Lokinet is a onion-router (like tor, i2p) implementation of the LLARP protocol which tries to be a modern re-implementation of i2p. Session is a private messenger (like Signal) built using lokinet to hide metadata. If I understand correctly they have a cryptocurrency called oxen, which is earned or mined by providing servers to the loki network and oxen blockchain.

Imo they have these arguments on their side:

  • i2p is really slow and if re-implementing yields the results they claim it would be awesome
  • building a private messenger on top of onion-routing seems like a very good idea, since metadata is the new surveillance while it doesn’t generate massive amounts of traffic per user

What I worry about:

  • I don’t like cryptocurrencies in general, they haven’t yet proven that they can be used as anything but be used to speculate.
  • if people who are supposed to be the backbone of the onion-routing service are paid to do this I worry that in some (maybe new and still unknown) way this will weaken the network in comparison to a network run by volunteers and users (like tor and i2p). Maybe this will favor larger servers so all of the onion-routing is done in “the cloud” and none from home which in result is easier to surveil.
  • a talk at the yearly chaos computer congress about the alt-rights online behavior titled “Let’s play Infokrieg” (the talk is in German, but I linked the version with english live translation) talks about lokinet and how the developer advertised it on 8chan. This is all the connection they mention though and it’s pretty thin Imo.
  • in general I believe that cryptocurrencies don’t draw a very good crowd, also
  • I haven’t seen any reputable source advertise any of this. Not Lokinet, not session messenger, of course not their crypto coin…

Conclusion:

All of this isn’t a big problem, if they stay a small project. But them having the fastest onion-router, elon musk maybe tweeting about them and people flocking to them to “invest” might have the project gain momentum and them being the new tor or even bigger, applications built on top of it being a threat to signal etc.

I think some of their tech is very cool, a fast and modern onion-router could be very important for future secure web applications, but it’s troublesome

  • it’s in the hands of people nobody knows
  • motivated by financial gain
  • coupled with cryptocurrency

What are your thoughts on this? I am really interested to hear, how we should tackle this in your opinion.

  • KeeJef@lemmy.eus
    link
    fedilink
    arrow-up
    6
    ·
    4 years ago

    Hey, i’m the CTO at Oxen, just wanted to take some time out to answer the questions/concerns in this post and related comments.

    if people who are supposed to be the backbone of the onion-routing service are paid to do this I worry that in some (maybe new and still unknown) way this will weaken the network in comparison to a network run by volunteers and users (like tor and i2p). Maybe this will favor larger servers so all of the onion-routing is done in “the cloud” and none from home which in result is easier to surveil.

    Actually we think that the cryptocurrency aspect of things improves the networks ability to resist really common attacks like Sybil attacks and generally improves the quality of the nodes added to the network. Sybil attacks for example are much more expensive on Lokinet, since each Service Node operator needs to stake 15,000 Oxen to start a new Service Node, which is approximately $17,000 USD. Particularly it creates a feedback loop where the more Oxen that is bought off the market and locked into Service Nodes, the more expensive it becomes to buy more Oxen and lock it into Service Nodes. The other main advantage is we can enforce desirable network behavior by locking a Service Node’s stake, which means we can create a fairly large network of always online, high bandwidth nodes https://oxendashboard.com/#4 . We think this is an advantage over I2P, which is a larger network, but is mostly comprised of low bandwidth and low reliability nodes which exacerbates performance issues. Although your points about most Service Nodes running inside of data centers is true, we must ask the question as to whether we can build a viable, widely used onion routing network just using personal computers and residential internet connections? to me it seems that the need for high bandwidth onion routing has outweighed the need for lower bandwidth routing as evidenced by the adoption levels of Tor vs I2P, considering that most Tor routers also run inside data centers.

    a talk at the yearly chaos computer congress about the alt-rights online behavior titled “Let’s play Infokrieg” (the talk is in German, but I linked the version with english live translation) talks about lokinet and how the developer advertised it on 8chan. This is all the connection they mention though and it’s pretty thin Imo.

    This is incorrect, that post where Jeff, the primary developer of Lokinet is promoting Lokinet is actually on Endchan not 8Chan/8Kun. We don’t have any association with the alt right, and the non-for-profit that develops Lokinet https://optf.ngo is fairly apolitical mostly focusing on defending human rights and furthering privacy enhancing technologies.

    it’s in the hands of people nobody knows

    We don’t really make an effort to hide the team or anything, many of us have public profiles, an out of date list of some of our team members can be found here https://loki.network/team/

    Under the Lokinet initiator’s announcement on 8chan, someone pointed out that “LLARP” is a funny name for that, to which the Lokinet initiator replied that they considered calling the server implementation “WIZARD”, which is itself a self-referential term for sad virgin men in the *chan-context, but also just shows that the “LLARP” acronym wasn’t accidental.

    This is pure coincidence, LLARP stands for Low Latency Onion Routing Protocol, i forget what WIZARD stood for but it was something similarly onion routing related. We aren’t designing protocol names to dogwhistle to alt-right groups.

    • fidibus@lemmy.161.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      4 years ago

      I see that the announcement advertising post wasn’t on 8chan or 8kun but overchan, which makes sense, since jeff worked on nntp-chan. Sorry that I claimed they did.

      8kun (rebrand after 8chan was banned) does host their site on lokinet and still does, for two years now though, right?

      Also there is this reddit post where someone claims that

      So it’s pure coincidence that Ron’s father Jim Watson, who has been hosting 8chan and is now running 8kun, has transferred some of his old business into a “Loki Technology Inc.” of his own some time ago (see https://www.5ch.net), and that 8kun’s planned “Project ODIN” caters to the same Norse mythology theme. It almost made me wonder, especially since Loki’s dev Jeff has also been active on endchan.

      Their name actually is Jim Watkins and wikipedia also states that

      Watkins also runs the Manila-based business Loki Technology.

      What is going on here? Nothing to do with the Oxen, lokinet etc?

      Is it just a coincidence that the biggest site hosted on your network is 8kun?

      Also: $17k min investment to help the network, lmao that’s insane and I can’t imagine that does any good.

      • KeeJef@lemmy.eus
        link
        fedilink
        arrow-up
        3
        ·
        4 years ago

        8kun (rebrand after 8chan was banned) does host their site on lokinet and still does, for two years now though, right?

        8kun only had a SNApp on Lokinet for about 2-3 weeks, they also had a .onion site on Tor too, but at that point Lokinet was very new and the network could not handle any real production level scale, so they quickly had technical issues and left.

        Is it just a coincidence that the biggest site hosted on your network is 8kun?

        8kun doesn’t have any SNApp / .loki address that i know about, and it hasn’t been the case for years that they have had 8kun running on Lokinet

        So it’s pure coincidence that Ron’s father Jim Watson, who has been hosting 8chan and is now running 8kun, has transferred some of his old business into a “Loki Technology Inc.” of his own some time ago (see https://www.5ch.net), and that 8kun’s planned “Project ODIN” caters to the same Norse mythology theme. It almost made me wonder, especially since Loki’s dev Jeff has also been active on endchan.

        Also coincidence, Loki Technology Inc and Project ODIN have no relationship to Oxen (Formerly Loki) I’ve never met any of the 8kun people, Jim watkins, Ron watkins or any of them, and didnt know about them before they started using Lokinet to host 8kun. We started Oxen (Formerly Loki) in 2018 in Australia and had no idea about 8chan.

        Also: $17k min investment to help the network, lmao that’s insane and I can’t imagine that does any good.

        Its a different type of network structure, it has been essential in forming our network of nearly ~1,800 Service Nodes which act as the routers in Lokinet

        • fidibus@lemmy.161.socialOP
          link
          fedilink
          arrow-up
          2
          ·
          4 years ago

          I found another interesting article:

          Simon Harman, 23, Loki’s project lead, said Mr Watkin’s plan was by and large a surprise — and one, he conceded, that might not be optimal for the company’s emerging reputation.

          Mr Harman says Loki did not invite 8kun onto its open source network nor help build it.

          But some Loki staff may have advised 8kun administrators “to a limited extent”, he said, and provided some help to users hoping to access it.

          “Generally, if we get requests for technical information about our platform, we’ll just give it out. It’s all up open source anyway,” he said.

          “There’s definitely been interaction between 8chan users and the Lokinet team. I’m not going to say that that hasn’t occurred, but I don’t think it’s anything out of the ordinary.”

          https://www.abc.net.au/news/science/2019-11-08/8chan-is-back-online-and-an-australian-startup-accidently-helped/11682438

          But I think all in all there isn’t clear intent here, so we’ll just have to see what the future brings.

          Good luck to your team and such.

          I’d like to host a router if there ever is a fork that doesn’t need the Oxen stake.

    • fidibus@lemmy.161.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      4 years ago

      I don’t know why a lot of these projects don’t have home self-hosting with dynamic IP and through NAT in mind for the services.

      I am pretty sure that both TOR and i2p allow relay servers with dynamic IP.

  • Ephera
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    4 years ago

    a talk at the yearly chaos computer congress about the alt-rights online behavior titled “Let’s play Infokrieg” (the talk is in German, but I linked the version with english live translation) talks about lokinet and how the developer advertised it on 8chan. This is all the connection they mention though and it’s pretty thin Imo.

    This is easy to miss in the talk, but he also hints at the fact that the protocol is called “LLARP”, which is probably a reference to “LARP” – “Live-Action Role-Playing”.

    Which may also be something entirely innocuous, like people role-playing life in the Middle Ages, but especially on 8chan may also refer to role-playing as Nazis, or role-playing a first-person shooter with an actual gun in an actual mosque. (The Christchurch terrorist made his announcement on 8chan and was very much celebrated there for his high kill score.)

    Under the Lokinet initiator’s announcement on 8chan, someone pointed out that “LLARP” is a funny name for that, to which the Lokinet initiator replied that they considered calling the server implementation “WIZARD”, which is itself a self-referential term for sad virgin men in the *chan-context, but also just shows that the “LLARP” acronym wasn’t accidental.

    None of this is concrete evidence, but certainly too close for comfort to the usual alt-right dog-whistling bullshit (dropping words in innocuous contexts that only others in the community will recognize).

    • fidibus@lemmy.161.socialOP
      link
      fedilink
      arrow-up
      2
      ·
      4 years ago

      I agree that this is pretty thin evidence. It’s worrying though, also what kind of governance do they have? There is a loki CTO, etc. Maybe one day they’ll sell to facebook once enough users are caught in their API and apps?

      Maybe what’s worrying me most is how certain people rush towards everything with cryptocurrency in it.

      Like it’s a pretty bad situation if all service nodes in this network earn money doing it and that’s their incentive instead of them being volunteers. Why wouldn’t someone just offer them a modified service node software which isn’t distinguishable from the outside, but you earn more money while collecting and give away the tunnels that this server builds? This would cost the attacker some money, but they could figure out who sends what in this network if a large number of service nodes do this.

      A network run by enthusiast, non-profits and other groups is way stronger in this regard.

      • Chief36
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        3 years ago

        I agree that this is pretty thin evidence. It’s worrying though, also what kind of governance do they have? There is a loki CTO, etc. Maybe one day they’ll sell to facebook once enough users are caught in their API and apps?

        An open source app run by the community cannot be sold. Nothing in OXEN is API. It’s a volunteer-run network that funds the operators itself. This also helps keep Lokinet and Session free for public use.

        Why wouldn’t someone just offer them a modified service node software which isn’t distinguishable from the outside, but you earn more money while collecting and give away the tunnels that this server builds? This would cost the attacker some money, but they could figure out who sends what in this network if a large number of service nodes do this.

        This is not possible. Existing Service Nodes on the network form “swarms” - groups of 9 Service nodes each and poll each other, checking them for their uptime, performance etc. An incentivized structure helps the operator cover the costs of running a high quality server. Maybe one day we will be able to host it at home with dedicated hardware but that would definitely take time. Hosting it in servers is better. I recommend people not to trust a volunteer run network because computers are not meant to be trusted. Several Tor exits have been caught snooping traffic because that is the only way how they will be able to earn something out of being a part of it. Never trust a computer!

  • fidibus@lemmy.161.socialOP
    link
    fedilink
    arrow-up
    2
    ·
    4 years ago

    this is the guide on how to set up a service node for oxen, which was formerly called lokinet - aka this is the server run by people that does all of this:

    • Receive, store, and forward encrypted Session messages
    • Route Lokinet internet traffic
    • Monitor other service nodes and vote on their performance
    • Are called into quorums which give them authority over Blink transactions
    • Produce new blocks for the network via Pulse PoS
    • (added by me:) earn crypto

    it can’t be run from home, like tor or i2p relay servers.

    This means that all the traffic in this onion routing network will just go through a couple of datacenters instead of “all around the world”. I just believe that it’s easier for the FBI etc. to get access to datacenter machines instead of computers run at home. The upside of this of course is, that their onion routing can reach much faster speeds.

    Also, as of now, their blockchain already uses 15gb of hdd space on each of the service nodes.

    Like I said, the tech is kinda sweet, time will tell if it is a good concept and if it is governed properly.

  • Axaoe
    link
    fedilink
    arrow-up
    2
    ·
    4 years ago

    Maybe someone else can chime in that knows, but Session states the following in their FAQ which reads to me as if the crypto portion of the network isn’t yet merged with the messenger at all levels (yet). I would be curious to hear from someone else with more knowledge, as I liked the idea behind the messenger otherwise.

    If the two (their coin and the messenger) are able to run together but still stay “unlinked” in regards to message content and I don’t have to hear about earning Oxen by using the service I am more inclined to consider it an option.

    The Session team is hard at work fixing bugs and shoring up core messaging functionality, but once the app is working reliably, we’ll be moving on to Lokinet integration to bring voice calling functionality to Session. We’ll keep the community updated on our progress, so be sure to follow our Twitter to stay up to date!

    No, your messages are not stored on a blockchain. Messages are stored by swarms, and are deleted after a fixed amount of time (called the “time-to-live”, or TTL). All of your messages are encrypted, and can only be decrypted using the private key which is stored locally on your device.

    • fidibus@lemmy.161.socialOP
      link
      fedilink
      arrow-up
      4
      ·
      4 years ago

      If the two (their coin and the messenger) are able to run together but still stay “unlinked” in regards to message content and I don’t have to hear about earning Oxen by using the service I am more inclined to consider it an option.

      yeah I agree, but imagine if signals traffic was sent through an onion-routing network which wasn’t run by volunteers but by people trying to earn a cryptocurrency. I might be wrong with my suspicion, but I just prefer such networks to be developed by non-profits and run by volunteers.

      • Axaoe
        link
        fedilink
        arrow-up
        3
        ·
        4 years ago

        That makes sense, I’d rather not have the currency impeed the messenger (regulations, climate impact, etc) if given the choice.

  • Raziel
    link
    fedilink
    arrow-up
    4
    arrow-down
    5
    ·
    4 years ago

    You seems to have a prejudice with crypto, with profit incentives and in general, people that don’t think like you…

    Cryptocurrencies are at this moment being implemented in way to many use cases to name here, for things like preventing your hard earned money to slowly dissapear via inflation and for making transactions basically. Is a tremendous missconception the idea that “speculation” is a bad. Thanks good people speculate all the time, like what youre doing with this post “speculating” or thinking about posible outcomes of a re-implementation of i2p, the acurate your speculation is, higher the chamce of success of the project

    Financial incentives are probably the most powerfull incentives to coordinate people who doesnt know each other and (probably didn’t ever like each other) Is not an odeological position, it just a fact.

    In your favor you do have a point if you are worried about centralization, that was basically what happend to bitcoin though there are ways to prevent that and at the same time have have the powerfulls incentives for people to participate in the network and share their resources, given the fast loosing of privacy online it doesnt look like a good idea ignore solutions on an ideological basis. Probably the best path fordware is woth more iterations, tryal and error, the more projects out there with different and creative approaches, the better. Sooner or later something will stick

    • fidibus@lemmy.161.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      4 years ago

      Financial incentives are probably the most powerfull incentives to coordinate people who doesnt know each other and (probably didn’t ever like each other) Is not an odeological position, it just a fact.

      Given that this is a fact, does it automatically mean that it gives the best outcome?

      I even addressed this in my post, that I think they might succeed an become bigger than tor but not run by a proper non-profit etc.

      I guess as long as the cryptography is good nothing that bad should happen, I and others aren’t forced to use it ^^.

      Maybe we’ll fork it without the coin as incentive for people running the routers…