Sustainability and Standards: We Need To Talk About Building Censorship Circumvention Infrastructure

Funding for FOSS projects needs to incorporate multi-year contracts for maintainers. This would ideally be someone who has experience and can assess and help a team implement best practices, policy and documentation as part of the contract.

Projects should not need to create something new that will put more stress on a small team with more maintenance burdens and take a person away from core tasks. Anything that is left to rot hurts everyone and is money wasted.

In the case of I2P, the project has over 20 years of active development. The transports and network have proven success at creating access within the network for people facing restrictions to their communication.
What it needs is not to make anything new, it needs maintainers. Outside of that it needs application developers.

In my 9 years and counting of participating in research, development and outreach, I can tell you that each of us in the core team are doing a whole departments worth of work.

I believe that I2P transport capabilities are part of an overall more resistant communication ecosystem. The I2P network is blind to any viable data. That's the important part of I2P, nobody can see anything. Using unidirectional tunnels, it hides the server from the client and the client from the server. Within the network, an observer cannot easily discern origin or destination. Nodes are both clients and servers and self-managing. They create and listen for incoming connections independent of a centralized servers.

Packets on the network are encrypted, and I2P's tunnelling infrastructure removes the ability to snoop traffic by using encryption and unidirectional tunnels. You cannot see contents, origin or destination of traffic. I2P domain name registrars are anonymous. No personal information or IP addresses are stored by a registrar. Domain names are resolved within the network. This means that your ISP cannot observe any I2P entries.

The I2P network implements its own versions of TCP ( "The Streaming Protocol") and UDP ("The Datagram Protocol" and "The Repliable Datagram Protocol") to provide end - to end traffic anonymizing network rules.


This also provides versatile and familiar interfaces that application developers can adapt their own applications too so that they integrate with the I2P network. This allows for a seamless experience for users to participate in a privacy by design network overlay.

People mirror and make accessible internet properties that may be censored, allowing access to news and services. It is a place where people can make available privacy tools that may otherwise be restricted, or put a person at risk when accessing them on the internet. I2P is a network that has a foundation built on privacy as a default. Every aspect of how network communication is handled starts with considering privacy and anonymity for the people who are participating in network. The I2P network is proving its ability to keep people in countries facing information restrictions connected.

We are learning more about how people want to use the network everyday. This network has incredible potential and proven success supporting people facing surveillance, insecure communication, and restrictions to accessing information.

Want to help I2P core development? If you have experience as a sysadmin, networking, and have time and resources to spare, consider taking on service maintenance. Nobody should be five IT departments in a trench coat.

If you promote/ or incorporate using a FOSS protocol/ software, but don't collaborate with that team everyone loses. You lose the opportunity to gain knowledge outside of docs, everyone loses market interest from lack of coordination, and devs lose out on understanding how their work is being used or could be used and its impact.

This is infrastructure lost in our common goals.

Sustainability: If you are receiving funding it should include giving back to the development of the protocols that you are using.

If you are layering solutions: for example Tor and I2P, talk about why and how you are doing it. You know what helps everyone? Secure workflows for redundancy. This is not about who is better or competition - there is no silver bullet. When we do not collaborate as users and teams we are creating massive opportunities for people in stressful situations to make mistakes. Nobody wants to Google this shit.

Want to have conversations and work towards the very real requirement for overlay network policy and standards that may help make all of this easier from a censorship circumvention infrastructure building perspective? Talk to me.

sadie