If you are using Tor, seriously ask yourself if it's a good idea to install software that was developed by DARPA and has never solved the exit node problem.
This is such an odd comment. ARPANET and by extension DARPA are embedded in the origin story of the Internet and I'm sure DARPA will continue to fund fringe technologies that emerge to change the way we communicate into the future.
It isn't, in and of itself a reason for suspicion on the level implied, nor would I argue above and beyond baseline healthy suspicion in anything.
> ARPANET and by extension DARPA are embedded in the origin story of the Internet and I'm sure DARPA will continue to fund fringe technologies that emerge to change the way we communicate into the future.
That doesn't matter at all. Tor is not proposing to accomplish the same thing the internet does. If we are to take Tor at its word, it is proposing the exact opposite of what is in the interest of government and law enforcement.
That it's hard to get enough volunteer capacity, that exit node operators can sometimes get in trouble for things users did, that attackers can run exit nodes in order to look at traffic content, that attackers can run undisclosed families of relays in order to perform some traffic correlation attacks when a circuit uses multiple relays controlled by the same party, or that some sites may block or CAPTCHA exit nodes?
How would you solve the various exit node issues? If anyone can run an exit node, it's bound to be as trustworthy as the "anyone" that runs it. Plus once your traffic is out of the onion-routed network, it's open to all the usual attacks on the public internet. I2P tries not to deal with non-I2P traffic at all because the problem is so difficult.
> I2P tries not to deal with non-I2P traffic at all because the problem is so difficult.
The problem is difficult because what I2P is doing is essentially the correct approach in this area. Designing an "anonymous" network around accessing an inherently non-anonymous network with a handful of dominant sites is how you run into limitations like needing exit nodes. Yet most people keep insisting upon Tor, as if it's a good idea for the "dark web" to be effectively a single application with an inherent flaw it may never overcome.
It's because Tor does a much better job of being usable to general users, combined with the network effect of Tor Hidden Services, means that more people think of Tor as the "dark web" and more people will use Tor. I2P definitely takes the more secure-by-default state.
> It's because Tor does a much better job of being usable to general user
By having a browser ship with Tor, yes. The rest of Tor is hardly less complicated than running I2P. And I'm not saying that I2P needs to be as popular as Tor. If I2P never gets to having a competitor to the Tor Browser, it will always remain in minority use. That doesn't mean people shouldn't be aware of it or consider it as an alternative for their own use.
> combined with the network effect of Tor Hidden Services
I'm not sure what you mean by that. I2P is almost entirely focused around hidden services, and those services more or less work the same way for the end user with the added bonus that there's a loose sort of "DNS" that creates human readable URLs for services. How does Tor's services have more of a network effect than those on I2P?
> means that more people think of Tor as the "dark web" and more people will use Tor.
Yes. That also isn't anywhere near an ideal knowledge level these users should have. It's not the problem of I2P or even the responsibility of Tor per se that people think this way.
Someone who is reading this very comment and thinks that Tor is the end-all-be-all of the dark web and isn't privy to its origins should think twice before relying on it, because they clearly don't understand the tool that they are using. They probably shouldn't be doing anything remotely "private" or "anonymous" on the internet if all they know is that Tor is the magic thing they install to hide the naughty things they do.
I think people here are misunderstanding me. I'm not saying to never use Tor under any circumstance. I'm telling people to think before they use a tool with known flaws and an interesting origin story. There's nothing unreasonable about this.
> I'm not sure what you mean by that. I2P is almost entirely focused around hidden services, and those services more or less work the same way for the end user with the added bonus that there's a loose sort of "DNS" that creates human readable URLs for services. How does Tor's services have more of a network effect than those on I2P?
Tor's tech doesn't create the network effect, it's just that the network effect exists for various reasons. Facebook is on Tor, for example, but it's not on I2P. This notoriety means a beginner to the private net will be more likely to reach for Tor than I2P.
> That doesn't mean people shouldn't be aware of it or consider it as an alternative for their own use.
To some extent I do think the Tor project has spent more resources on trying to make Tor usable for folks who aren't just power users, but I2P has also had a fraction of the resourcing that Tor has. It's a sort of "worse is better" here. It might also be the case that the pool of users interested in the anonymous net is small enough that there's just not enough room for a lot of competitors. I'm not sure and the nature of these networks make it hard to draw any ideas about their size/shape.
> I think people here are misunderstanding me. I'm not saying to never use Tor under any circumstance. I'm telling people to think before they use a tool with known flaws and an interesting origin story. There's nothing unreasonable about this.
This is mostly tone I think. I agree with what you're saying. I also think Tor, for better or for worse, has a lot of somewhat rabid fans. But yeah if I wanted to run a net service that I only wanted accessed anonymously, I'd probably use I2P.
> I have really bad news: the internet was formulated by the government.
The internet isn't one piece of software you knowingly install on your system. The internet isn't promising anonymity. Likewise to Tor, I wouldn't install a radar scanner in my car if I knew the company was owned by the U.S. Marshal Service given the kind of incentives that exist for them to take advantage.
I was very particular in saying "formulated". They didn't "make" the internet as we know it, nor do they "own" the internet. I just mean that the very foundation of American internet is the U.S government.
After all, my point wasn't against trusting the internet, It was more that everything built on the foundation is as trustworthy as the foundation itself.
Do you really expect anonymity out of the internet or trust that your IP traffic isn't being analyzed and logged? It certainly is, and it being a government project isn't an argument in its favor. The internet isn't selling itself as a tool of anonymity, never has, and isn't software you're installing on your hardware.
It isn't, in and of itself a reason for suspicion on the level implied, nor would I argue above and beyond baseline healthy suspicion in anything.