16:45:40 (Update I2P guide to use i2pd #2277)[https://github.com/monero-project/monero-site/issues/2277] 16:45:58 [Update I2P guide to use i2pd #2277](https://github.com/monero-project/monero-site/issues/2277) 16:46:48 Should we remove the guide quickly? It looks it has critical security vulnerability 16:46:56 > Attackers can de-anonymize i2p hidden services with a message replay attack 16:49:53 I2pzero builds i2p from source 16:49:59 afaik 16:50:18 https://github.com/monero-project/monero-site/issues/2277#issuecomment-2038882189 16:51:13 And https://github.com/PurpleI2P/i2pd_docs_en/pull/95 onky adds a i2p entry to rpc, doesnt actually setup i2p for monero 16:52:23 (And afaict, the type should be "server" not "http") 16:52:43 I2pzero builds i2p from source edit: pulls in the latest i2p java version 16:54:25 i think RPC request would require http but monerod server 16:55:08 Rpc transfers much more than get_info's http page 16:55:40 monerod server makes sense, i agree, but i think rpc is server too 16:57:18 there is a way to retrieve the b32 address without the webconsole, but im not sure how 16:57:39 I use the i2pd-tools `./keyinfo` command 17:17:20 what about other dependencies? 17:23:03 Couldnt tell ya. Never uaed i2pzero 17:23:47 and their NSIS installer, there have been 3 releases after 2021 17:23:49 Always used i2pd. Aside from broken outproxies, i2pd seems better to me (lower ram, better connection stability etc) 17:25:45 then we agree on replacing the guide with more modern, efficient and secure i2p version (i2pd) 🤝 17:26:17 Agree 17:30:14 of course 17:30:44 Plowsof wrote a draft and i was gonna finish it but monero's implementation has some ugly bugs 17:30:53 its great but the devs make me a bit worried: https://github.com/PurpleI2P/i2pd/issues/2034 17:31:01 had* 17:31:22 This was because of kovri 17:32:39 https://github.com/PurpleI2P/i2pd/issues/1965#issuecomment-1706153466 17:32:39 this is a better example 17:32:51 >Current coding guidelines doesn't allow someone to contribute I2Pd if someone involved in Monero but meanwhile I2Pd accepts Monero as donation. 17:32:53 where does it say that exactly? 17:33:01 not anymore they changed. 17:33:03 looks changed 17:33:18 then no need to rehash history 17:33:19 It was changed 17:33:25 seems fine to me 17:35:19 Anyway, i didn't do the i2pd guide for 3 reasons 17:35:21 1. Disrespect 17:35:23 2. docs was in discussion and stalled for 7+ months due to #1 17:35:25 3. monero's i2p implementation was dangerously broken 17:36:16 Making monero traffic look like https is more important? 17:36:37 3 is fixed, 2 is in progress as of ~2 weeks ago, 1 is pending getting 2 up and running 17:36:56 💯 17:37:08 Monero traffic like https is kind of weird comsidering self-signed certs are easily mitm'd 17:37:12 I2pd is a drop in replacement for i2pzero clients. But thats still not good enough, they want the SAM thing (related bounty) 17:37:44 Sam is a good idea, as is torcontrol 17:38:13 Doesnt make a whole lot of sense to require someone to manually generate hidden services 17:38:49 But similarly, we need some tor nodes on stressnet 17:39:01 Jeffro256 can speak more on the 'look like https' thing, im not sure if its that exactly but monero traffic not disguised. Not on our roadmap currently though 17:39:08 To see how they behave under heavy traffic 17:39:36 Monero traffic is trivially blocked at the isp level 17:40:14 Sir? 17:40:15 I2p, torrents etc uses random ports. Monero nodes are almost all using 18080 over plain text connections 17:40:43 plowsof's dms are close for the day 17:41:17 https://github.com/PurpleI2P/i2pd/blob/d75f15104ea43fd28aad98f89978562be31edc01/libi2pd/Identity.h#L67-L79 17:41:19 https://old.reddit.com/r/i2p/comments/zp8j2j/i2pd_developer_trusts_the_russian_government/ 17:41:21 https://gostco.in/ 17:41:32 Perfect daemon argues that the best solution is to use anonymity networks, that 443 etc is a waste 17:42:00 at least some I2pd devs are russian 17:42:10 And tor was built by us gov 17:42:21 ^ 17:45:08 not i2p dev's comment 17:46:20 > > so I believe ipv6=true should be the default 17:46:21 > No. Less than 10% of users still have IPv6 with their ISPs. 17:46:30 r4sas's comment 17:49:02 Thats an i2pd dev 17:49:21 with one commit 17:49:26 https://matrix.monero.social/_matrix/media/v1/download/monero.social/JKsbVDGSmvtmjPRCPwsfxQHt 17:50:29 https://matrix.monero.social/_matrix/media/v1/download/monero.social/vSKEuhjEGwZCVAnVMEINYJNE 17:50:39 https://github.com/wipedlifepotato/i2pd/commit/0c3d44456f1109a951c4ee37f82128d9b58b156c 17:51:52 hmm so not merged 17:52:18 Yea, he has i2pd-android repo and commits there too 17:53:22 read somewhere that traffic obfuscation is not for Monero is not that great, might cause traffic to get censored. 17:53:42 FSB 17:54:35 traffic obfuscation for Monero* 17:55:41 i read on the internet that relying on i2p/tor is also not good 17:55:58 check mate 17:56:21 There is no traffic obfuscation for Monero currently on clearnet. On the contrary, each Monero p2p message is prepended with a Cryptonote-specific 8 byte string which makes deep packet inspection very easy 17:56:34 agree, too much overhead 17:57:44 Are there any open issue so I can track progress? 17:59:11 There's no really a specific Github issue since it's been a known issue basically since its inception 17:59:21 Isn't dandelion++ some type of clearnet traffic obfuscation though? 🤔 Or is that network? Are they different? 17:59:24 Who am I? 17:59:27 not currently on our roadmap, im not sure if there are any specific issues / efforts to obfuscate moneros traffic, im only aware of jeffros comments 17:59:32 However, there is a PR to add e2e ssl encryption here: https://github.com/monero-project/monero/pull/8996 17:59:53 Or that's more of a built-in Tor socks service you're talking about? 17:59:58 Kovri style. 18:00:01 D++ is for hiding where the transaction was broadcast from 18:00:25 jeffro256: meeting in -dev 18:00:26 ofcourse theres more to it but i have no idea about that^ 18:00:49 Yes, dandelion++ is a clearnet traffic network obfuscation for transaction propagation. I was talking about for general traffic 18:01:05 And dandelion++ does nothing to hide messages from ISPs 18:01:24 yes, we need monero traffic to look like we're watching adverts between our candy crush gaming sessions and/or twitter browsing 18:01:57 Right, it adds the fluffy and propagation phase to the tx. protocol workfkow but doesn't necessarily obfuscate the fact that parties have interacted with the monero network. Makes sensr. 18:02:26 Right, it adds the fluffy and propagation phase to the tx. protocol workfkow but doesn't necessarily obfuscate the fact that parties have interacted with the monero network. Makes sense. 18:02:58 plowsof hack Facebook and route all gaming traffic to monero's network, then distribute among all connected peers, nodes and wallets alike. 18:03:09 Good luck with all the plumbing and development though. 18:03:38 Can countries like China interfere with someone mining monero and block it? Doubt this is within russia best interest due to sanctions 18:03:51 Swap Facebook's gaming traffic for that of XMR's clearnet, onion and i2p traffic. Profit. 18:04:32 monero usage is banned in some places in the world, so hopping on to the private by defaul clearnet network in those places and you're on a list :( 18:05:21 facebook is something i have not considered, but would be a game changer. i think 2 meetings and a live brainstorming session would get it done 18:06:23 should ssl support for p2p be on our roadmap? is it a big deal jeffro256 18:06:32 Yes, without modifications to the current `monerod`, IIUC, blocking packages starting with the "epee storage format header" would stop all block propagations 18:07:01 Using Tor or i2p could mitigae this if you were able to get around the ISPs restrictions 18:11:40 wonder if there are any cryptos that does obfuscation for all of their traffic 🤔 18:15:24 We should probably add a page in website/docs with all Monero security audits/analyses, even the wallet 18:16:56 idk if the wallet had any security audit btw 18:28:20 afaik no 18:28:33 however there's hidden mode 18:28:49 it automatically activates in certain countries 18:29:12 https://geti2p.net/sv/about/restrictive-countries 18:30:17 https://geti2p.net/en/about/restrictive-countries 18:32:13 I see it as an opportunity for Monero to innovate! 18:32:46 i think out of scope from our work 18:32:53 i think its out of scope from our work 18:33:51 why? 18:37:07 rando (spoiler: I researched it for potentially integrating it into cuprate) network traffic obfuscation is extremely hard todo and the general benefits of such approach only applies to users behind authoritarian states, where it would be technically (and privacy-wise) beneficial to use an external network obfuscation tool 18:38:26 It's not impossible. But it is very hard to get right 18:39:27 if your goal is to hide your monero node activity from your ISP/Gov, a simple Wireguard over TLS or V2Ray would do the trick just fine 18:40:22 also Tor only 18:47:59 I agree. Even if you can make monerod's traffic stream look like regular web traffic, you are still connecting to IPs/ports that are known to be part of the Monero network. The network is permissionless. Honest nodes need to be able to find each other. An adversary can find other nodes' IP/port with the same method that honest nodes can. 18:49:55 There may be ways to defend against certain adversaries, but it needs a lot of research. Other anonymity networks have similar problems. Probably Monero could learn from them. 18:50:59 I initially made a draft for enabling a mitigation to active probing by forcing nodes to exchange informations signed by the peers themselves. A node would have needed a known neighbor nodes to ask the target node to sign the request so that the target node accept this connection. Otherwise just drop it. But it just force adversaries to slowly build up the network graph, nothing to useful. 18:52:45 ok, thx 18:55:30 updated the tutorial 19:00:05 for p2p traffic over i2p 19:16:51 Technically cant work like that 19:17:26 then what's the purpose of i2pzero tutorial? 19:18:10 it sets up anonymous-inbound on a different port 19:19:33 what about outbound? 19:20:18 do you mean this ``Monero nodes cannot sync the blockchain over Tor or I2P, but the node can broadcast transactions and let users connect over these anonymizing networks.`` ? 19:20:23 do you mean this `Monero nodes cannot sync the blockchain over Tor or I2P, but the node can broadcast transactions and let users connect over these anonymizing networks.` ? 19:20:30 -tx-proxy=i2p,127.0.0.1:4447[,][,disable_noise] 19:22:59 --anonymous-inbound=your.b32.i2p,127.0.0.1:18085[,] 20:09:10 done 20:09:22 but we need to solve docs site issue 20:12:40 but first we need to solve docs site issue 20:41:55 <3​21bob321:monero.social> ? 20:45:22 migrating documentation page to somewhere else 20:45:29 getmonero.dev or docs.getmonero.org 20:57:17 that's easy. docs.getmonero.org ofc 20:57:36 A community owned and run project, not magicgrants thing 20:58:11 github credits will be displayed at the bottom of each page 21:00:47 stalking privacyguides? 21:01:02 Nope 21:01:35 Why do you ask? 21:04:29 privacyguides credits every individual that wrote the page 21:04:49 and different credits for different pages 21:04:58 Its an mkdocs plugin 21:05:20 clipboard.png 21:05:34 free or requires insiders? 21:05:35 Plowsof posted example here previously 21:05:43 Erm,. In Monero Docs 21:05:49 Free 21:13:09 <3​21bob321:monero.social> 999xmr 21:13:16 <3​21bob321:monero.social> Under threshold 21:13:41 CCS have the funds for that 21:13:47 best investment 22:32:55 @ofrnxmr:xmr.mx the i2pd tutorial may have licensing issue 🤔 22:33:16 > CC-BY-SA 4.0, Maintained by the PurpleI2P team 22:33:37 so if we reuse the content we will have to attribute 22:34:50 mkdocs has github author plugin, and github contributor one 22:35:18 if "PurpleI2P" need to be an author, then --amend the author on a commit 🤷 22:36:59 No we dont 22:37:01 Its your content 22:37:35 until PR gets merged 22:37:44 Open pr on monero-docs 😂 22:37:45 We'll merge first 22:37:53 yep thats what i meant 22:40:01 CC0 also can work 22:40:15 monero-docs is mit 22:42:40 mit is for software 22:42:48 creative commons for the content 22:45:15 i guess docs content should be CC then 🤔🤷 22:46:48 so confusing tbh 22:47:25 <3​21bob321:monero.social> Well mkdocs is software 22:47:44 does mit license include the content in the site? 22:47:47 <3​21bob321:monero.social> ©️monero community fund 22:48:11 <3​21bob321:monero.social> I’d say the copyright does 22:48:35 <3​21bob321:monero.social> Licence for software and copyright for content 22:53:17 <3​21bob321:monero.social> So like magic grants they copyright there content 22:53:41 great but where is monerodocs' copyright for the content? it doesnt have https://github.com/monerodocs/md 22:54:17 most likely unintentional 23:01:44 related https://opensource.stackexchange.com/questions/6110/is-there-any-particular-reason-to-license-docs-with-cc-by-4-0-rather-than-mit 23:03:12 using cc for content does not change anything , its what we think MIT is .. its what monero observer is licensed under so people display their content embedded on other sites, but attribute it 23:04:35 does getmonero have a license for the content 23:05:22 apparently CC https://monero.stackexchange.com/questions/2266/why-is-getmonero-org-copyrighted-with-a-cc-by-3-0-license 23:07:53 https://www.getmonero.org/legal/ yes cc 23:09:00 docs dot getmonero will fall under that umbrella automagically 23:09:27 and BSD-3 for the software 23:10:33 https://matrix.monero.social/_matrix/media/v1/download/monero.social/ztIPKZPkUytAbDrRdBRGwlHM 23:11:24 https://github.com/squidfunk/mkdocs-material/tree/master (theme) MIT , https://github.com/mkdocs/mkdocs BSD-2 23:12:23 we dont control the software licenses, only the content (for docs specifically then.. but i know nothing about copyrights) 23:12:49 Monero Docs 23:12:54 I don’t want to choose a license. [Here’s what happens if you don’t](https://choosealicense.com/no-permission/) 23:12:55 > When you make a creative work (which includes code), the work is under exclusive copyright by default. Unless you include a license that specifies otherwise... Once the work has other contributors (each a copyright holder), “nobody” starts including you. 23:12:57 Were in the wrong room 23:12:59 😂 23:13:02 Mb's gonna whack us 23:14:42 > If you find software that doesn’t have a license, that generally means you have no permission from the creators of the software to use, modify, or share the software. Although a code host such as GitHub may allow you to view and fork the code, this does not imply that you are permitted to use, modify, or share the software for any purpose. 23:14:53 lol thats fucked up actually... 23:14:57 on topic then: on the legal page, read the privacy policy 23:15:17 what we use data for 23:15:30 dead links are auto detected apparently.. stats also (not) 23:15:39 no permission != its free 23:15:45 https://github.com/monero-project/monero-site/blob/master/README.md#L341 23:16:02 Are we sure monero-site is cc? It looks like its confused too 23:17:06 https://github.com/monero-project/monero-site/blob/master/legal%2Findex.md 23:17:07 here we go 23:17:34 Sorry plow, you already posted the "legal" page 23:17:45 CC BY-SA 4.0 for the content 23:17:47 BSD-3 for the software/code 23:28:26 <3​21bob321:monero.social> Monero legal department plz look into 23:33:28 we had something like this afaik 23:33:33 which room was that