blueraspberryesketimine OP wrote on April 16, 2025 at 5:27 PM (edited on April 16, 2025 at 5:28 PM)

Reply to comment by z3d in De-anon risk on I2P with consumer firewall products? by blueraspberryesketimine

incorrect. The port the relay uses to the outside world is random and not to be disclosed, and certainly never a fixed port posted on a ramble post. Also, this fails to address my question. products like the firewalla purple can phone home and keep track of all the connections made on the port I granted a firewall exception to. My question was whats stopping the companies behind these products (or even just he ISPs themselves) from linking all the connections people are making on I2P? They wouldn't know the content of the data being sent but they would be able to piece together the paths it took potentially leading to deanon.

cumlord wrote on April 17, 2025 at 4:40 PM

you should be able to set the port like z3d said and it'll only use that, dangerous to share obviously because port scanning could be done to identify from suspected ips

i think in theory this is probably true to an extent, we're getting into the realm of traffic analysis. There's some info on this on http://i2p-projekt.i2p/en/docs/how/threat-model

blueraspberryesketimine OP wrote on April 17, 2025 at 6:06 PM (edited on April 17, 2025 at 7:07 PM)

I wonder how the intel management engine and AMD PSP could be used to track I2P users. They make up the majority of the nodes on this network. We really don't have a way to fight that unless we all jump to RISC-V right? Also, that article is interesting but incredibly outdated. It's from 2010. Id imagine the security posture of i2p has improved dramatically since then.

cumlord wrote on April 17, 2025 at 7:19 PM (edited on April 17, 2025 at 7:27 PM)

it probably could, to me that along with traffic analysis are things that fall more into state sponsored level attack. guess avoiding those chipsets is the way or disabling it, but only 3 people are going to do that. like i'd think that at least with intel it's basically a backdoor, probably would take a fair amount of effort for someone outside of them to exploit it. but i guess that doesn't stop intel from gathering intel, lol

there's a surprising amount of low-lying fruit that can be way easier to do for non state actors. Best to assume your ip address is known to be running i2p as public knowledge, and like just poking around the netdb will give info that can sometimes lead to deanon if not careful