i2pd icon indicating copy to clipboard operation
i2pd copied to clipboard
verified publisher icon PurpleI2P

transient router id

Open hsn10 opened this issue 1 year ago • 10 comments

Can we have an option to automatically generate new router id at each start?

it would be enough to delete ntpc2.keys, router.keys, ssu2.keys at each start.

hsn10 avatar Dec 07 '24 20:12 hsn10

For completely new i2pd profile on every start you can modify i2pd.service file (sudo systemctl edit --full i2pd.service) so "ExecStart=" will contain "--datadir=/run/i2pd" this way whole i2pd data dir is deleted when i2pd killed/stopped. Of course this removes all the data (like peers profiles, .keys, .dat), so on every i2pd start you get completely new installation behavior and need to wait some time to get i2pd fully working as you need to bootstrap into network and profile peers.

If you want only some files to be deleted on i2pd stop add ExecStopPost=+-/usr/bin/sh -c 'rm -f /I2PD_DIR/*.keys' action. Replace I2PD_DIR with directory where your i2pd store .keys (I don't remember original path, probably /var/lib/i2pd/).

bjtftw avatar Dec 08 '24 07:12 bjtftw

Why this feature is needed?

Vort avatar Dec 08 '24 10:12 Vort

A new router takes much time for integration to the network, because other routers don't have it in their profiles yet.

orignal avatar Dec 08 '24 13:12 orignal

feature is needed to make network analysis harder. Integration time is good enough, it doesn't seems to have any negative effect. After 15 minutes everything runs well.

hsn10 avatar Dec 10 '24 08:12 hsn10

I did additional testing and after deleting router state (router id, interface addresses, socks5 keys) it takes between 6 to 8 minutes until rest of network can connect back to you. It is reasonable price for increased security.

hsn10 avatar Dec 28 '24 22:12 hsn10

And how many problems have you created for other routers? Their NetDb is full of non-existing routers. If you change router ident often, your IP could be banned as possible attacker.

orignal avatar Dec 29 '24 01:12 orignal

Can we have an option to automatically generate new router id at each start?

orignal, the main developer, already said above that it is not good. Not good for both you and the network as a whole.

it would be enough to delete ntpc2.keys, router.keys, ssu2.keys at each start.

But, if you really want, you can just do that yourself, couldn't you? Is writing a simple wrapper script really that hard?

anikey-from-i2p avatar Dec 29 '24 22:12 anikey-from-i2p

Agreed with orignal, this is not useful or even harmful, in general. If you change your identity but not your IP, there's no point. However, the one case where it does add some privacy is to do it when your IP has changed, for example when it's on your laptop and you're traveling. In Java I2P we call the option "laptop mode". But I doubt anybody knows about it or uses it.

zzzi2p avatar Feb 11 '25 15:02 zzzi2p

do it when your IP has changed

What if it keeps flipping between two or three IP addresses? Maybe it makes sense to remember the 2-3 router identities and continue using them when the old IP address becomes the current one?

I doubt anybody knows about it or uses it.

Don't underestimate the power of browsing settings pages.

anikey-from-i2p avatar Feb 11 '25 20:02 anikey-from-i2p

Like I said, it's a rarely-used feature, there's no plans to make it fancier for us. It's a basic way to cover the threat model: you saw me at 37C3 in Germany with my laptop, then I went back home, you look through your old netdb records for routers at 37C3, and now you know my home IP. If you get that far, either with a script or native support, then you can think about additional protections.

zzzi2p avatar Feb 12 '25 15:02 zzzi2p