Lokinet is a onion-router (like tor, i2p) implementation of the LLARP protocol which tries to be a modern re-implementation of i2p. Session is a private messenger (like Signal) built using lokinet to hide metadata. If I understand correctly they have a cryptocurrency called oxen, which is earned or mined by providing servers to the loki network and oxen blockchain.

Imo they have these arguments on their side:

  • i2p is really slow and if re-implementing yields the results they claim it would be awesome
  • building a private messenger on top of onion-routing seems like a very good idea, since metadata is the new surveillance while it doesn’t generate massive amounts of traffic per user

What I worry about:

  • I don’t like cryptocurrencies in general, they haven’t yet proven that they can be used as anything but be used to speculate.
  • if people who are supposed to be the backbone of the onion-routing service are paid to do this I worry that in some (maybe new and still unknown) way this will weaken the network in comparison to a network run by volunteers and users (like tor and i2p). Maybe this will favor larger servers so all of the onion-routing is done in “the cloud” and none from home which in result is easier to surveil.
  • a talk at the yearly chaos computer congress about the alt-rights online behavior titled “Let’s play Infokrieg” (the talk is in German, but I linked the version with english live translation) talks about lokinet and how the developer advertised it on 8chan. This is all the connection they mention though and it’s pretty thin Imo.
  • in general I believe that cryptocurrencies don’t draw a very good crowd, also
  • I haven’t seen any reputable source advertise any of this. Not Lokinet, not session messenger, of course not their crypto coin…

Conclusion:

All of this isn’t a big problem, if they stay a small project. But them having the fastest onion-router, elon musk maybe tweeting about them and people flocking to them to “invest” might have the project gain momentum and them being the new tor or even bigger, applications built on top of it being a threat to signal etc.

I think some of their tech is very cool, a fast and modern onion-router could be very important for future secure web applications, but it’s troublesome

  • it’s in the hands of people nobody knows
  • motivated by financial gain
  • coupled with cryptocurrency

What are your thoughts on this? I am really interested to hear, how we should tackle this in your opinion.

  • Ephera
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    4 years ago

    a talk at the yearly chaos computer congress about the alt-rights online behavior titled “Let’s play Infokrieg” (the talk is in German, but I linked the version with english live translation) talks about lokinet and how the developer advertised it on 8chan. This is all the connection they mention though and it’s pretty thin Imo.

    This is easy to miss in the talk, but he also hints at the fact that the protocol is called “LLARP”, which is probably a reference to “LARP” – “Live-Action Role-Playing”.

    Which may also be something entirely innocuous, like people role-playing life in the Middle Ages, but especially on 8chan may also refer to role-playing as Nazis, or role-playing a first-person shooter with an actual gun in an actual mosque. (The Christchurch terrorist made his announcement on 8chan and was very much celebrated there for his high kill score.)

    Under the Lokinet initiator’s announcement on 8chan, someone pointed out that “LLARP” is a funny name for that, to which the Lokinet initiator replied that they considered calling the server implementation “WIZARD”, which is itself a self-referential term for sad virgin men in the *chan-context, but also just shows that the “LLARP” acronym wasn’t accidental.

    None of this is concrete evidence, but certainly too close for comfort to the usual alt-right dog-whistling bullshit (dropping words in innocuous contexts that only others in the community will recognize).

    • fidibus@lemmy.161.socialOP
      link
      fedilink
      arrow-up
      2
      ·
      4 years ago

      I agree that this is pretty thin evidence. It’s worrying though, also what kind of governance do they have? There is a loki CTO, etc. Maybe one day they’ll sell to facebook once enough users are caught in their API and apps?

      Maybe what’s worrying me most is how certain people rush towards everything with cryptocurrency in it.

      Like it’s a pretty bad situation if all service nodes in this network earn money doing it and that’s their incentive instead of them being volunteers. Why wouldn’t someone just offer them a modified service node software which isn’t distinguishable from the outside, but you earn more money while collecting and give away the tunnels that this server builds? This would cost the attacker some money, but they could figure out who sends what in this network if a large number of service nodes do this.

      A network run by enthusiast, non-profits and other groups is way stronger in this regard.

      • Chief36
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        3 years ago

        I agree that this is pretty thin evidence. It’s worrying though, also what kind of governance do they have? There is a loki CTO, etc. Maybe one day they’ll sell to facebook once enough users are caught in their API and apps?

        An open source app run by the community cannot be sold. Nothing in OXEN is API. It’s a volunteer-run network that funds the operators itself. This also helps keep Lokinet and Session free for public use.

        Why wouldn’t someone just offer them a modified service node software which isn’t distinguishable from the outside, but you earn more money while collecting and give away the tunnels that this server builds? This would cost the attacker some money, but they could figure out who sends what in this network if a large number of service nodes do this.

        This is not possible. Existing Service Nodes on the network form “swarms” - groups of 9 Service nodes each and poll each other, checking them for their uptime, performance etc. An incentivized structure helps the operator cover the costs of running a high quality server. Maybe one day we will be able to host it at home with dedicated hardware but that would definitely take time. Hosting it in servers is better. I recommend people not to trust a volunteer run network because computers are not meant to be trusted. Several Tor exits have been caught snooping traffic because that is the only way how they will be able to earn something out of being a part of it. Never trust a computer!