Medium Weekly Digest (12 - 19 Jul 2019)
If we want to stand against this destructive tendency of the government to establish cryptography outside the law, one of the measures that we can use is to apply cryptography as much as we can while its application is still legal.
- F. Zimmerman
Dear Community members!
Internet is seriously ill .
')
Starting this Friday, we will publish weekly the most interesting notes about events taking place in the community of the decentralized Internet provider “Medium” .
This digest is intended to increase the interest of the Community in the issue of privacy, which in the light of recent events becomes more relevant than ever before.
On the agenda:
- Medium creates its web services ecosystem on the I2P network
- Public Key Infrastructure - Why I Need HTTPS in I2P
- RosKomSvoboda experts did not find violations of the law in the activities of the decentralized Internet provider "Medium"
Remind me - what is “Medium”?
The Medium project was originally conceived as a Mesh network in the Kolomna urban district , but after a while it became quite obvious that there were not enough people willing to take part in the implementation of the idea.
For this reason, after a while, Medium has become an independent and free provider of access to the I2P network - enthusiasts set up their wireless access points so that when connecting to them, it becomes possible to use the resources of the I2P project.
Medium at no cost provides users with access to resources of the I2P network, which makes it impossible to calculate not only the router where the traffic came from (see the basic principles of garlic traffic routing ), but also the end user - the Medium subscriber.
More information about what Medium is, can be found in the corresponding article .
Medium creates its web services ecosystem on the I2P network
I2P (the project “Invisible Internet”) confirmed its efficiency in practice: at the time of publication of an article on the network, at least 5,000 routers are operating.
Until recently, the main problem was the insufficient number of intranet services that could prove to be worthy alternatives to the most popular Internet services.
The Medium user community decided to remedy this situation and began to deploy its own web services ecosystem within the I2P network.
At the moment, the following general-purpose services are available to users:
As well as special services
If you have a brilliant idea, free time, your own server and enthusiasm - you can help the community develop the “Medium” web services ecosystem: create an application to add your service to the list and feel free to start developing!
Medium also has a sort of domain name system . The operator of the Medium access point can add the service dns.medium.i2p to the subscription list of the I2P router so that its users can access all the services of the Medium network.
Public Key Infrastructure - Why I Need HTTPS in I2P
There is no need to use the HTTPS protocol to connect to the web services on the I2P network if you connect to them through the locally working proxy server of your I2P client (for example, i2pd ).
Indeed: the SSU and NTCP2 transport at the protocol level allows you to safely use the resources of the I2P network - the possibility of conducting a MITM attack is completely excluded.
The situation changes radically if you access the resources of the I2P network not directly, but through an intermediate node - an access point of the “Medium” network, which is administered by its operator.
Who in this case can compromise the data that you transmit:
- Access Point Operator . It is obvious that the current operator of the access point of the network "Medium" can listen to unencrypted traffic that passes through its equipment.
- The malefactor (the person in the middle ). Medium has a problem similar to that of the Tor network , only for input and intermediate nodes.
This is how it looks.
Solution : to access the web services of the I2P network, use the HTTPS protocol ( OSI model level 7). The problem is that for I2P network services it is not possible to issue a genuine security certificate by conventional means, such as Let's Encrypt .
Therefore, enthusiasts have established their own certification center - "Medium Root CA" . All services of the Medium network are signed by the root security certificate of this certification authority.
The possibility of compromising the root certificate of the certification center was certainly taken into account - but here the certificate is more necessary to confirm the integrity of the data transfer and to exclude the possibility of conducting MITM attacks.
The “Medium” network services from different operators have different security certificates, one way or another signed by the root certification authority. However, the operators of the root certification authority are not able to listen to the encrypted traffic of the services to which they have signed security certificates (see “What is CSR?” ).
Those who are especially concerned about their security can use tools such as PGP and the like as additional protection.
You can also independently check the public keys of specific services of the Medium network.
By the way : not only the services of the “Medium” network have the ability to connect via the HTTPS protocol - the stats.i2p service has the same opportunity.
Currently, the Medium network's public key infrastructure has the ability to verify the status of a certificate using the OCSP protocol or through the use of a CRL .
"And you can sit down as a mathematician Bogatov?"
RosKomSvoboda experts found no violations of the law in the activities of the decentralized Internet provider Medium.
On Monday, we consulted with experts from the Center for Digital Rights (also known as RosKomSvoboda ).
As a result of the inspection, no violations of the law were revealed. At the moment, we are actively cooperating with RosKomSvoboda and together we draw up an appeal to the Ministry of Communications.
Kindly requested
In the event that you have noticed problems with the availability of any of the services of the Medium network, do not write about it in the comments to the publication - instead open the ticket in the repository on GitHub. So service owners will be able to respond more quickly to the failure that has occurred.
Free Internet in Russia begins with you
You can provide all possible assistance to the establishment of a free Internet in Russia today. We have compiled an exhaustive list of what exactly you can help the network:
- Share your Medium network with your friends and colleagues. Share the link to this article in social networks or personal blog.
- Participate in the discussion of technical issues of the “Medium” network on GitHub
- Participate in the development of the OpenWRT distribution , designed to work with the network "Medium"
- Create your web service on the I2P network and add it to the Medium DNS network
- Raise your Medium Network Access Point
See also:
Medium - the first decentralized Internet provider in Russia
Decentralized Internet provider “Medium” - three months later
We are in Telegram: @medium_isp
Source: https://habr.com/ru/post/460721/
All Articles