<h​ardenedsteel:monero.social> (Update I2P guide to use i2pd #2277)[monero-project/monero-site #2277]

<h​ardenedsteel:monero.social> [Update I2P guide to use i2pd #2277](monero-project/monero-site #2277)

<h​ardenedsteel:monero.social> Should we remove the guide quickly? It looks it has critical security vulnerability

<h​ardenedsteel:monero.social> > Attackers can de-anonymize i2p hidden services with a message replay attack

<o​frnxmr:xmr.mx> I2pzero builds i2p from source

<o​frnxmr:xmr.mx> afaik

<o​frnxmr:xmr.mx> monero-project/monero-site #2277#issuecomment-2038882189

<o​frnxmr:xmr.mx> And PurpleI2P/i2pd_docs_en #95 onky adds a i2p entry to rpc, doesnt actually setup i2p for monero

<o​frnxmr:xmr.mx> (And afaict, the type should be "server" not "http")

<o​frnxmr:xmr.mx> I2pzero builds i2p from source edit: pulls in the latest i2p java version

<h​ardenedsteel:monero.social> i think RPC request would require http but monerod server

<o​frnxmr:xmr.mx> Rpc transfers much more than get_info's http page

<o​frnxmr:xmr.mx> monerod server makes sense, i agree, but i think rpc is server too

<o​frnxmr:xmr.mx> there is a way to retrieve the b32 address without the webconsole, but im not sure how

<o​frnxmr:xmr.mx> I use the i2pd-tools `./keyinfo` command

<b​asses:matrix.org> what about other dependencies?

<o​frnxmr:monero.social> Couldnt tell ya. Never uaed i2pzero

<b​asses:matrix.org> and their NSIS installer, there have been 3 releases after 2021

<o​frnxmr:monero.social> Always used i2pd. Aside from broken outproxies, i2pd seems better to me (lower ram, better connection stability etc)

<b​asses:matrix.org> then we agree on replacing the guide with more modern, efficient and secure i2p version (i2pd) 🤝

<b​asses:matrix.org> Agree

<o​frnxmr:xmr.mx> of course

<o​frnxmr:xmr.mx> Plowsof wrote a draft and i was gonna finish it but monero's implementation has some ugly bugs

<h​ardenedsteel:monero.social> its great but the devs make me a bit worried: PurpleI2P/i2pd #2034

<o​frnxmr:xmr.mx> had*

<o​frnxmr:xmr.mx> This was because of kovri

<o​frnxmr:xmr.mx> PurpleI2P/i2pd #1965#issuecomment-1706153466

<o​frnxmr:xmr.mx> this is a better example

<b​asses:matrix.org> >Current coding guidelines doesn't allow someone to contribute I2Pd if someone involved in Monero but meanwhile I2Pd accepts Monero as donation.

<b​asses:matrix.org> where does it say that exactly?

<h​ardenedsteel:monero.social> not anymore they changed.

<b​asses:matrix.org> looks changed

<b​asses:matrix.org> then no need to rehash history

<o​frnxmr:xmr.mx> It was changed

<b​asses:matrix.org> seems fine to me

<o​frnxmr:xmr.mx> Anyway, i didn't do the i2pd guide for 3 reasons

<o​frnxmr:xmr.mx> 1. Disrespect

<o​frnxmr:xmr.mx> 2. docs was in discussion and stalled for 7+ months due to #1

<o​frnxmr:xmr.mx> 3. monero's i2p implementation was dangerously broken

Making monero traffic look like https is more important?

<o​frnxmr:xmr.mx> 3 is fixed, 2 is in progress as of ~2 weeks ago, 1 is pending getting 2 up and running

<b​asses:matrix.org> 💯

<o​frnxmr:xmr.mx> Monero traffic like https is kind of weird comsidering self-signed certs are easily mitm'd

I2pd is a drop in replacement for i2pzero clients. But thats still not good enough, they want the SAM thing (related bounty)

<o​frnxmr:xmr.mx> Sam is a good idea, as is torcontrol

<o​frnxmr:xmr.mx> Doesnt make a whole lot of sense to require someone to manually generate hidden services

<o​frnxmr:xmr.mx> But similarly, we need some tor nodes on stressnet

Jeffro256 can speak more on the 'look like https' thing, im not sure if its that exactly but monero traffic not disguised. Not on our roadmap currently though

<o​frnxmr:xmr.mx> To see how they behave under heavy traffic

<o​frnxmr:xmr.mx> Monero traffic is trivially blocked at the isp level

<r​ottenwheel:kernal.eu> Sir?

<o​frnxmr:xmr.mx> I2p, torrents etc uses random ports. Monero nodes are almost all using 18080 over plain text connections

<o​frnxmr:xmr.mx> plowsof's dms are close for the day

<h​ardenedsteel:monero.social> github.com/PurpleI2P/i2pd/blob/d75f…e31edc01/libi2pd/Identity.h#L67-L79

<h​ardenedsteel:monero.social> old.reddit.com/r/i2p/comments/zp8j2…loper_trusts_the_russian_government

<h​ardenedsteel:monero.social> gostco.in

<o​frnxmr:xmr.mx> Perfect daemon argues that the best solution is to use anonymity networks, that 443 etc is a waste

<o​frnxmr:xmr.mx> at least some I2pd devs are russian

<o​frnxmr:xmr.mx> And tor was built by us gov

<o​frnxmr:xmr.mx> ^

<h​ardenedsteel:monero.social> not i2p dev's comment

<h​ardenedsteel:monero.social> > > so I believe ipv6=true should be the default

<h​ardenedsteel:monero.social> > No. Less than 10% of users still have IPv6 with their ISPs.

<h​ardenedsteel:monero.social> r4sas's comment

<o​frnxmr:monero.social> Thats an i2pd dev

<h​ardenedsteel:monero.social> with one commit

<h​ardenedsteel:monero.social> matrix.monero.social/_matrix/media/…ero.social/JKsbVDGSmvtmjPRCPwsfxQHt

<h​ardenedsteel:monero.social> matrix.monero.social/_matrix/media/…ero.social/vSKEuhjEGwZCVAnVMEINYJNE

<o​frnxmr:monero.social> wipedlifepotato/i2pd 0c3d444

<h​ardenedsteel:monero.social> hmm so not merged

<o​frnxmr:monero.social> Yea, he has i2pd-android repo and commits there too

<b​asses:matrix.org> read somewhere that traffic obfuscation is not for Monero is not that great, might cause traffic to get censored.

<b​asses:matrix.org> FSB

<b​asses:matrix.org> traffic obfuscation for Monero*

i read on the internet that relying on i2p/tor is also not good

check mate

<j​effro256:monero.social> There is no traffic obfuscation for Monero currently on clearnet. On the contrary, each Monero p2p message is prepended with a Cryptonote-specific 8 byte string which makes deep packet inspection very easy

<b​asses:matrix.org> agree, too much overhead

<b​asses:matrix.org> Are there any open issue so I can track progress?

<j​effro256:monero.social> There's no really a specific Github issue since it's been a known issue basically since its inception

<r​ottenwheel:kernal.eu> Isn't dandelion++ some type of clearnet traffic obfuscation though? 🤔 Or is that network? Are they different?

<r​ottenwheel:kernal.eu> Who am I?

not currently on our roadmap, im not sure if there are any specific issues / efforts to obfuscate moneros traffic, im only aware of jeffros comments

<j​effro256:monero.social> However, there is a PR to add e2e ssl encryption here: monero-project/monero #8996

<r​ottenwheel:kernal.eu> Or that's more of a built-in Tor socks service you're talking about?

<r​ottenwheel:kernal.eu> Kovri style.

D++ is for hiding where the transaction was broadcast from

<o​frnxmr:xmr.mx> jeffro256: meeting in -dev

ofcourse theres more to it but i have no idea about that^

<j​effro256:monero.social> Yes, dandelion++ is a clearnet traffic network obfuscation for transaction propagation. I was talking about for general traffic

<j​effro256:monero.social> And dandelion++ does nothing to hide messages from ISPs

yes, we need monero traffic to look like we're watching adverts between our candy crush gaming sessions and/or twitter browsing

<r​ottenwheel:kernal.eu> Right, it adds the fluffy and propagation phase to the tx. protocol workfkow but doesn't necessarily obfuscate the fact that parties have interacted with the monero network. Makes sensr.

<r​ottenwheel:kernal.eu> Right, it adds the fluffy and propagation phase to the tx. protocol workfkow but doesn't necessarily obfuscate the fact that parties have interacted with the monero network. Makes sense.

<r​ottenwheel:kernal.eu> plowsof hack Facebook and route all gaming traffic to monero's network, then distribute among all connected peers, nodes and wallets alike.

<r​ottenwheel:kernal.eu> Good luck with all the plumbing and development though.

<b​asses:matrix.org> Can countries like China interfere with someone mining monero and block it? Doubt this is within russia best interest due to sanctions

<r​ottenwheel:kernal.eu> Swap Facebook's gaming traffic for that of XMR's clearnet, onion and i2p traffic. Profit.

monero usage is banned in some places in the world, so hopping on to the private by defaul clearnet network in those places and you're on a list :(

facebook is something i have not considered, but would be a game changer. i think 2 meetings and a live brainstorming session would get it done

should ssl support for p2p be on our roadmap? is it a big deal jeffro256

<j​effro256:monero.social> Yes, without modifications to the current `monerod`, IIUC, blocking packages starting with the "epee storage format header" would stop all block propagations

<j​effro256:monero.social> Using Tor or i2p could mitigae this if you were able to get around the ISPs restrictions

<b​asses:matrix.org> wonder if there are any cryptos that does obfuscation for all of their traffic 🤔

<b​asses:matrix.org> We should probably add a page in website/docs with all Monero security audits/analyses, even the wallet

<b​asses:matrix.org> idk if the wallet had any security audit btw

<h​ardenedsteel:monero.social> afaik no

<h​ardenedsteel:monero.social> however there's hidden mode

<h​ardenedsteel:monero.social> it automatically activates in certain countries

<h​ardenedsteel:monero.social> geti2p.net/sv/about/restrictive-countries

<h​ardenedsteel:monero.social> geti2p.net/en/about/restrictive-countries

<b​asses:matrix.org> I see it as an opportunity for Monero to innovate!

<h​ardenedsteel:monero.social> i think out of scope from our work

<h​ardenedsteel:monero.social> i think its out of scope from our work

<b​asses:matrix.org> why?

<s​yntheticbird:monero.social> rando (spoiler: I researched it for potentially integrating it into cuprate) network traffic obfuscation is extremely hard todo and the general benefits of such approach only applies to users behind authoritarian states, where it would be technically (and privacy-wise) beneficial to use an external network obfuscation tool

<s​yntheticbird:monero.social> It's not impossible. But it is very hard to get right

<s​yntheticbird:monero.social> if your goal is to hide your monero node activity from your ISP/Gov, a simple Wireguard over TLS or V2Ray would do the trick just fine

<s​yntheticbird:monero.social> also Tor only

<r​ucknium:monero.social> I agree. Even if you can make monerod's traffic stream look like regular web traffic, you are still connecting to IPs/ports that are known to be part of the Monero network. The network is permissionless. Honest nodes need to be able to find each other. An adversary can find other nodes' IP/port with the same method that honest nodes can.

<r​ucknium:monero.social> There may be ways to defend against certain adversaries, but it needs a lot of research. Other anonymity networks have similar problems. Probably Monero could learn from them.

<s​yntheticbird:monero.social> I initially made a draft for enabling a mitigation to active probing by forcing nodes to exchange informations signed by the peers themselves. A node would have needed a known neighbor nodes to ask the target node to sign the request so that the target node accept this connection. Otherwise just drop it. But it just force adversaries to slowly build up the network graph, nothing to useful.

<b​asses:matrix.org> ok, thx

<h​ardenedsteel:monero.social> updated the tutorial

<h​ardenedsteel:monero.social> for p2p traffic over i2p

<o​frnxmr:xmr.mx> Technically cant work like that

<h​ardenedsteel:monero.social> then what's the purpose of i2pzero tutorial?

<o​frnxmr:xmr.mx> it sets up anonymous-inbound on a different port

<h​ardenedsteel:monero.social> what about outbound?

<h​ardenedsteel:monero.social> do you mean this ``Monero nodes cannot sync the blockchain over Tor or I2P, but the node can broadcast transactions and let users connect over these anonymizing networks.`` ?

<h​ardenedsteel:monero.social> do you mean this `Monero nodes cannot sync the blockchain over Tor or I2P, but the node can broadcast transactions and let users connect over these anonymizing networks.` ?

<o​frnxmr:xmr.mx> -tx-proxy=i2p,127.0.0.1:4447[,<numofpeers>][,disable_noise]

<o​frnxmr:xmr.mx> --anonymous-inbound=your.b32.i2p,127.0.0.1:18085[,<numofpeers>]

<h​ardenedsteel:monero.social> done

<h​ardenedsteel:monero.social> but we need to solve docs site issue

<h​ardenedsteel:monero.social> but first we need to solve docs site issue

<3​21bob321:monero.social> ?

<h​ardenedsteel:monero.social> migrating documentation page to somewhere else

<h​ardenedsteel:monero.social> getmonero.dev or docs.getmonero.org

<o​frnxmr:monero.social> that's easy. docs.getmonero.org ofc

<o​frnxmr:monero.social> A community owned and run project, not magicgrants thing

<o​frnxmr:monero.social> github credits will be displayed at the bottom of each page

<b​asses:matrix.org> stalking privacyguides?

<o​frnxmr:xmr.mx> Nope

<o​frnxmr:xmr.mx> Why do you ask?

<h​ardenedsteel:monero.social> privacyguides credits every individual that wrote the page

<h​ardenedsteel:monero.social> and different credits for different pages

<o​frnxmr:xmr.mx> Its an mkdocs plugin

<b​asses:matrix.org> clipboard.png

<b​asses:matrix.org> free or requires insiders?

<o​frnxmr:xmr.mx> Plowsof posted example here previously

<o​frnxmr:xmr.mx> Erm,. In Monero Docs

<o​frnxmr:xmr.mx> Free

<3​21bob321:monero.social> 999xmr

<3​21bob321:monero.social> Under threshold

<b​asses:matrix.org> CCS have the funds for that

<b​asses:matrix.org> best investment

<h​ardenedsteel:monero.social> @ofrnxmr:xmr.mx the i2pd tutorial may have licensing issue 🤔

<h​ardenedsteel:monero.social> > CC-BY-SA 4.0, Maintained by the PurpleI2P team

<h​ardenedsteel:monero.social> so if we reuse the content we will have to attribute

<p​lowsof:matrix.org> mkdocs has github author plugin, and github contributor one

<p​lowsof:matrix.org> if "PurpleI2P" need to be an author, then --amend the author on a commit 🤷

<o​frnxmr:monero.social> No we dont

<o​frnxmr:monero.social> Its your content

<h​ardenedsteel:monero.social> until PR gets merged

<o​frnxmr:monero.social> Open pr on monero-docs 😂

<o​frnxmr:monero.social> We'll merge first

<h​ardenedsteel:monero.social> yep thats what i meant

<h​ardenedsteel:monero.social> CC0 also can work

<o​frnxmr:monero.social> monero-docs is mit

<h​ardenedsteel:monero.social> mit is for software

<h​ardenedsteel:monero.social> creative commons for the content

<p​lowsof:matrix.org> i guess docs content should be CC then 🤔🤷

<h​ardenedsteel:monero.social> so confusing tbh

<3​21bob321:monero.social> Well mkdocs is software

<h​ardenedsteel:monero.social> does mit license include the content in the site?

<3​21bob321:monero.social> ©️monero community fund

<3​21bob321:monero.social> I’d say the copyright does

<3​21bob321:monero.social> Licence for software and copyright for content

<3​21bob321:monero.social> So like magic grants they copyright there content

<h​ardenedsteel:monero.social> great but where is monerodocs' copyright for the content? it doesnt have github.com/monerodocs/md

<h​ardenedsteel:monero.social> most likely unintentional

related opensource.stackexchange.com/questi…docs-with-cc-by-4-0-rather-than-mit

using cc for content does not change anything , its what we think MIT is .. its what monero observer is licensed under so people display their content embedded on other sites, but attribute it

does getmonero have a license for the content

apparently CC monero.stackexchange.com/questions/…opyrighted-with-a-cc-by-3-0-license

getmonero.org/legal yes cc

docs dot getmonero will fall under that umbrella automagically

<h​ardenedsteel:monero.social> and BSD-3 for the software

<h​ardenedsteel:monero.social> matrix.monero.social/_matrix/media/…ero.social/ztIPKZPkUytAbDrRdBRGwlHM

github.com/squidfunk/mkdocs-material/tree/master (theme) MIT , github.com/mkdocs/mkdocs BSD-2

we dont control the software licenses, only the content (for docs specifically then.. but i know nothing about copyrights)

<o​frnxmr:monero.social> Monero Docs

<h​ardenedsteel:monero.social> I don’t want to choose a license. [Here’s what happens if you don’t](choosealicense.com/no-permission)

<h​ardenedsteel:monero.social> > When you make a creative work (which includes code), the work is under exclusive copyright by default. Unless you include a license that specifies otherwise... Once the work has other contributors (each a copyright holder), “nobody” starts including you.

<o​frnxmr:monero.social> Were in the wrong room

<h​ardenedsteel:monero.social> 😂

<o​frnxmr:monero.social> Mb's gonna whack us

<h​ardenedsteel:monero.social> > If you find software that doesn’t have a license, that generally means you have no permission from the creators of the software to use, modify, or share the software. Although a code host such as GitHub may allow you to view and fork the code, this does not imply that you are permitted to use, modify, or share the software for any purpose.

<h​ardenedsteel:monero.social> lol thats fucked up actually...

<p​lowsof:matrix.org> on topic then: on the legal page, read the privacy policy

<p​lowsof:matrix.org> what we use data for

<p​lowsof:matrix.org> dead links are auto detected apparently.. stats also (not)

<o​frnxmr:monero.social> no permission != its free

<o​frnxmr:monero.social> github.com/monero-project/monero-site/blob/master/README.md#L341

<o​frnxmr:monero.social> Are we sure monero-site is cc? It looks like its confused too

<o​frnxmr:monero.social> github.com/monero-project/monero-site/blob/master/legal%2Findex.md

<o​frnxmr:monero.social> here we go

<o​frnxmr:monero.social> Sorry plow, you already posted the "legal" page

<h​ardenedsteel:monero.social> CC BY-SA 4.0 for the content

<h​ardenedsteel:monero.social> BSD-3 for the software/code

<3​21bob321:monero.social> Monero legal department plz look into

<h​ardenedsteel:monero.social> we had something like this afaik

<h​ardenedsteel:monero.social> which room was that