ITT we design the a successor to Tor. I'll start.>Probabilistic routing using something like Dandelion++>Decoy packets sent from each hop to other nodes in the network
>>107115599What happened to Loki?
>>107115645to what?
>>107115660Lokinet, have you never heard of it? Some anons here were shilling it as an alternative (or successor like you say) to Tor, long long time ago...https://lokinet.org/Is it still relevant?
>>107115599I'll add>Node connections should talk to each other using HTTPS or a HTTPS-mimicking TLS tunnel, to conceal the fact that the node user is using the network. The node's public key may be used to encrypt the packet in lieu of a CA cert.
Blockchain based incentives for node operation. Oh someone already invented that?
>>107115703It's a blockchain, and at the same time an overlaynet? It's a bit weird. They also do not give mamy details about the protocol.
>>107115739Sounds like a pyramid scheme and/or pump and dump
>>107115708>TLShow about no? conceal it inside webrtc and mimic a voice/video call. a lot more plausible.
>>107115800Maybe but the low bandwidth would be strange for a call, and webrtc is nit encrypted. How is tls not plausible?
>>107115599Tor still is phenomanal idk what has been with the fear lately
>>107115599>have a bunch of anons go to McDonalds and places with public wifi>install a secret raspberry pi under the tables that connects to the wifi and acts as an exit node>use mesh networking to link a bunch of these setups together>IP rangeban India and Israel from the network because jews and Indian Hindu rape rats are the cause of 99% of the abuse and problems on the internet>now humans have an unblockable way to post on 4chan and other sites, without being blockable
>>107115860Pretty sure the overall problem is contained to the browser, not the protocol per se, or at least thats what I understand based on most replies here
i was working on email over dash7
>>107115860Its security model is outdated nowadays because glowies can just get a list of what IPs someone is talking to in real time, and statistical analysis can deanonimize a user or hidden service quickly. Even the tor devs recommend short-lived connections and switching hidden service locations often now. And there have been a lot of deep web market busts lately.
>>107115840>webrtc is nit encryptedlook it up right now, ill wait.
>>107115599To access it, we would create a very simple browser, no javascript and no modern complicated css. Because the more simple, the less problems, the less exploits are possible too. It runs in a sandbox anyway and it doesn't communicates any info about the user, at all, not even the language or OS or anything.Big question: how would we keep the glowies from continually spamming CP everywhere to scare everybody away and kill the network like they did to Tor?
>>107115881>install a secret raspberry pi under the tables that connects to the wifi and acts as an exit nodePowered by what, numbnuts?
>>107115905According to https://blog.mozilla.org/webrtc/end-to-end-encrypt-webrtc-in-all-browsers/ webrtc is encrypted because it's wrapped in DTLS. But DTLS is a less common protocol, and would be stranger to see constant DTLS data flowing. Calls are short-lived, after all. So why not use the more common TLS? It would be just like any other traffic.
>>107115907Why not just using it through a SOCKS proxy, like tor? It would allow routing any application through the network.
>>107115881So many Africans on the internet? It's weird how much they are discreet, we don't see them anywhere. They don't spam all websites with dumb questions, they don't fill youtube with billions of shit videos in their language, they don't scam, they don't go to github to replace two words in a text and call themselves coders... It's only Rajeeshit Sheetinastrit's who do all these things.
Bonus challenge: how do you keep hidden service addresses and public keys small, while using post-quantum cryptography (so no curve25519 allowed)?
>>107115941>low bandwidthvideo calls? low bandwidth?>Calls are short-livedpeople talk for hours>DTLS is a less common protocolany web browser can talk webrtc, it is ubiquitous. blending in with it would be best bet.>why not use the more common TLSah yes, residential ips suddenly start hosting https websites, that's not sus at all
>>107115907>how would we keep the glowies from continually spamming CP everywhereIf this strategy worked then the software would be flawed.
>>107116000you can impersonate the SNI to a popular hostname like google.com or update.microsoft.com so that the connection seems legit and outgoing. Not even the great firewall of china detects if a certain IP is really the host of a hostname.>>107116000>people talk for hours24h/day?
>>107116026What modern VPN-ban evasion software does is it connects to a IP you control and negotiates a TLS connection but with the certificate of the wrong site. It completes the handshake, ignoring that the certificate is invalid for the site (so firewalls and detection software see it's a cert of facebook.com or whatever) and then in that connection, does the real TLS handshake with a real cert (you know so you're not running unencrypted connections) and then tunnels traffic through that. It's pretty nifty.
>>107116026>24h/day?sure, why not.and to stay on topic, this is supposed to be an overlay network to surpass tor, so connections could be built up and torn down as needed.
>>107116065can this be blocked?
>>107116086In theory I suppose the inspection software could do a DNS lookup of the domains on the cert, but if it's a wildcard cert, there's literally no way they could verify that the IP the connection is going to isn't owned by facebook without cooperating with the owner of the IP (the real owner, the ISP)
>>107116075I'm not too convinced, or else vpns in china and turkmenistan would be routing everything through webrtc. Then why not let the user decide what protocol to use for his node? Like tor's pluggable transports, some users will see tls better, others maybe webrtc, others maybe websockets
>>107115599My dream is something similar to tor but a 5+ hop network instead of the usual 3 and on top every single request leaving any given non relay client initiates two to five decoy requests with randomized delay between requests, padding, destination, etc on top of the real wanted connection, similar to moneros ring system.Would it waste a loooot of resources and be difficult to incentivize people to run relays and exit nodes? Fuck yes, but just imagine anyone trying to unfuck anything within that network when at any given time anywhere between 50-83% of all requests are noise indistinguishable from the real target connection. Scale up to your desired level of glownigger suicide rate but 2-5 decoys should already drive most into suicide.
>>107116026le great firewall of Xina is also thwarted by the terribly complicated and novel IPv6
>>107115896Can't you, as a user, mitigate the correlation thing somewhat by having a lot of separate Tor streams going at once?For example, having YouTube open in one tab, having a download going over Tor, having a web scraper running through Tor, all while doing your darknet browsing can make it harder to correlate the packets going to your entry guards with the packets reaching their destinations. Right? Also, if more people use Tor, it's supposedly harder to track or something.
>>107116128I've heard roaming via 5g is also completly exempt from the firewall.
>>107116169I think the tor circuit used is the same for all connections in a session. For hidden services, there are an additional 3 unknown bounces, but for clearnet the same circuit of 3 nodes is used. Don't think that would be very useful.>Also, if more people use Tor, it's supposedly harder to track or something.If more people run relay nodes.
>>107116122i think tor doesn't use webrtc because if you opt for unreliable transport then it needs to do tcp on top of it again (tor does reliable full duplex). and for cases where nat can't be punctured webrtc opts for relays. webrtc might be more like i2p i suppose.
>>107116124I'm an absolute networking retard someone explain to me why this wouldn't work please because it sounds way too good to me?>inb4 latencyNo one cares. Latency only matters for vaporware (muh teledildonics 6G wireless self driving knee robot operations) or gaming and neither needs anonymity.
>>107116206>teledildonics 6G wireless self driving knee robot operationskek
>>107115739mysterium vpn is kind of like this
>>107116198The Tor browser uses a separate circuit for each domain. If you use Whonix, it uses stream isolation so that each application gets its own circuit. These circuits are switched out regularly. But, a properly configured Tor instance will use the same 3 entry guards for a period of 6 months at a time, or something like that. So all circuits will use the same set of 3 entry relays.
>>107116227>But, a properly configured Tor instance will use the same 3 entry guards for a period of 6 months at a time, or something like that. So all circuits will use the same set of 3 entry relays.Why is this by default? Seems like a security nightmare. Circuit switching should probably be done every 10 minutes or less.
>>107115599I'll make the logo.To be honest, the greatest hidden network is public (like in the clear net but not in front of everybody) and non-suspicious. It's like sitting on a public park speaking to your friend about casual stuff while it's an encrypted language, in contrast of using something like tor, you'd be like someone dressed in all black with an anonymous mask speaking gibberish and constantly looking around.The first rule is to not ever be suspicious and blend with the masses, the second is to not leak data, and the third is to never forget the two rules.And remember that everything is backdoored by design.
>>107116288The middle and exit relays are switched frequently as you said, but guard nodes are supposed to be more trusted relays, and users stick with them for a long period of time because the idea is that if they switch guard nodes more frequently, it's more likely for them to get a compromised one which will allow their traffic to be deanonymized. Someone who's trying to deanonymize a specific user would benefit by having you switch your guard more regularly - they need to monitor both your guard and your exit node to do an end to end traffic correlation... if your guard isn't in their control, they're just fucked (and vice versa, I guess)
>>107115896>statistical analysis can deanonimize a user or hidden service quicklyIs that why all successful deanonymization ops involved LEAs and ISPs continuously logging specific users and onion services for several months?
>>107115599>>Decoy packets sent from each hop to other nodes in the networkthat sounds like it wont scale
>>107115599i2p already exists
>>107116385why not. Everyone has gbit nowadays
A Fren of mine suggested a better solution for than decoy packages.Send a constant stream of packages between nodes, filled with random data. Always constant, always random noise."Real" Data is inserted encrypted and replace some packages. That has some nice privacy properties
>>107116385i thought of a theoretical system where it could
>>107116500how do you tell them apart
>>107116510>>107116476would the decoy packets trigger decoy packets?
>>107116550That's the neat thing: You don't!No for real some encrupted internal control flow protocol and nodes just drop the fake ones.
>>107116560why would i want it to cascade
>>107116560Some do. The nodes should not know whether they are routing a decoy or a real data packet
>>107116578who sends the decoy packets and what triggers them to be sent?
>>107116573if the nodes know what packets are fake so they can drop them, anyone knows defeating the purpose
>>107116591how is that a question
>>107116591The initial node, your client, selects 36 nodes and creates the routing table, each node only sees their own chunk
