Medium Weekly Digest (12 – 19 Jul 2019)

If we are to stand against this destructive government trend of outlawing cryptography, one of the measures we can take is to use cryptography as much as we can while it is still legal.

— F. Zimmerman

Dear members of the Community!

Internet heavy is sick.

Starting this Friday, we'll be posting weekly highlights of what's happening in the community decentralized Internet provider "Medium".

This digest is intended to increase the interest of the Community in the issue of privacy, which in the light of recent events becomes more relevant than ever.

On the agenda:

• "Medium" creates its own ecosystem of web services on the web I2P
• Public Key Infrastructure - why you need it HTTPS in I2P
• Experts RosKomSvoboda found no violations of the law in the activities of the decentralized Internet provider "Medium"

Remind me - what is "Medium"?

The Medium project was originally conceived as mesh network в Kolomna urban districtHowever, after some time it became very obvious that there were not enough people willing to take part in this to implement the idea.

For this reason, after some time, Medium turned into an independent and free provider of access to the I2P network - enthusiasts configure their wireless access points so that when connected to them, it becomes possible to use the resources of the I2P project.

"Medium" provides users with free access to the resources of the I2P network, due to the use of which it becomes impossible to calculate not only the router where the traffic came from (see. basic principles of "garlic" traffic routing), but also the end user — the Medium subscriber.

More information about what "Medium" is can be found in relevant article.

"Medium" creates its ecosystem of web services in the I2P network

I2P (the "Invisible Internet" project) has confirmed its efficiency in practice: at the time of publication of the article, the network has at least 5000 routers.

Until recently, the main problem was the lack of on-net services that could prove to be worthy alternatives to the most popular Internet services.

The Medium user community decided to rectify this situation and began to deploy own ecosystem of web services within the I2P network.

At the moment, the following general-purpose services are available to users:

As well as special services

If you have a brilliant idea, free time, your own server and enthusiasm, you can help the community develop the Medium web services ecosystem: create a request to add your service to the list and feel free to start developing!

"Medium" also has a kind of similarity domain name systems. The operator of the “Medium” access point can add the I2P service to the list of subscriptions of the router. dns.medium.i2pso that its users get access to all the services of the Medium network.

Public Key Infrastructure - why HTTPS is needed in I2P

There is no need to use the HTTPS protocol to connect to web services on the I2P network if you are connecting to them through a locally running proxy server of your I2P client (for example, i2pd).

Indeed: transport USS и NTCP2 at the protocol level allows you to safely use the resources of the I2P network - the ability to conduct MITM attacks completely excluded.

The situation changes radically if you access the resources of the I2P network not directly, but through an intermediate node - the access point of the Medium network, which is administered by its operator.

Who in this case can compromise the data that you transmit:

1. Access point operator. Obviously, the current operator of the access point of the "Medium" network can listen to unencrypted traffic that passes through its equipment.
2. intruder (man in the middle). "Medium" has a problem similar to Tor network problem, only for input and intermediate nodes.

This is how it looks like

Solution: To access web services of the I2P network, use the HTTPS protocol (Level 7 OSI models). The problem is that it is not possible for I2P network services to issue a genuine security certificate by conventional means such as Let's Encrypt.

Therefore, enthusiasts have established their own certification authority - "Medium Root CA". All services of the "Medium" network are signed by the root security certificate of this certificate authority.

The possibility of compromising the root certificate of the certification authority was certainly taken into account - but here the certificate is more needed to confirm the integrity of the data transfer and exclude the possibility of MITM attacks.

Services of the "Medium" network from different operators have different security certificates, one way or another signed by the root certification authority. However, root CA operators do not have the ability to sniff the encrypted traffic of services that they have signed security certificates with (see section XNUMX. "What is CSR?").

Those who are especially concerned about their safety can use such means as additional protection, such as PGP и similar.

You can also independently check the public keys of specific services of the Medium network

By the way: not only the services of the Medium network have the ability to connect via the HTTPS protocol - the service also has the same ability stats.i2p.

At the moment, the public key infrastructure of the Medium network has the ability to check the status of a certificate using the protocol OCSP or through the use CRL.

“Can you sit down like a mathematician Bogatov?”

Experts RosKomSvoboda found no violations of the law in the activities of the decentralized Internet provider "Medium".

On Monday we consulted with experts Center for Digital Rights (also known as RosKomSvoboda).

As a result of the audit, no violations of the law were revealed. At the moment, we are actively cooperating with RosKomSvoboda and together we are preparing an appeal to the Ministry of Communications.

Convincing request

In the event that you notice problems with the availability of any of the services of the Medium network, do not write about it in the comments to the publication - instead open a ticket in the repository on GitHub. So service owners will be able to respond more quickly to the failure.

Free Internet in Russia starts with you

You can render all possible assistance in establishing a free Internet in Russia today. We have compiled a comprehensive list of how you can help the network:

• Tell your friends and colleagues about the Medium network. Share reference to this article in social networks or personal blog
• Take part in the discussion of technical issues of the Medium network on GitHub
• Take part in development of the OpenWRT distributiondesigned to work with the "Medium" network
• Create your web service on I2P network and add it to DNS Network "Medium"
• Raise your access point to the Medium network

See also:

"Medium" is the first decentralized Internet provider in Russia
Decentralized Internet Service Provider "Medium" - three months later

We are on Telegram: @medium_isp

Only registered users can participate in the survey. Sign in, you are welcome.

Alternative voting: it is important for us to know the opinion of those who do not have a full account on Habré

• ↑

• ↓

18 users voted. 8 users abstained.

Source: habr.com