Apologies if this is in the wrong section, it seemed to be the closest fit for this.
Incognito seems to be a great platform so far and I plan on building something on top of it in the near future, those plans are best kept for their own post though.
I have two major concerns about the current setup of Incognito and want to know if there are any plans to rectify the current issues.
It seems that currently, a good amount of the network is reliant on the incognito.org domain, though given the current client-node architecture this might just be due to a lack of other reliable full nodes.
There is also the usage of Cloudflare, all network traffic passed through Cloudflare is visible to them. They’re essentially perform a MITM attack in the name of providing “security” to the service behind it. This also creates a central point of failure where Cloudflare has the ability to kill off nearly all usability of Incognito in seconds on top of the already high risk of Cloudflare being used for spying on users by a powerful entity such as a government.
On top of that, there is currently no system in place to obfuscate that someone is using Incognito, an ISP/Government can easily see that someone is using Incognito and add them to a list, or flat out block access to Incognito. This somewhat defeats the point of privacy. Usage of a P2P network like I2P would reduce that risk and make it much harder for Incognito to be blocked or shutdown.
I2P has been mentioned on these forums before in a thread about NAT Traversal for nodes, but it was dismissed away at the time for being “too slow”. Now, as much as speed is nice, privacy should come first. For low bandwidth P2P uses, I2P is not terribly slow, although the first time you connect can take quite a while. I2P’s architecture also means it increases in speed as more users join the network.
Once I2P is bootstrapped, it is near impossible to block, being able to operate in even the most restrictive of countries such as China and Russia.
Given the nature of Incognito, a shutdown attempt by a major government should be a concern.
There are my two main concerns for now, Centralisation/Cloudflare and the lack of additional privacy at the network/protocol level.
I look forward to building on top of Incognito and hope that these issues are addressed. It is best to address them sooner rather than later as changes like implementing I2P would almost certainly require upending quite a bit of Incognito’s existing architecture.