-
Notifications
You must be signed in to change notification settings - Fork 425
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can we restrict I2P peer connections from 'strict countries'? #2112
Comments
I think users should decide by themselves whether they need extra "protection" or not. By the way, do you have any information regarding #2109 ? |
Their goal is to disconnect I2P users located in China from the I2P network. These malicious peers cause I2P users in China to be unable to connect to any I2P services (if the peers do not enable hidden mode). After I2P updated the NTCP2 and SSU2 communication protocols, China's national firewall was unable to intercept I2P communications, so they began to deploy a large number of these malicious peers to try to disrupt the network. I discovered this yesterday while debugging my own I2P software. If I block those abnormal China peers (located in the strict country list but not enabling hidden mode), I can quickly and stably access the I2P network. This is why I think it's necessary to restrict connections from these countries. |
i2pd is not going to restrict connectivity by country or nationality. |
You're right. This would lead to a de facto country block. But what I'm trying to express is not about blocking connections from specific countries, but rather that: the appearance of non-hidden mode I2P routers in these countries is an abnormal signal in itself. It's a bit like a group of 'prohibited people or things' suddenly appearing publicly in a place where they are forbidden by law. |
I think it should be possible to make option allowing user to exclude some nodes from tunnel selection, similarly to how it is made in Tor ( |
Yes, I think similar additional optional protection is feasible.
These abnormal peers come from different organizations, but are basically led by the Chinese academic community (such as the Chinese Academy of Sciences) in censorship research, with the intention of degrading or destroying the I2P network. By searching for keywords like "I2P 流量分析" in Chinese on search engines, you can find a large number of papers written by different universities and research institutions in China.
His I2P peer is running on a version (2.5.0) that doesn't have 'strict country protection' deployed, so it won't automatically enter hidden mode. But I also don't know why his I2P peer has so many Chinese peers, to the point where it's causing I2P to not work properly. |
agreed |
I2P peers in the strict country list will force-enable hidden mode, and I2P peers in this mode should not participate in tunnel creation.
Can we implement similar restrictions on I2P peers from regions in the strict country list? That is, when we detect that the IP address of these peers comes from a strict country and they are participating in tunnel creation, we directly block them? (Because it is likely to be a malicious peer).
My native language is not English, and these texts are translated using artificial intelligence technology. Please forgive me if there are any errors in the text.
Strict Countries
The text was updated successfully, but these errors were encountered: