Earlier, in The Shape of Cyberspace, I outlined the overall structure of the internet. It does NOT follow Weberian nation state boundaries and the notion of jurisdiction. The original internet was based on fixed length IP prefixes, groups of 256, or 65,536, or 16,777,216 addresses, and each was associated with an Autotnomous System, which were originally numbered 1 – 65536, but we started running out and now they’re numbered 1 to 4,294,967,296. These numbers are all powers of two.
256 = 2^8 = 2x2x2x2x2x2x2x2
65,536 = 2^16 = 2x2x2x2x2x2x2x2 X 2x2x2x2x2x2x2x2
16,777,216 = 2^24 = 2x2x2x2x2x2x2x2 X 2x2x2x2x2x2x2x2 X 2x2x2x2x2x2x2x2
And so forth, up to the massive 2^128 space of IPv6.
I’ve suggested that you guys get familiar with at least one of two quality VPN providers, either Mullvad or Proton. You will still encounter advice out there about using older and more niche things: I2P, IPFS, and Tor are some of the more notables. We’ll be looking at them today.
Attention Conservation Notice:
Negative experimental results are still results. I don’t think anybody reading this Substack needs to know how to use any of these things. This article explains what they are and why I think they’re not the priority they once were.
The Underworld’s First Overlay:
Once you understand the three level hierarchy of IP address, its prefix, and its Autonomous System, and you know that DNS is an overlay that maps symbolic names to IP addresses, which was covered in The Shape of Cyberspace, you’re ready to plumb the depths of the other overlays.
A Virtual Private Network is a service that allows you to make an encrupted connection to a VPN concentrator, usually a system on a single IP address running OpenVPN, and from there access the “clearnet”. This conceals your origin IP address from any system you access. There are a LOT of caveats here:
Free VPNs that only offer binary clients are a trap you should know to avoid.
VPN providers all deny they keep logs, until the authorities come knocking.
Nosy sites will use various methods to force a leak of your origin.
Cell phone VPNs are a joke, Mullvad is the only one that gets it right.
You MUST fail closed separate routing/VPN duties from a client.
Even quality cell phone VPNs DO NOT conceal traffic from their hotspot.
Basically, if you can’t afford to be seen, and you can’t afford the time and equipment to split the routing and client OS into a fail closed configuration, you CAN NOT explore safely.
And the it should be noted that both Proton and Mullvad offer two hop VPN services. You get on via a concentrator in country A, but your traffic exits via another concentrator in country B. This goes a long way towards thwarting the observation capabilities of nosy nation states.
Darker & Deeper:
The Onion Router, hereafter Tor, as akin to the two hop VPN, only instead of being a commercial service, each node is a freewill donation. The system only supports TCP virtual circuits, unlike VPNs, which will handle UDP datagrams. You get an encrypted connection to a relay, your traffic goes somewhere else, and then exits to the clearnet. Theoretically this is safe, in practice there are endless games played to ID users, generally having to do with being able to see entry and exit points in order to correlate long running transfers of large files. Lots of losers run exit nodes in order to snoop, including one major donor to the project that was spying on users.
Tor is notable in that it has a namespace akin to DNS in the form of .onion addresses. Accessing them begins with a relay, but ends when you reach the “darknet” node that hosts the content. Your traffic never leaves the Tor network and it’s a trick to determine where a given .onion is actually hosted. This is used for CSAM (child sexual abuse material) distribution, drug markets, general cyberfraud type activities, as well as a lot of legitimate privacy focused motives.
I have three remaining use cases for Tor. When I have to manage a remote system and I want to leave no trace of who is handling the machine, I will create an ssh hidden service with an onion address. Starting with this it’s possible to “port forward” other services, concealing who is managing a machine, and whatever other services may be on it. The other things I do include using TAILS on occasion to quickly check out some fishy URL, and I’ll use torsocks to wrap command line programs like wget to grab files with a known URL without jumping through all the hoops of firing up a VPN protected virtual machine.
The I2P network is akin to Tor in that it has an encrypted multihop architecture but the designers always meant it to be a walled garden with its own whatever.i2p namespace, just like Tor’s .onion addresses. There are clearnet exits for I2P, but they’re fairly rare and I would never consider them to be trustworthy. That’s a whole other article I should probably write, since there’s an information gathering exercise associated with understanding why this is the case.
File Based Systems:
IPFS is a popular distributed file storage solution. There are a lot of legitimate uses, but just as many that are shady. I’ve seen spearphish sites hosted on IPFS and they do so because it’s essentially impossible to attribute who is responsible.
There was an older service called Freenet, that’s recently renamed to Hyphanet. I installed it once, years ago, noticed that about a third of the sites on it appeared to be hawking CSAM content. The U.S. criminal statutes for CSAM have what is known as “strict liability” – doesn’t matter how it got on your computer, you are going to prison. A 260 millisecond HDTV clip will have more than fifteen images and that gets you an enhanced sentence. This legal construct is weaponzied, I’ve seen people who’ve been emailed CSAM content in an attempt to frame them, and there have been some instances where political figures have had content planted on their systems.
So I looked at it once, said oh hell no, and promptly nuked the VM where I had installed it. I don’t think running it confers criminal liability, but I’m not willing to test that theory personally.
Blockchains:
There are blockchain based file and message transfer methods. I do not know much about them, since they tend to be limited to cryptocurrency niches. There is a LOT of attention on blockchains and anonymity. Basically my take is that if you do something provocative enough someone WILL bring enough resources to wade through the obfuscation and find you. I like Monero as a cryptocurrency, which has proven to be intractable in terms of attribution, but I otherwise avoid this stuff unless I have a VERY specific project related need.
Conclusion:
Because I am a bit of a tech masochist I just started loading I2P on some of my systems to explore how it would work as an alternative to using Tor for unattributable remote access. You are free to point, laugh, and describe me as an obsessive weirdo for having done this.