That moment when you decide to use i2p because its more sustainable for every user to be a node just for your server’s location to get leaked in a vulnerability. This is why most deep web migration to i2p ended
i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response).
https://nvd.nist.gov/vuln/detail/CVE-2023-36325
i2p
That moment when you decide to use i2p because its more sustainable for every user to be a node just for your server’s location to get leaked in a vulnerability. This is why most deep web migration to i2p ended
Have any links or extra info on that?
i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). https://nvd.nist.gov/vuln/detail/CVE-2023-36325
I must have missed that. When did that happen? I used i2p a long time ago and it seemed very promising. I imagine it has got better since.