Posts

In this blog post, we summarize the outcomes of our project entitled “An Empirical Study of the I2P Anonymity Network and its Censorship Resistance” supported by the Open Technology Fund - Information Controls Fellowship Program. 0. Introduction The Invisible Internet Project (I2P) is one of the most well-known and widely used anonymity networks. I2P can be used by privacy-conscious Internet users to protect their online privacy, or by censored users to bypass censorship conducted by local Internet regimes. [Read More]

From early March until April, 2019, we conducted measurements from 1.7K network locations located in 164 countries to examine the accessibility of four different I2P services: the official homepage, its mirror site, reseed servers, and active relays in the network. We could identify blocking attempts in five countries. China consistently hinders access to I2P by poisoning DNS resolutions of the I2P homepage and reseed servers; SNI-based blocking was detected in Oman and Qatar when accessing the I2P homepage over HTTPS; TCP packet injection was detected in Iran, Oman, Qatar, and Kuwait when visiting the mirror site via HTTP; and explicit block pages were discovered when visiting the mirror site from Oman, Qatar, and Kuwait. [Read More]

Based on the original definition from I2P homapage, a reseed server consists of a Java I2P router, an HTTPS web server, and some scripts that periodically gather router infos from the router, bundle and sign them into a custom file format, and deliver these files over HTTPS. This tutorial will walk you through the process of setting up a reseed server and routing its traffic over Cloudflare. You may ask: “But why Cloudflare? [Read More]

Follows are command lines that I often use (not necessarily the best approach) while interacting with ip, which is used to show / manipulate routing, devices, policy routing and tunnels. Show current routes. ip route show Add route: sudo ip route add `a.b.c.d/e` via `gateway_IP` dev `device_name` a.b.c.d/e can be the subnet of IPs or just an IP address of the desired destination, and the gateway_IP is the IP address of the gateway where you want to route your traffic through (e. [Read More]

Follows are command lines that I often use (not necessarily the best approach) while interacting with Unix shell. Find files (including files in subdirectories) whose size is larger than x k bytes (replace k with M for mega bytes). sudo find . -type f -size +xk Re-run through some tasks periodically (e.g., every 10 minutes = 10 * 60s): while true; do ...; sleep 600; done Get size (disk usage) of a file/directory: [Read More]

This note originates from an effort to find ways to automate OpenVPN and SSTP VPN connections from an Ubuntu 18.04 machine using CLI. For setting VPN connection from GUI, NetworkManager GNOME has nice third-party packages for most VPN protocols. Only follow this note if you want to setup OpenVPN or SSTP VPN connection from CLI. OpenVPN has a nice CLI tool (i.e. openvpn). However, connecting to an SSTP VPN server using CLI (e. [Read More]

Mahatma Gandhi used to say: “Live as if you were to die tomorrow. Learn as if you were to live forever.” Therefore, I always try to improve my knowledge and keep myself up to date by reading. In addition to reading, I think taking note also helps me to understand the topic, remember it longer, and easier to trace back something that I have read. Therefore, here is a list of notes of various topics that I read/learned from several sources. [Read More]

SSTP stands for Secure Socket Tunneling Protocol, developed by Microsoft. It is one of the most powerful and widely used VPN protocols. It has the ability to bypass most firewalls because it uses SSL over port 443, which is also used by the famous protocol – HTTPS. Together with OpenVPN protocol, SSTP is considered one of the “stealth-VPN” protocols. Since it is owned by Microsoft, most Windows operating systems has a built-in SSTP-client. [Read More]

I once wrote a python program to create text files, which only contain ASCII and UTF-8 Unicode text. Before being written to a file, every non-UTF-8 line of text is decoded to UTF-8 using this line of code: line = line.decode('utf-8', 'ignore').encode("utf-8") I noticed many suggestions on StackOverFlow to use python’s string.printable or bash’s strings command to sanitize the text. However, these functions will remove all non-ASCII characters, which includes many, many valid UTF-8 characters because ASCII is a subset of UTF-8 (reference). [Read More]

Follows are command lines that I often use (not necessarily the best approach) while interacting with AWS. Before starting, you will need to install the CLI. For macOS, use brew install awscli For Linux, use pip install awscli Commands list files from a public S3 bucket. If the bucket is not publicly accessible, you need to sign in and do not need the --no-sign-request flag: aws --no-sign-request s3 ls s3://<bucket>/<path> Download files from a S3 bucket: [Read More]