Rocksolid Light

Welcome to Rocksolid Light

register   nodelist   faq  


rocksolid / rocksolid.shared.i2p / Re: javascript in darknet ?

SubjectAuthor
* javascript in darknet ?trw
`* Re: javascript in darknet ?cLmnIoeR
 `* Re: javascript in darknet ?AnonUser
  `* Re: javascript in darknet ?anonymous
   `* Re: javascript in darknet ?Retro Guy
    `- Re: javascript in darknet ?anonymous

Subject: javascript in darknet ?
From: trw@anon.com (trw)
Newsgroups: rocksolid.shared.i2p
Organization: def5
Date: Sun, 14 Jul 2019 20:28 UTC

someone has formulated some thoughts on the subject here:
javascript.i2p

interesting, and should work like intended, I guess. A lot of effort, though...

Quote:

Run Javascript Client Code on the I2P Network without Risking Anonymity

by maxkoda

Introduction

Most I2P users disable Javascript in their browsers due to the risks of preserving anonymity. As a result most web applications on the I2P network do not make use of the Javascript language. This has resulted in a severe lack of web applications with rich client user interfaces and I2P web applications looking like web pages developed in the 1990s.

There are many excellent Javascript frameworks that enable building rich-client user interfaces that help to raise the bar for the user experience. However, these improved user experience web applications are missing on the I2P network because of the risks to anonymity mentioned earlier.

I have been looking for a way to bring rich-client web application user interfaces to I2P, using popular javascript frameworks without risking anonymity and I believe I found a way to do this.

That is the topic for this site.

Architecture

I2P Web developers can use popular javascript frameworks for rich-client user interfaces and avoid risking client anonymity. The architecture requires no changes on the server side because the client is in control when it comes to preserving anonymity.

On the client side, a virtual machine that has no connectivity to the Internet is used to browse the I2P network. The virtual machine is configured such that it can’t even contact the host machine (the computer running the virtual machine). If the virtual machine attempts to ping the IP of the host machine it receives a message that “the network is not reachable”.

This effectively isolates the virtual machine to a private network address. This network isolation effectively hides the true network location of the browser from any javascript client code running in the virtual machine.

On the host machine, the user can ssh into the virtual machine and interact with the operating system. The host machine runs an I2P router, and to allow the virtual machine to access the I2P network, the user will ssh to the virtual machine and provide remote port forwarding of I2P ports from the host machine.

The client configures the browser proxy in the virtual machine the same as the browser proxy is configured on the host machine (127.0.0.1:4444).

Once successfully configured, the user can browse to any I2P web application that’s running javascript and if the javascript code attempts to ascertain the network location of the user, it will always just see a private network address. Therefore the user’s actual network location is hidden from the javascript client code.

This will allow for rich client user interfaces for I2P web apps using javascript frameworks without exposing the user's network location.

Configure your System

I prefer to use Linux for both my host machine and the virtual machine. I use Virtualbox to manage my virtual machines. You can use whatever operating system you prefer as long as you can run ssh, I2P, and VirtualBox on your host machine. Typically this means Linux, OS/X, or Windows. You can use a virtual machine with any operating system type supported by VirtualBox.

You will need to create a Host-only network adapter for the virtual machine.

Paper Describing Setup and Configuration:

magnet:?xt=urn:btih:d61de91247b175b0ea077bec2ffd004b05e6a711

Javascript Examples:

These are meant to be run in the I2P javascript virtual machine:

Rich Client User Interface

Solitaire

Graphical maze game
Reward

If anyone can prove that network anonymity can be compromised using this virtual machine model, I will pay a reward of 1.0 Monero (1.0 XMR) to the individual that provides documented proof.

Reward details will be provided soon.

Questions and comments can be sent to:

I2P-Bote: 8l-cwUo-7~S1NUl6DHCjODn0uDTnfCh6YQEOyJdHUXH5LauttaFPNkICXpL4tso16BrtX00IxnyNAqorAaESL6

or

susimail: maxkoda@mail.i2p Posted on def4


Subject: Re: javascript in darknet ?
From: XrQkFuvGf7o3S@o3lom.mi (cLmnIoeR)
Newsgroups: rocksolid.shared.i2p
Organization: rocksolid2 (news.novabbs.com)
Date: Mon, 15 Jul 2019 08:22 UTC
On 2019-07-14 20:28, you wrote:

Most I2P users disable Javascript in their browsers due to the risks of
preserving anonymity. As a result most web applications on the I2P
network do not make use of the Javascript language. This has resulted in
a severe lack of web applications with rich client user interfaces and
I2P web applications looking like web pages developed in the 1990s.
                                                               ^^^^^
It is bad?


Subject: Re: javascript in darknet ?
From: AnonUser@rslight.anon (AnonUser)
Newsgroups: rocksolid.shared.i2p
Organization: Rocksolid Light
Date: Mon, 15 Jul 2019 08:38 UTC
cLmnIoeR wrote:

On 2019-07-14 20:28, you wrote:

Most I2P users disable Javascript in their browsers due to the risks of
preserving anonymity. As a result most web applications on the I2P
network do not make use of the Javascript language. This has resulted in
a severe lack of web applications with rich client user interfaces and
I2P web applications looking like web pages developed in the 1990s.
                                                               ^^^^^
It is bad?

web pages developed in 1990s use alot less bandwidth. not bad thing.
--
Posted on Rocksolid Light



Subject: Re: javascript in darknet ?
From: anonymous@def2.anon (anonymous)
Newsgroups: rocksolid.shared.i2p
Organization: def2org
Date: Mon, 15 Jul 2019 21:25 UTC
I agree, smaller pages have an advantage, and are usually more focused on content.
The disadvantage to go without js is that certain software is not usable without (more than you would think).

I am not convinced of the approach, but I don't want to reject it completely yet...


trw
Posted on def2




Subject: Re: javascript in darknet ?
From: retro_guy@retrobbs.rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.i2p
Organization: novabbs
Date: Fri, 19 Jul 2019 01:56 UTC
On Mon, 15 Jul 2019 21:25:23 -0000 (UTC)
anonymous@def2.anon (anonymous) wrote:

I agree, smaller pages have an advantage, and are usually more
focused on content.
The disadvantage to go without js is that certain software is not
usable without (more than you would think).

I am not convinced of the approach, but I don't want to reject it
completely yet...


Very true, most forum or web based software relies heavily on js, and
these are the types of sites people expect. Older sites are "lame".

The issue I see is that the people that tend to demand js sites may be
the same people that can't or won't configure their end for security.

As of this point in time, create a site heavy with js and many will
just not use it, so where is the incentive at this time?

rslight uses a very small amount of js, but works just fine without it,
you just miss out on a couple of tiny features you may never notice
(quoting and incoming link handling). If you can still use the site
without js, that's probably still a good idea at this time.

Retro Guy

--
Posted via novabbs




Subject: Re: javascript in darknet ?
From: anonymous@def2.anon (anonymous)
Newsgroups: rocksolid.shared.i2p
Organization: def2org
Date: Fri, 19 Jul 2019 09:06 UTC
As of this point in time, create a site heavy with js and many will
just not use it, so where is the incentive at this time?

I agree.

Also I rethought my previous position: if ip leaking was the only risk connected to the use of js, the proposed solution would take care of it and case closed. but in fact there are many more risks, and there are many cases where bugs in js have allowed to take over the box. so even if you use the vm just for browsing, at least all your downloads and browsing history can be read by the attacker. which can be enough already to track and deanomize you.

So no js in the darknets for me, thank you very much.

:-)

cheers

trw
Posted on def2




1
rocksolid light 0.6.5e
clearnet i2p tor