Paper summary: Measuring I2P Censorship at a Global Scale (FOCI 19)

Crossposted from https://github.com/net4people/bbs/issues/12.

Measuring I2P Censorship at a Global Scale
Nguyen Phong Hoang, Sadie Doreen, Michalis Polychronakis
https://censorbib.nymity.ch/#Hoang2019a
https://www.usenix.org/conference/foci19/presentation/hoang

This paper describes the first large-scale measurement study of the censorship of I2P. The authors tested for censorship of various aspects of I2P use: the main download web site and mirror sites, certain centralized bootstrapping servers, and the peer-to-peer relays that form the I2P network. They tested from about 1700 ASes and 164 countries, using VPN servers provided by VPN Gate. The main outcome is the detection of some form of I2P-related censorship in five countries: China, Iran, Kuwait, Oman, and Qatar; and in one academic network in South Korea.

This is the first research I am aware of that uses VPN Gate as a platform for censorship measurement. VPN Gate offers certain advantages over other techniques:

  • VPN Gate servers are run by volunteers on their own PCs, in diverse networks including residential networks that are hard to access through commercial VPN services. There are about 5000 VPN Gate servers.
  • VPN Gate, being a VPN service, allows direct and active tests across many layers of the network stack.
  • VPN Gate servers are less likely to obscure their true geolocation or tamper with traffic (such as by injecting advertisements).

VPN Gate also has some drawbacks:

  • There is high churn of servers and servers are not always online, only when their operator’s PC is turned on. Measurements are only possible on an as-available basis.
  • VPN Gate uses standard VPN protocols, like OpenVPN, that are not especially covert. As VPN Gate is a circumvention tool, firewalls that attempt to block circumvention may also prevent access to VPN Gate servers.
  • VPN Gate volunteers do not specifically opt in to performing censorship measurement in the same way that OONI or ICLab volunteers do, but there is at least a greater degree of informed consent about proxying other people’s traffic than exists with other peer-to-peer VPN services.

Overall, the authors consider VPN Gate not as a replacement, but as a complement to other measurement techniques.

The objects of testing are four parts of I2P that are possible targets of blocking:

  • The main web site, https://geti2p.net/, from which the I2P software may be downloaded, and mirror sites like http://i2p-projekt.de/.
  • Reseed servers, which are static, centralized servers that provide a new I2P client with enough information to bootstrap itself into the network.
  • I2P relays. By design, and in contrast to Tor, each I2P relay does not know about all the others. The authors ran and tested their own I2P relays, which avoids problems with the unpredictable churn of third-party relays, and concerns about logging traffic that may be connected to a person.

The authors consulted I2P’s guidelines for research and worked with members of the I2P team in designing their experiments.

The tests found some form of I2P-related blocking in six countries. In Iran, the mirror site (HTTP) but not the main site (HTTPS) were blocked by TCP injection of an HTTP 403 response. The same was the case in Kuwait, though only in 1 AS out of 6 available for testing. In Oman and Qatar, both the mirror site and main site were blocked by TCP injection, of an HTTP response in the case of HTTP, and of a TCP RST packet in the case of HTTPS.

In China, there was DNS poisoning of the main web site (but not the mirror site), as well as 3 out of 10 reseed servers. Some of the poisoned IP addresses are in the same subnets as have been observed in studies going back over a decade, such as in Lowe et al. 2007 (Table 2), Farnan et al. 2016 (§4.2), and Pearce et al. 2017 (Table 7). But there were also many previously undocumented IP addresses, including ones belonging to Facebook and SoftLayer—the reason for this is unknown. Inconsistently, AS 9808 differed from others in China, in that it poisoned some domains that others did not, using differently crafted packets. They did not find SNI filtering of I2P domains that were DNS-poisoned, illustrating a non-uniformity of blocking techniques: I2P domains are being treated differently than Wikipedia domains, which were documented by OONI to be blocked by both DNS and SNI. One academic network in South Korea, AS 1781, poisons the DNS of I2P domains, but it is likely according to a policy specific to the institution. Another two networks in South Korea sporadically poisoned DNS responses, but it looks like censorship leakage caused by proximity to China.

No blocking of I2P relays was observed anywhere.

An earlier paper on the topic of I2P censorship is An Empirical Study of the I2P Anonymity Network and its Censorship Resistance, evaluating I2P against a constructed, rather than naturally occurring adversary.

1 Like

The researcher also set up I2P reseed server on Cloudflare, to reseed with ESNI support.

Currently, Cloudflare is the only provider that supports ESNI. For this month, I therefore spent time on setting up an I2P reseed server over Cloudflare [3] and wrote up a tutorial [4] so that anyone with some spare resources can help making the I2P reseeding (bootstrapping) process more resistant to censorship, thus helping new I2P clients to be able to join the network.

[3] My reseed server is up and can be used at https://reseed.np-tokumei.net:8443. its reseed signing key can be found from the tutorial.

[4] https://homepage.np-tokumei.net/post/notes-i2p-reseed-over-cloudflare/