De-anon risk on I2P with consumer firewall products?

Posted by blueraspberryesketimine in I2P (edited by a moderator )

I have a firewalla purple. it's an easy-mode firewall but it keeps throwing alarms about i2p, not knowing what it's sending but not trusting who it's talking to. There's no way to create an exception for i2p as the destinations vary. Fine, I'll build a proper OPNsense firewall once I get some extra money for parts. However, this got me thinking about these cloud-enabled consumer firewall products and how they work.

The firewalla line of products are cloud enabled devices that utilize cloud intelligence. They are nowhere near powerful enough to peek into all the traffic that flows through them, but they can check against multiple online security services to see if your devices are connecting to addresses with poor reputations.

This is a problem.

Is it theoretically possible that devices like these could be used to de-anon people whose traffic passes through my relay? While it's unlikely a significant number of i2p users would buy firewalla devices, I'd imagine the IP logs kept by ISPs could just be fed to an AI and used to hunt down users. AI is bad at just about everything, but it's great at pattern recognition with large data sets.

I guess what I'm asking is how I2P protects vulnerable users from simply comparing logs from ISPs and consumer security product logs.

1

Comments

You must log in or register to comment.

z3d wrote (edited )

There's no way to create an exception for i2p as the destinations vary.

Allow all inbound and outbound traffic on your configured TCP and UDP port indicated on http://127.0.0.1:7657/confignet#udpconfig in I2P+. You should expect that traffic to only be handled by your Java runtime. No other ports on I2P need to exposed publicly (in your firewall).

1

blueraspberryesketimine OP wrote (edited )

incorrect. The port the relay uses to the outside world is random and not to be disclosed, and certainly never a fixed port posted on a ramble post. Also, this fails to address my question. products like the firewalla purple can phone home and keep track of all the connections made on the port I granted a firewall exception to. My question was whats stopping the companies behind these products (or even just he ISPs themselves) from linking all the connections people are making on I2P? They wouldn't know the content of the data being sent but they would be able to piece together the paths it took potentially leading to deanon.

1

cumlord wrote

you should be able to set the port like z3d said and it'll only use that, dangerous to share obviously because port scanning could be done to identify from suspected ips

i think in theory this is probably true to an extent, we're getting into the realm of traffic analysis. There's some info on this on http://i2p-projekt.i2p/en/docs/how/threat-model

1

blueraspberryesketimine OP wrote (edited )

I wonder how the intel management engine and AMD PSP could be used to track I2P users. They make up the majority of the nodes on this network. We really don't have a way to fight that unless we all jump to RISC-V right? Also, that article is interesting but incredibly outdated. It's from 2010. Id imagine the security posture of i2p has improved dramatically since then.

1

cumlord wrote (edited )

it probably could, to me that along with traffic analysis are things that fall more into state sponsored level attack. guess avoiding those chipsets is the way or disabling it, but only 3 people are going to do that. like i'd think that at least with intel it's basically a backdoor, probably would take a fair amount of effort for someone outside of them to exploit it. but i guess that doesn't stop intel from gathering intel, lol

there's a surprising amount of low-lying fruit that can be way easier to do for non state actors. Best to assume your ip address is known to be running i2p as public knowledge, and like just poking around the netdb will give info that can sometimes lead to deanon if not careful

1