I2P doesn’t have exit nodes. Once you load content from outside the network, that won’t be via I2P, only chance is to get it directly via another connection. For example your default internet connection. So either the browser or operating system is configured to block that. Or you’ll leak your IP.
Then you didn’t have ‘Safest’ mode enabled
Yeah, that’s why I said, use a dedicated browser for that. Something preconfigured to not allow any of that.
Yet better: Use Tails like recommended by Snowden.
Those are called bugs and they do happen […]
I’m not so sure about this… Is “safest” mode really all you need? And does it reliably deal with 100% of the attack vectors? Last time I tried it wasn’t too good for example against browser fingerprinting (which doesn’t reveal an IP, but might be bad as well). And there’s a million ways from WebRTC, to trying to get the IPv6 address if all you did is configure an IPv4 proxy, DNS leaks, browser plugins, the webfont system does a lot of weird things, all the things done to do multimedia are very complex and might offer side-channels, I recently learned how to extract some information with CSS alone, no JS needed… Does “safest” really do a 100% job? I mean what I’ve done until now is to discourage people to mess with their browser settings themselves because it’s (a) easy to make mistakes or miss something, and (b) I wasn’t sure if that setting even does all the heavy-lifting without going into detail with all the other changes for example TOR browser bundle has?!
I’d need to look it up but I think there’s a lot of opportunity without resorting to 0-days.
EDIT […]
Yeah, I think that’s why good (and easy to use) pron sites you’d “recommend to people” aren’t really a thing on there.
And there’s the other thing that horny people might just click “allow” on something, because their brain is currently not in logical thinking mode.
Yeah, we’re on the same page (and probably approximate darknet-fu level)
people might just click “allow” on something
They do this even while not hind-brain-horny. Which is why defense in depth is good. From the network to the browser to the OS to the firmware to the hardware. Amen.
Now that OP is inactive, I can also spoil the surprise: My link further up was Rick Astley singing: Never Gonna Give You Up.
It’s safe to click. I just figured since OP isn’t listening to answers, I’ll give them some video to learn -hands-on- about videos on the Darknet.
If someone had clicked the link, they’d get the opportunity to learn how fast or slow a video loads. And how it (likely) first requires the user to lift some security measures or videos won’t load at all. (At least my browser does, there’s no JS and then NoScript also complains about the media file.)
We and other people in the comments pointed that out in the proceeding conversation. But nobody clicked the link anyway. I always have the feeling the groups of Threadiverse users and people with the capacity to surf the Darknet are pretty much disjoint groups. But it’s really nice to once and again talk to someone with some more knowledge and/or first hand experience. 👍
They’d need a browser that speaks I2P, which means they’re already into this stuff 😀
someone with some more knowledge and/or first hand experience
WTF is wrong with people, where do they get their drugs? On the street? Use the darknet where there are product reviews!
I honestly do not understand why high school IT courses do not include at least 1-2 days to cover Tor, visit say BBC and DDG and understand why someone might want to use Tor for these sites (both as user and operator)
Seriously everyone should just watch the relevant Computerphile vids ; they’re very good
I think we’re somewhat on the same page here.
I2P doesn’t have exit nodes. Once you load content from outside the network, that won’t be via I2P, only chance is to get it directly via another connection. For example your default internet connection. So either the browser or operating system is configured to block that. Or you’ll leak your IP.
Yeah, that’s why I said, use a dedicated browser for that. Something preconfigured to not allow any of that.
Yet better: Use Tails like recommended by Snowden.
I’m not so sure about this… Is “safest” mode really all you need? And does it reliably deal with 100% of the attack vectors? Last time I tried it wasn’t too good for example against browser fingerprinting (which doesn’t reveal an IP, but might be bad as well). And there’s a million ways from WebRTC, to trying to get the IPv6 address if all you did is configure an IPv4 proxy, DNS leaks, browser plugins, the webfont system does a lot of weird things, all the things done to do multimedia are very complex and might offer side-channels, I recently learned how to extract some information with CSS alone, no JS needed… Does “safest” really do a 100% job? I mean what I’ve done until now is to discourage people to mess with their browser settings themselves because it’s (a) easy to make mistakes or miss something, and (b) I wasn’t sure if that setting even does all the heavy-lifting without going into detail with all the other changes for example TOR browser bundle has?!
I’d need to look it up but I think there’s a lot of opportunity without resorting to 0-days.
Yeah, I think that’s why good (and easy to use) pron sites you’d “recommend to people” aren’t really a thing on there.
And there’s the other thing that horny people might just click “allow” on something, because their brain is currently not in logical thinking mode.
Yeah, we’re on the same page (and probably approximate darknet-fu level)
They do this even while not hind-brain-horny. Which is why defense in depth is good. From the network to the browser to the OS to the firmware to the hardware. Amen.
Thanks for the nice conversation.
Now that OP is inactive, I can also spoil the surprise: My link further up was Rick Astley singing: Never Gonna Give You Up.
It’s safe to click. I just figured since OP isn’t listening to answers, I’ll give them some video to learn -hands-on- about videos on the Darknet.
If someone had clicked the link, they’d get the opportunity to learn how fast or slow a video loads. And how it (likely) first requires the user to lift some security measures or videos won’t load at all. (At least my browser does, there’s no JS and then NoScript also complains about the media file.)
We and other people in the comments pointed that out in the proceeding conversation. But nobody clicked the link anyway. I always have the feeling the groups of Threadiverse users and people with the capacity to surf the Darknet are pretty much disjoint groups. But it’s really nice to once and again talk to someone with some more knowledge and/or first hand experience. 👍
They’d need a browser that speaks I2P, which means they’re already into this stuff 😀
WTF is wrong with people, where do they get their drugs? On the street? Use the darknet where there are product reviews!
I honestly do not understand why high school IT courses do not include at least 1-2 days to cover Tor, visit say BBC and DDG and understand why someone might want to use Tor for these sites (both as user and operator)
Seriously everyone should just watch the relevant Computerphile vids ; they’re very good