I have a firewalla purple. it's an easy-mode firewall but it keeps throwing alarms about i2p, not knowing what it's sending but not trusting who it's talking to. There's no way to create an exception for i2p as the destinations vary. Fine, I'll build a proper OPNsense firewall once I get some extra money for parts. However, this got me thinking about these cloud-enabled consumer firewall products and how they work.

The firewalla line of products are cloud enabled devices that utilize cloud intelligence. They are nowhere near powerful enough to peek into all the traffic that flows through them, but they can check against multiple online security services to see if your devices are connecting to addresses with poor reputations.

This is a problem.

Is it theoretically possible that devices like these could be used to de-anon people whose traffic passes through my relay? While it's unlikely a significant number of i2p users would buy firewalla devices, I'd imagine the IP logs kept by ISPs could just be fed to an AI and used to hunt down users. AI is bad at just about everything, but it's great at pattern recognition with large data sets.

I guess what I'm asking is how I2P protects vulnerable users from simply comparing logs from ISPs and consumer security product logs.

z3d wrote on April 14, 2025 at 10:14 PM (edited on April 14, 2025 at 10:14 PM)

Allow all inbound and outbound traffic on your configured TCP and UDP port indicated on http://127.0.0.1:7657/confignet#udpconfig in I2P+. You should expect that traffic to only be handled by your Java runtime. No other ports on I2P need to exposed publicly.

De-anon risk on I2P with consumer firewall products?

Comments

z3d wrote on April 14, 2025 at 10:14 PM (edited on April 14, 2025 at 10:14 PM)