Transport Layer/Network Privacy Issues

Apologies if this is in the wrong section, it seemed to be the closest fit for this.

Incognito seems to be a great platform so far and I plan on building something on top of it in the near future, those plans are best kept for their own post though.

I have two major concerns about the current setup of Incognito and want to know if there are any plans to rectify the current issues.

It seems that currently, a good amount of the network is reliant on the incognito.org domain, though given the current client-node architecture this might just be due to a lack of other reliable full nodes.

There is also the usage of Cloudflare, all network traffic passed through Cloudflare is visible to them. They’re essentially perform a MITM attack in the name of providing “security” to the service behind it. This also creates a central point of failure where Cloudflare has the ability to kill off nearly all usability of Incognito in seconds on top of the already high risk of Cloudflare being used for spying on users by a powerful entity such as a government.

On top of that, there is currently no system in place to obfuscate that someone is using Incognito, an ISP/Government can easily see that someone is using Incognito and add them to a list, or flat out block access to Incognito. This somewhat defeats the point of privacy. Usage of a P2P network like I2P would reduce that risk and make it much harder for Incognito to be blocked or shutdown.

I2P has been mentioned on these forums before in a thread about NAT Traversal for nodes, but it was dismissed away at the time for being “too slow”. Now, as much as speed is nice, privacy should come first. For low bandwidth P2P uses, I2P is not terribly slow, although the first time you connect can take quite a while. I2P’s architecture also means it increases in speed as more users join the network.

Once I2P is bootstrapped, it is near impossible to block, being able to operate in even the most restrictive of countries such as China and Russia.

Given the nature of Incognito, a shutdown attempt by a major government should be a concern.

There are my two main concerns for now, Centralisation/Cloudflare and the lack of additional privacy at the network/protocol level.

I look forward to building on top of Incognito and hope that these issues are addressed. It is best to address them sooner rather than later as changes like implementing I2P would almost certainly require upending quite a bit of Incognito’s existing architecture.

You’ve brought up good points here. Are there others solutions like IPFS? I’m not familiar with this stuff but it’s on my list of things to research.

Centrality around a big provider like AWS, cloudflare, etc are probably all risks. Hopefully incognito domains are secured properly with email addresses separate from incongito domains and whatever else is best practice. Perhaps it’s easy to migrate to new servers if the issue suddenly arises, but why not use hosting in a more friendly jurisdiction?

All valid points. Me and a couple other Devs over in the Discord are currently throwing around the idea of cloning and hosting a Tor mirror of the site and pDex. For this very reason.

Edit: sorry. Meant to reply to @incogal

IPFS is great for delivering static content where loading time doesn’t matter, it could be used in conjunction with js-ipfs to push updates to the Incognito client, that would allow updates to be delivered even if the incognito.org domain goes down.

Yeah, it would be best to have as much logic handled in a p2p network, eg the nodes + I2P, as possible. That would give greater resiliency and allow for more functionality in both restrictive and sanctioned countries.

If the domain is properly secured, and perhaps there are backup domains with different registrars, would it be a big deal to change the A record if an IP address is needed to be updated?

Of course that would create 12-48 hours of downtime but is probably a quicker fix for now. But I do think there should be a plan for all hosting and server needs be with privacy centered data centers if decentralization is difficult for now.

Is there any other solutions to what you recommended or is there really just one game in town?

Another walled garden service? Incognito should seriously consider hosting its own RocketChat or [Matrix] server, perhaps on chat.incognito.org. Matrix has an advantage of being federated like e-mail is, so users with existing accounts can join a group chat without making a new account.

That would be a decent start, but it would be best to work around I2P if possible. I2P is more resilient than Tor and is built for p2p applications, such as blockchains, whereas p2p on Tor is actively discouraged.

Adopting I2P might also revive the Monero Project’s interest in implementing it, as Kovri is essentially abandoned at this point.

I2P would make a great back-end for cryptocurrency, and it was pretty disappointing when Kovri went nowhere.

Domains are somewhat old technology, but no, changing a record would not be that big of an issue. However, if a government blocks all the domains, it will stop usage of Incognito in that jurisdiction.

I2P currently provides the most robust peer to peer friendly routing network there is, it’s proven to work well and is a mature project.

There are, of course, other projects that could be suited as well such as cjdns or yggdrasil. There are more but those are the first two that came to mind.

For p2p delivery of static content in a web browser, the only production ready solutions I can think of are IPFS and WebTorrent with IPFS being the more suited of the two. There’s nothing stopping someone from implementing an in-browser I2P node though and allowing that to be used as well.

IPFS should be able to function over I2P as well, though I am not sure if anyone has done that yet. It might need some changes to work.

I can’t speak for the team but do you have any experience and would you be willing to help in any of this technically? The team’s 2021 roadmap is already completed but maybe they could do it with extra help.

I think the concept is good but it’s above my head. Some others will chime in I’m sure.

Hey @cusdt.eth yesterday chatted with @Matt6412 about this as well. It would be awesome if you guys could run Tor friendly alternatives of the website, web pDEX, web pDAO, etc.

Probably it’s a good topic to discuss on our first non-formal gathering that @Ducky prepares

Great. Looking forward to discussing this further.

I’m always available over in the Discord as well.

The team should really consider moving to Gitter at the very least if self-hosting isn’t an option, Discord is not really suitable for FLOSS projects given its walled-garden nature.

@incogal we may bring this topic to the hangout this week. Check the info here: Community call - Come hang out with us!

Will you join?

I’d prefer to maintain as much anonymity as possible. Stylometry alone gives me enough to worry about, let alone the rapid development of Speaker recognition.

That being said, it seems somewhat odd that an open source project would be using Zoom - a proprietary service facing numerous ongoing lawsuits regarding privacy and security issues - over something like Jitsi Meet.

If an IRC channel, Matrix/Gitter room, or RocketChat instance become available than I’d be up for discussing things there. As things are now though, it looks like this Discourse forum and e-mail are the only two open platforms being used for communication here.

Aside from all that, I’ve been somewhat busy working with someone on architecting a project that’ll use Incognito. If anyone reading this wants to donate to us they’re more than welcome to send coins/tokens to the Incognito address on my profile, keep in mind that there’s nothing solid in place yet and that as of now there’s a high chance said project won’t go anywhere.

Should we get to a point where we have a solid foundation planned and a rudimentary demo available, I’ll post a topic about it in the builders forum.