The Ministry of Communication and Information Technology of Nepal has issued an order requiring all social media platforms to be registered in Nepal.
Based on this, the Nepal Telecommunications Authority (NTA) has instructed all network service providers to deactivate 26 platforms, including Signal, Facebook, Instagram, WhatsApp, YouTube, and others.
To lift the ban and operate legally in Nepal, each platform must:
-
Register with the Ministry of Communication and Information Technology.
-
Appoint in Nepal:
- A Point of Contact
- A Resident Grievance Handling Officer
- An Officer responsible for monitoring compliance with self-regulation [1]
-
Submit an application in the prescribed format along with required documents, as per the Directives on Managing the Use of Social Media Networks (2080 B.S.). [2]
Reference:
[2] Directives for Managing the Use of Social Networks, 2023
For those people calling for the use of Tor, it’s trivial to block Tor and I2P at the ISP level. It’s not hard to get lists of relays and just add them to the block list.
You can use shadow socks, but you have to be careful.
We are globally heading into very privacy adverse waters. If they start making ISPs block VPN and piracy suspected sites, we might have to come up with something new to communicate in the open.
We’re going to need something that looks like accountably legitimate traffic on the surface, but contains our actual content underneath.
Tor easy to block yes ,i2p much more harder like really harder, in Russian tor blocked ,vpns blocked by DPI system ,but still it possible to bypass it with something like byedpi. But i2p working much harder then just tor or usual http
While i2p’s node DB isn’t exactly in the clear. There’s not so many of us that you can’t getting pretty good picture of where it’s running.
China’s already doing a really good job at blocking it. The protocol is secure in that you can’t tell what anybody is doing on it. And the node DB is only somewhat accessible. But that’s nothing a little coordinated espionage won’t suss out.
Every ISP throws out a couple of honeypots. You don’t allow nodes to stay connected to it for long so everybody keeps refreshing it. They’re thinking it’s a DDOS. It’s distributed fingerprinting.
You throw up a node, record its regular traffic, start up I2P and see who it connects to. F with your netem so they connect, but eventually discard that connection because it’s unstable. You get to cycle through a bunch of connections that way. Everybody who sends more than a SQL injection script to it is running I2P. You occasionally dump people off of it. New people try to connect. You dump them off of it. You create a list. That particular list isn’t worth much, the spread factor is kind of low on the protocol. But you share your IPs with everyone else that’s running honeypots. Or you just throw out a lot of honey pots in a lot of places if you’re a state actor. Everybody that hits the list gets logged.
We’re heading towards some dystopian shit now. If ISPs get to the point where they’re allowed to kick you off for suspicion of shady things, the protocol is baked.
It’s nearly impossible to identify the traffic. It’s fairly impossible to identify the origin or the destination of things from inside the network. It’s difficult to block individual connections from happening you’re real time. But, if they manage to make unidentified traffic illegal, it’s not that hard to detect that I-2p is happening and kick people off wholesale. Once the list is shared, they could just black-ball the IPs on every ISP for any connection.
The real problem is, I’m having a really hard time finding some protocol or method that wouldn’t fall to this. You could easily hide some really low bandwidth stuff stego style in audio or video streaming from person to person, like say, forum traffic, but if you wanted to stop people from moving music and videos back and forth, I don’t know that you could hide that traffic through any means.
The I2P netDB isn’t a single dumpable list like you’re suggesting. It’s a Kademlia DHT stored across rotating floodfill routers. Floodfills aren’t static — routers get promoted/demoted based on bandwidth, uptime, and capacity — so the view of the network is constantly shifting. A normal router only ever queries small slices of that DHT, meaning you never get the “whole picture” from one vantage point. That’s a deliberate design choice to make enumeration hard. On the traffic side, I2P isn’t just onion-style routing. It uses garlic routing, where multiple encrypted “cloves” (messages) are bundled together into one garlic message. This kills the simple “one in → one out” traffic correlation trick. Add to that the transports: NTCP2 is indistinguishable from normal TLS over TCP, and SSU2 is UDP with full encryption, padding, and replay protection. From a DPI standpoint, it looks like generic encrypted noise — there’s no clean handshake to match on like with old Tor circuits. As for blocking, I2P is decentralized. There are no directory authorities to censor, no fixed bridges to burn. Floodfills are chosen dynamically and constantly refreshed, and peers discover new ones automatically. The bigger the network gets, the harder it is to enumerate and blacklist enough routers to make a dent. Censors can try whack-a-mole, but the distribution effect scales against them: more peers in more ASNs across more countries means higher cost to block. So yes, you can suspect I2P traffic if you really try, but fingerprinting and wholesale blocking don’t scale — the protocol was designed specifically to make both correlation and censorship exponentially harder as adoption grows Details: https://www.youtube.com/watch?v=95hSAMEwrlM
I am well aware of the design and structure, you mentioned I said some things there that I clearly didn’t say.
If I2P is outlawed, and there’s a strong possibility we’ll see that in our lives, and ISP’s are told if they let unchecked traffic through they’re responsible for legal ramifications. They’ll run enough nodes in enough places and terminate enough end user accounts (at the very least in the US) to make people not want to run it.
I don’t care if you can’t DPI it. If it’s on their network, and they start running peers, they will be able to root people out, not everyone, but they don’t need everyone. If the ISP’s share their data with each other, making that map isn’t all that hard.
The floodfills can be secure and ephemeral AF, but P2P traffic, even packaged through garlic still passes through points that can be seen.
The whole design is supersmart, and from a legal stand point it’s solid. But when we lose protections of beyond a reasonable doubt become stripped, they’ll tear that network apart user by user until no one wants to chance running it.
Use bridges? I don’t think it would be possible to block WebTunnel for example.
The authorities run their own web tunnel. The people that connect to it go on a naughty list. Everything it connects to goes on a naughty list.
Wash, rinse, and repeat that in a geodiverse style. Share your IP list with everyone else charged with finding web tunnel. wholesale block all traffic from any node participating. Start with a one day band, move to a one week ban, kick them off the network after that.