Anonymous hosting service with i2p access
(attention: there is no service, there is only an idea)
When publishing information to circumvent censorship, the problem arises: how to publish information without disclosing one’s identity and data leading to disclosure of one’s identity? An IP address can be considered as sufficient information to determine the identity of the person who accessed the server. Taking into account that all hosters usually fully cooperate with totalitarian governments, the process of establishing the owner / author of a site does not pose a problem. The naive promises of companies “not to disclose customer data” require a very high level of trust, and besides, they cannot always be fulfilled (lavabit is an example of this).
Below is a technical solution that eliminates the factor of high confidence (protection against espionage) and implies moderate confidence (will not disappear with money).
')
A commercial company buys hosting services (VDS, dedicated server, etc.), configures there an i2p router plus an ssh-server running via i2p, and gives the details to its client, who orders and pays for services only through i2p. Payment takes place in any cryptocurrency (for the time being we agree that bitcoin), all interaction occurs via the i2p network.
The company has a website in i2p, accepts bitcoins. When payment is received, the company orders the service from the specified supplier (on the regular Internet), sets up i2p, and gives the client details. At the request of the client, the server is restarted / reinstalled, it is also possible to send mail with support. In the most advanced version - API for management.
Having visited the i2p site, the client orders hosting “on the Internet”, gets access to its server through i2p, where it places the necessary information.
There is a website on the Internet. The site is on the server. The server belongs to a hoster, was ordered by an intermediary company, and then sold to an anonym for bitcoins, which have several mixers and operations inside the i2p network in the history. You can withdraw the server, you can punish the company (if it is under the jurisdiction of the totalitarian regime), find the author by logs, recorded traffic and by means of hanipots does not work.
We can safely assume that the server is compromised (as well as its i2p-router) and is completely controlled by the totalitarian regime. At the same time, if the service is functioning (that is, it publishes information), then the authors do not care. If it is not functioning, then yes, the server is not functioning. The compromise of the server does not reveal the identity, even if the monitoring of the publication of materials takes a long time.
In this situation, the position of the company providing the service seems most vulnerable. First, anonymity will significantly increase the number of abuse'ov. Secondly, the company can easily be accused of collaborating with the “boat builders.”
Most likely, the correct decision would be a fairly strict position on network abuse'am (DoS, flood, spam, etc.) and avoidance of jurisdictions of totalitarian regimes. In this case, for local suppliers, it will be just a foreign client, and for law enforcement agencies of totalitarian states it will be an inaccessible company for pursuit from which you can only select current leased servers (which may be included in the cost of the service). With proper diversification of server placement in various jurisdictions, a fairly stable structure should be obtained.
On such a server it is impossible to perform any confidential operations (disclosure of which could harm the owner). You can store - no change. For example, to raise "private mail" on this server will not work, because North Korea's special services will seize the servers and be able to access not only correspondence, but also metadata (recipient and sender addresses, IP addresses).
On such a server is possible:
When publishing information to circumvent censorship, the problem arises: how to publish information without disclosing one’s identity and data leading to disclosure of one’s identity? An IP address can be considered as sufficient information to determine the identity of the person who accessed the server. Taking into account that all hosters usually fully cooperate with totalitarian governments, the process of establishing the owner / author of a site does not pose a problem. The naive promises of companies “not to disclose customer data” require a very high level of trust, and besides, they cannot always be fulfilled (lavabit is an example of this).
Below is a technical solution that eliminates the factor of high confidence (protection against espionage) and implies moderate confidence (will not disappear with money).
')
A commercial company buys hosting services (VDS, dedicated server, etc.), configures there an i2p router plus an ssh-server running via i2p, and gives the details to its client, who orders and pays for services only through i2p. Payment takes place in any cryptocurrency (for the time being we agree that bitcoin), all interaction occurs via the i2p network.
Description by the company
The company has a website in i2p, accepts bitcoins. When payment is received, the company orders the service from the specified supplier (on the regular Internet), sets up i2p, and gives the client details. At the request of the client, the server is restarted / reinstalled, it is also possible to send mail with support. In the most advanced version - API for management.
Client side description
Having visited the i2p site, the client orders hosting “on the Internet”, gets access to its server through i2p, where it places the necessary information.
Description by the totalitarian regime
There is a website on the Internet. The site is on the server. The server belongs to a hoster, was ordered by an intermediary company, and then sold to an anonym for bitcoins, which have several mixers and operations inside the i2p network in the history. You can withdraw the server, you can punish the company (if it is under the jurisdiction of the totalitarian regime), find the author by logs, recorded traffic and by means of hanipots does not work.
Trust server
We can safely assume that the server is compromised (as well as its i2p-router) and is completely controlled by the totalitarian regime. At the same time, if the service is functioning (that is, it publishes information), then the authors do not care. If it is not functioning, then yes, the server is not functioning. The compromise of the server does not reveal the identity, even if the monitoring of the publication of materials takes a long time.
In this situation, the position of the company providing the service seems most vulnerable. First, anonymity will significantly increase the number of abuse'ov. Secondly, the company can easily be accused of collaborating with the “boat builders.”
Most likely, the correct decision would be a fairly strict position on network abuse'am (DoS, flood, spam, etc.) and avoidance of jurisdictions of totalitarian regimes. In this case, for local suppliers, it will be just a foreign client, and for law enforcement agencies of totalitarian states it will be an inaccessible company for pursuit from which you can only select current leased servers (which may be included in the cost of the service). With proper diversification of server placement in various jurisdictions, a fairly stable structure should be obtained.
Service Applicability
On such a server it is impossible to perform any confidential operations (disclosure of which could harm the owner). You can store - no change. For example, to raise "private mail" on this server will not work, because North Korea's special services will seize the servers and be able to access not only correspondence, but also metadata (recipient and sender addresses, IP addresses).
On such a server is possible:
- Data storage in a cryptocontainer (Encryption / decryption - on the client side). Removing the server and intercepting traffic will not allow access to information, most modern cryptocontainers guarantee integrity. Availability of data, of course, is not guaranteed. Note that access to the data inside the cryptocontainer cannot be obtained, since passing a key to the server automatically compromises it.
- Internet access. A secure anonymous channel from the server to the client allows you to hide the source / recipient of traffic from the client. Note that the traffic itself can be considered completely public, as well as its purpose (on the reverse side of the client). It should be noted that the transmitted traffic can identify the client in an unexpected way (js-snapshot of the screen / browser version, for example).
- Public anonymous posting. This can be hindered, but it cannot be established by the author. Moreover, an autonomous publication (which does not require tunneling to client resources) eliminates the possibility of identifying the author by means of a controlled interruption of the Internet access service for communication channels controlled by the totalitarian regime. Note that without additional funds (such as cryptographic signature) there is no way to protect the integrity of the published information. Example: if a certain human rights site publishing reports. The opposing totalitarian government, even without being able to figure out the authors, may try to discredit them by posting obviously ridiculous information there and spoiling existing articles.
Source: https://habr.com/ru/post/213885/
All Articles