Replying to Avatar Ingwie Phoenix (aka. birb)

Looking at the recent events, here's my personal dystopia:

- You HAVE to use Tor/i2p to go online. If you don't, you are monetized by basically everything, everyone, everywhere.

- You CAN NOT host your own thing without any repercussion; i mean, you could be a terrorist, right? o.o

- If you do get all the permits to host your own thing publicy, you will have to turn over all data aquired to someone/somewhere and ensure someone's identity by their utmost personal data - like their ID for instance.

But... my networking knowledge in iptables is still pretty sheit and I can't figure out how to set up a transparent proxy to use Clash ( https://dreamacro.github.io/clash/ ) to route through Tor, I2P or a VPN at any given time...

Best case scenario: Everything that can be routed through either of those, should be. Anything else that needs a special permission (some online games, probably) should be allowed to pass through directly.

It's like another firewall; you aren't just protecting your ports, but your whole traffic in AND out.

I really hope it doesn't come down to this but... yeah, probably not.

51
5192b2e2... 2y ago

This is exactly one of those nightmares that motives our project. Furthermore, consider in addition the following dynamics:

If it becomes infeasible for providers to offer services legally and also for people to self-host, there is still going to be demand for different services, for example network traffic routing and obfuscation. Who is going to provide those services then?

Well, even right now besides morally acceptable solutions there are many (even clearnet) markets which are going to be offering VPNs, proxies, but which are not hosted in datacenter servers or self-hosted by the provider, but which have rather been set up on infected devices. In fact, these markets in general tend to specifically differentiate between datacenter hosted services and "residential ips", which are basically infected computers / routers, like the one you might have at home, as an example.

Specifically, you can imagine that residential ips are looked for by hackers, because these are likely not going to be blocked by providers like Cloudflare and so on.

You can see now where this is going. Would there be such a total dystopic effort at eliminating even these options which you have stated, then as a result of this you would see more & more innocents become the collateral victims of repression. Essentially, imagine police knocking on your door because some hacker orchestrated an attack over your network. Personally, no matter whether innocent or not, an accusation alone is a very defeating thing for any human being, since we are social creatures.

You can then also imagine, that in combination with this, that trust-based systems are both more mathematically but also probabilistically less resilient than distributed platforms. This means, there are innate vulnerabilities in them which endanger these same innocents.

So our advice, no matter what the situation, the dominant strategy will always be to self-host and use distributed platforms, and probably also have good iptables knowledge!

Reply to this note

Please Login to reply.

Discussion

Avatar
Ingwie Phoenix (aka. birb) 2y ago

Very true. I mean hey, utilizing "innocent IPs" isn't a new thing - wasn't there a page on the Tor project that would tell you if you had been an exit node for anything at some point? And then there are those vast all in one routers (like those FritzBox things and stuff) that tend to be volunerable due to being set to defaults and never changed. So I could totally see that happen. Who knows, it just might have already.

I have gotten to the point where I can do a simple port forwarding... But outright configuring a transparent proxy? Nope, not there yet. If you have any good reads for that, I'd be super happy to have those!

As for distributed systems... Well, I already run my own IPFS. In fact, whenever I share files with my friends, I use that over NextCloud - which I also have - because I find it much easier to just POST a file to /v0/add through my Headscale VPN. :)