xabadak

joined 1 year ago
sorted by: new top controversial old
self-hosted i2p+qbittorrent beginner quickstart in c/piracy@lemmy.dbzer0.com
[–] xabadak@lemmings.world 3 points 3 weeks ago

It's also slower simply because it's basically a bunch of VPNs running on consumer hardware. Actual VPN providers can provide big powerful servers. This is why I think torrenting is a great fit for the slower speeds of I2P - waiting a little longer for a download is bearable, as opposed to waiting for a webpage to load.

What are your highest seeding ratios? in c/piracy@lemmy.dbzer0.com
[–] xabadak@lemmings.world 2 points 3 weeks ago* (last edited 3 weeks ago)

I can get 1 MB/s, but honestly 200 KB/s is fast enough for me, I just wait a few hours to torrent an entire show. In terms of content most of the show I want to watch are uploaded to Postman tracker

self-hosted i2p+qbittorrent beginner quickstart in c/piracy@lemmy.dbzer0.com
[–] xabadak@lemmings.world 1 points 3 weeks ago

You could just install the i2pd windows client, and then configure it to enable "SAM". You could use the i2pd.conf file in my repo as a reference, just make sure to use 127.0.0.1 instead of 0.0.0.0 so that only applications running on your computer would be able to access i2pd (0.0.0.0 is only needed for docker). Then you would configure your browser and qbittorrent the same way detailed in my repo, except make sure to enable "mixed" mode so that your torrents are seeding over both clearnet and I2P. Lastly, even though you'll be seeding your torrents over I2P, nobody will be able to find them unless you post them to an I2P tracker like Postman. I don't know how to submit torrents to Postman so you're on your own for that one

self-hosted i2p+qbittorrent beginner quickstart in c/piracy@lemmy.dbzer0.com
[–] xabadak@lemmings.world 1 points 3 weeks ago (1 children)

You're right I was thinking about it incorrectly. But I2P peers can only reach other I2P peers though right?

self-hosted i2p+qbittorrent beginner quickstart in c/selfhosted@lemmy.world
[–] xabadak@lemmings.world 6 points 3 weeks ago

This was mentioned in the other thread but I should probably mention it here as well. Unlike with TOR, in I2P every user is also expected to be a router. I think this is great and helps encourage decentralization, scaling, and DDoS resistance. Techlore mentioned something similar in one of his videos (but I can't find it right now). However, this does mean that you never really know what traffic is going through your router. It's all encrypted, but some users may still have concerns with that. I wrote my own opinions on this topic in that same comment thread.

self-hosted i2p+qbittorrent beginner quickstart in c/piracy@lemmy.dbzer0.com
[–] xabadak@lemmings.world 5 points 3 weeks ago (2 children)

Thanks for the info, I would not claim to be an expert about I2P so some of this is definitely new to me. Though I think the situation has improved quite a bit.

Complex configuration process: It necessitates a drawn-out installation procedure and specific browser settings.

If you just want I2P without the torrenting, you can use the official I2P router, which is just an HTTP proxy that runs on your PC, just like Tor. The 3rd-party router used in my guide, i2pd, has a Flatpak as well. So as far as installing the router goes, it's a few clicks. You are correct that it does require configuring the browser though, you are correct. This is explained in my guide and also on the official website. Not as easy as clicking an "Install" button, but only takes around 5 minutes. I wish there were an official I2P browser like the Tor browser though.

Must-have logging: The I2P user interface must be logged in for users to access their material.

Not sure what you mean by this. I've never had to log into anything to set up I2P.

Severe vulnerabilities

I have no doubt. But Tor has had many vulnerabilities too. Both have gotten much better over time.

A much tiner user base than TOR: As a result, I2P has fewer network nodes and servers and is more open to intrusions.

Definitely true. In fact it makes me suspicious how fast TOR is despite how many users there are, and how the relatively high requirements to be a relay (not to mention an exit node). AFAIK TOR is heavily reliant on rich and generous patrons, which makes me wonder about the motives of these patrons. I believe I2P has the potential to be much more decentralized, since every user is expected to also be a router, and Techlore has also raised this point (though I don't have the video on me right now).

Less anonymity when browsing indexed sites: I2P does not ensure that users’ browsing of indexed sites is completely anonymous. The use of VPN services may be able to address this issue.

I didn't know this. What are indexed sites?

What are your highest seeding ratios? in c/piracy@lemmy.dbzer0.com
[–] xabadak@lemmings.world 11 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

are you seeding AI datasets?

What are your highest seeding ratios? in c/piracy@lemmy.dbzer0.com
[–] xabadak@lemmings.world 6 points 3 weeks ago (3 children)

If you're willing to take the time to learn a bit of podman/docker, you should check out my recent post on I2P torrenting. There's no problems with port forwarding on the I2P network. There are other ways to torrent over I2P without podman/docker too, you'll just have to research them yourself

self-hosted i2p+qbittorrent beginner quickstart in c/piracy@lemmy.dbzer0.com
[–] xabadak@lemmings.world 2 points 3 weeks ago

I probably should have mentioned this in the post, but don't forget you can run this on desktop too! All Fedora-based distros (Kinoite, Bazzite, etc) have Podman pre-installed. You just need to install podman-compose/docker-compose. If you're on an atomic distro you'll have to layer, or use a distrobox (either install podman-compose and use host podman or just install both podman and podman-compose inside a distrobox), or convert the compose file into individual Podman commands like podman network create --internal ... and podman run ..., but it's definitely doable in an hour or so.

67
self-hosted i2p+qbittorrent beginner quickstart (codeberg.org)
 

cross-posted from: https://lemmings.world/post/29678617

Thought I would share my simple docker/podman setup for torrenting over I2P. It's just 2 files, a compose file and a config file, along with an in-depth explanation, available at my repo https://codeberg.org/xabadak/podman-i2p-qbittorrent. And it comes with a built-in "kill-switch" to prevent traffic leaking out to the clearnet. But for the uninitiated, some may be wondering:

What is I2P and why should I care?

For a p2p system like bittorrent, for two peers to connect to each other, at least one side needs to have their ports open. If one side uses a VPN, their provider needs to support "port forwarding" in order for them to have their ports open (assuming everything else is configured properly). If you have ever tried to download a torrent with seeders available, yet failed to connect to any of them, your ports are probably not open. And with regulators cracking down on VPNs and forcing providers like Mullvad to shut down port forwarding, torrenting over the clearnet is becoming more and more difficult.

The I2P network doesn't have these issues. The I2P is an alternative internet network where all users are anonymous by default. So you don't need a VPN to hide your activity from your ISP. You don't need port-forwarding either, all peers can reach each other. And if you do happen to run a VPN on your PC, that's fine too - I2P will work just the same. So if you're turning your VPN on and off all the time, you can keep I2P running throughout, and continue downloading/uploading.

I2P eliminates all the complications and worries about seeding, making it easy for beginners to contribute to the network. I2P also makes downloading easier, since all peers are always reachable. And it's more decentralized too, since users don't need to rely on VPN providers. And of course, it's free and open source!

A fair warning though, I2P is restricted in some countries. And in terms of torrenting specifically, torrents have to explicitly support I2P. You can't just take any clearnet torrent and expect it to work on I2P. And the speeds are generally lower since there are less seeders, and the built-in anonymity has a cost as well. However I've been surprised at the amount of content on the I2P network, and I've been able to reach 1 MB/s download speeds. It's more than good enough for me, and it will only get better the more people join, so I hope this repo is enough for people to get started.

123
self-hosted i2p+qbittorrent beginner quickstart (codeberg.org)
submitted 4 weeks ago* (last edited 4 weeks ago) by xabadak@lemmings.world to c/piracy@lemmy.dbzer0.com
12 comments fedilink
 

Thought I would share my simple docker/podman setup for torrenting over I2P. It's just 2 files, a compose file and a config file, along with an in-depth explanation, available at my repo https://codeberg.org/xabadak/podman-i2p-qbittorrent. And it comes with a built-in "kill-switch" to prevent traffic leaking out to the clearnet. But for the uninitiated, some may be wondering:

What is I2P and why should I care?

For a p2p system like bittorrent, for two peers to connect to each other, at least one side needs to have their ports open. If one side uses a VPN, their provider needs to support "port forwarding" in order for them to have their ports open (assuming everything else is configured properly). If you have ever tried to download a torrent with seeders available, yet failed to connect to any of them, your ports are probably not open. And with regulators cracking down on VPNs and forcing providers like Mullvad to shut down port forwarding, torrenting over the clearnet is becoming more and more difficult.

The I2P network doesn't have these issues. The I2P is an alternative internet network where all users are anonymous by default. So you don't need a VPN to hide your activity from your ISP. You don't need port-forwarding either, all peers can reach each other. And if you do happen to run a VPN on your PC, that's fine too - I2P will work just the same. So if you're turning your VPN on and off all the time, you can keep I2P running throughout, and continue downloading/uploading.

I2P eliminates all the complications and worries about seeding, making it easy for beginners to contribute to the network. I2P also makes downloading easier, since all peers are always reachable. And it's more decentralized too, since users don't need to rely on VPN providers. And of course, it's free and open source!

A fair warning though, I2P is restricted in some countries. And in terms of torrenting specifically, torrents have to explicitly support I2P. You can't just take any clearnet torrent and expect it to work on I2P. And the speeds are generally lower since there are less seeders, and the built-in anonymity has a cost as well. However I've been surprised at the amount of content on the I2P network, and I've been able to reach 1 MB/s download speeds. It's more than good enough for me, and it will only get better the more people join, so I hope this repo is enough for people to get started.

Novel attack against virtually all VPN apps neuters their entire purpose in c/technology@lemmy.world
[–] xabadak@lemmings.world 1 points 1 year ago

No worries, and thanks for providing a response nonetheless. I'll look into your suggestion when I have the time. The official Wireguard website also had some guide on network namespaces here but afaik it didn't explain how to set it up persistently

addressing misconceptions about the recent TunnelVision vulnerability in c/privacy@lemmy.ml
[–] xabadak@lemmings.world 3 points 1 year ago

So it's really that simple...I can see why there are security issues 😅

addressing misconceptions about the recent TunnelVision vulnerability in c/privacy@lemmy.ml
[–] xabadak@lemmings.world 3 points 1 year ago* (last edited 1 year ago)

Great write-up, I've been looking for something like this. I've heard of vopono and eznetns before but not namespaced-openvpn, and this is the first post I've seen where somebody details how they use a tool like this, so thanks! I'll have to try setting it up some time.

85
addressing misconceptions about the recent TunnelVision vulnerability (lemmings.world)
submitted 1 year ago* (last edited 1 year ago) by xabadak@lemmings.world to c/privacy@lemmy.ml
19 comments fedilink
 

I've been seeing a lot of confusion around the TunnelVision vulnerability. While I'm no expert, I've done a fair share of research and I'll edit this post with corrections if needed. The goal of this post is to answer the question: does this affect me?

Two sentence summary of the vulnerability

When you use a commercial VPN like Mullvad or NordVPN, the VPN client tells your system to redirect all traffic through the VPN. This recent vulnerability shows that a malicious device on the network can trick your system into redirecting traffic to their device instead.

Claim: just don't connect to hostile networks!

This is hard in practice. For most people, the only "trusted" networks are your home network and your workplace. So you still have to worry about coffee shops, airports, hotels, restaurants, etc. And if you are using cellular data, the cellular tower can perform this attack to snoop on your traffic.

Claim: but I trust the hotel owner, restaurant owner, etc

This attack allows any device on the network to impersonate a DHCP server and attack your system, not just the router. And while there are router settings that can prevent devices on the network from talking to each other, afaik they are rarely used. So even if you trust the owner of the cafe, you have to also trust everybody else in the cafe.

Claim: if you use HTTPS you are safe!

If the attacker redirects traffic to their machine, then even if you use HTTPS, the attacker can still see what websites you connect to, they just can't see what you are sending or receiving. So basically they can steal your browsing history, which defeats the purpose of a commercial VPN for many users.

Claim: Linux users are safe!

Not quite. The report says that Linux has a feature that is able to fully defend against this vulnerability, called network namespaces. So if your VPN uses that, congratulations. Afaik most VPNs do not use this, and instead use a kill-switch or a firewall. In which case Linux, Mac, and Windows users are all affected the same way, and I go into it more in the next claim.

Claim: if you use a kill-switch you are safe!

The term "kill switch" gets thrown around a lot but there's actually two major ways that a kill-switch can be implemented. The first way is a more literal "kill switch" - when the VPN connection drops, the kill switch is triggered and blocks leaks. The other way is a persistent firewall, which blocks leaks all the time.

If your VPN client uses the first kind, then bad news, it won't protect you against this attack. This is because the VPN connection is never dropped, so the kill switch is never triggered. NordVPN was caught using this poor practice, to nobody's surprise (more info here).

If your VPN uses the second kind, then you should be safe. For example, Mullvad published a statement about how they are not vulnerable here. I would hope that any competent VPN would also use a persistent firewall, but if your VPN provider hasn't published a statement yet, unfortunately your only other option is to inspect the VPN client yourself.

That being said, even if your VPN uses a persistent firewall, you may have read in the report that there's a "side-channel" attack still possible...

Claim: even if you use a firewall, there's a side-channel attack

This is true, but from what I read the side-channel is actually very hard to pull off and gain any useful information from. You can read some discussion about it here. My takeaway is that if you're a regular user, you don't have to worry about it. But we should still push VPN providers and network engineers to use network namespaces in their applications, since they are more resistant to these kinds of attacks.

Claim: you shouldn't trust commercial VPN providers anyways

This is not really about the vulnerability but I've seen it a lot in the discussions. I think it's a mischaracterization of why people use VPNs. If you are using the internet, somebody has to send that traffic to your destination. The three major options are your ISP, a VPN provider, or Tor. Depending on your location and your circumstances, you will trust these three differently. In the EU, ISPs are not allowed to sell data. In the US, ISPs are allowed to, and have been caught doing so. VPNs can sell data too but they risk losing their entire business. Tor is much harder to judge, but the bigger issue with Tor is that many websites block it.

Further reading:

50
sharing my simple wireguard kill-switch for Linux (lemmings.world)
 

cross-posted from: https://lemmings.world/post/8926396

In light of the recent TunnelVision vulnerability I wanted to share a simple firewall that I wrote for wireguard VPNs.

https://codeberg.org/xabadak/wg-lockdown

If you use a fancy official VPN client from Mullvad, PIA, etc, you won't need this since most clients already have a kill switch built in (also called Lockdown Mode in Mullvad). This is if you use a barebones wireguard VPN like me, or if your VPN client has a poorly-designed kill switch (like NordVPN, more info here).

A firewall should mitigate the vulnerability, though it does create a side-channel that can be exploited in extremely unlikely circumstances, so a better solution would be to use network namespaces (more info here). Unfortunately I'm a noob and I couldn't find any scripts or tools to do it that way.

70
sharing my simple wireguard kill-switch for Linux (lemmings.world)
 

In light of the recent TunnelVision vulnerability I wanted to share a simple firewall that I wrote for wireguard VPNs.

https://codeberg.org/xabadak/wg-lockdown

If you use a fancy official VPN client from Mullvad, PIA, etc, you won't need this since most clients already have a kill switch built in (also called Lockdown Mode in Mullvad). This is if you use a barebones wireguard VPN like me, or if your VPN client has a poorly-designed kill switch (like NordVPN, more info here).

A firewall should mitigate the vulnerability, though it does create a side-channel that can be exploited in extremely unlikely circumstances, so a better solution would be to use network namespaces (more info here). Unfortunately I'm a noob and I couldn't find any scripts or tools to do it that way.

view more: next ›