Security and privacy

From Hack Manhattan Wiki
Revision as of 16:22, 2 January 2012 by Guan (Talk | contribs) (Topics)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Topics

Basics:

  • Encryption for storage
  • Encryption for email: PGP and S/MIME
  • Encryption for the Internet: SSL, HTTPS
  • Basic anonymity: Tor
  • Multifactor authentication
  • Web browsing: CSRF, referers, ad networks, iframes

Advanced:

  • Freenet
  • I2P
  • Trust
  • Securing DNS
  • Payments

I2P

Outline for a talk:

  • I2P is short for Invisible Internet Project and is designed to provide both end-to-end encryption and anonymity.
  • Endpoints are only identified by a cryptographic key. All traffic is routed through multiple routers and each step is encrypted (think of a series of envelopes nested in each other) so it is impossible to tell who you are communicating with.
  • Unlike Tor, I2P generally does not provide access to the "real" Internet, although you can set this up as a service. Think of I2P as a parallel Internet where everyone is anonymous, built on top of the real one.
  • A number of services are already implemented, including HTTP, IRC, BitTorrent and various forms of email.
  • Services are typically accessed through traditional protocols that are proxied through the I2P router. For example, you would point your IRC client to an IRC proxy running locally, that then connects to a real IRC server somewhere.
  • Services are also typically implemented this way. I2P websites run normal web servers like Apache or the built in Jetty based one. The I2P router takes care of receiving HTTP requests from I2P and translating them into traditional HTTP.
  • It is also possible to implement I2P native services that don't proxy over an existing protocol. This is particularly useful for distributed applications that don't rely on central servers.
  • I2P is a relatively low level system. I2P services can be implemented in many ways. For example, the Susimail email system looks like traditional email with centralized mail servers that happen to be accessed over I2P, while the I2P-Bote stores email in a distributed hash table and has no centralized servers. I2P can be a secure and anonymous transport for traditional applications and services or provide the basis for distributed services.