly because of its overhead. The difference is really only negligible on a desktop.

the hard work is the cryptography

Agreed, and if there's one thing the OpenSSL folks have shown, it's that doing it right is hard. The more components you have in your stack, the more opportunities there are for bugs to slip in. (e.g. the infamous OpenSSL allocator). Java has a very thick stack (especially due to its tendency to use layers of objects for everything) - I'm not sure I'd rely on i

Re: Copping

[Anonymous Coward]

That involves:
- Leaving your basement
- Knowing what areas to go/people to ask
- Having a network of real world friends who can point you to the above
- Having a basic level of street smarts and socialisation to reduce your chances of being scammed/robbed/murdered/busted by cops
- Not being shit scared of approaching people who could personally harm you

You may think the above isn't such a big deal, but to a large number of people to whom silkroad etc appeals, it is as daunting to them as setting up an encrypted

Re:

[sudon't]

Can't you just cop dope on the street corner in the hood like the rest of us joes? I suppose thats harder if you live in a really rural area though...

The street corner in the 'hood typically has one of two products, neither of which some people will want. Online drug markets have a wide selection of interesting and unusual products. For instance, opium is almost never imported into the US because of the bulk vs profit factor. Thanks to prohibition, it's much more profitable to turn it into heroin, and so it's rarely seen "on the street." But, you can order yourself a nice chunk online, and be assured of the quality because of the site's rating and commen

Re:

[account_deleted]

Comment removed based on user account deletion

You want to go to silk road?

[BarbaraHudson]

"You want to go to Silk Road 2.0? You're either nuts or on drugs."

Russian honeypot?

[Anonymous Coward]

I have tried I2P several times for torrent and iMule to avoid university anti piracy regulations and it was ridiculously slow, download times were about 10KB/sec and that is not good for movies. EEpsites are also quite slow first time they are loaded. Most nodes were in Russia, some were also in Romania and similar east european countries, also some in India and Brazilia. If it is a honeypot, it is most probably Russian honeypot as there are many Russian IPs. Not good for political activism, good enough for

What makes it 'more secret'?

[fuzzyfuzzyfungus]

Given that size is a fairly useful attribute for an 'anonymous' network(if the system is so small that a little traffic analysis can identify the 10 cypherpunks and couple of dozen kiddie porn enthusiasts that actually use it, it isn't too useful no matter how elegant the design), what does i2P fix about TOR to be worth the greater obscurity?

Re:

[Em Adespoton]

In reality, the only thing making it "more secret" is the fact that you can split the communications up into small UDP packets instead of a TCP stream. That means that for certain uses, it can be more secret; but performing HTTP transactions isn't one of them.

Yet Another X-Bone

[jd]

People have been designing virtual networks for decades. I2P is well advertised on Freenet, itself a well-known secure network.

Nothing new here. The security and reliability of none of this software is proven, it may not even be provable due to the distributed nature. That reduces the problem to one of how many people you're ok with knowing what you're doing.

Secret?

[mbone]

If we are discussing it on Slashdot, it's not secret.

Is the article serious?

[Champaklal]

"Naturally, Silk Road Reloaded has its own forum as well. At the moment, there isn't a single posting, but it seems to function normally."

what was that supposed to mean?

Re:

[gstoddart]

You should have Bennett Haselton pay the site a visit and do a write-up.

You know, tweaking would explain a lot ...