Meet Jeff Becker and his creation: git.psi.i2p. Lots of people seek anonymity these days, for various reasons, may it be because of abusive governments, because of a personal preference, or because they are in the middle of not-so-legal operations.
For these type of people Tor, and most recently I2P, have been some of their best friends. But while Tor has been the core technology powering the Dark Web, the Dark Web will only be useful as long as there are services that fully take advantage of its features and work directly on its core infrastructure, instead of having users access mainstream Internet sites via the Tor Browser.
One such service is git.psi.i2p (Tor link, I2P link), a so-called GitHub clone, running on Gogs, a Go-based system for hosting and managing Git repositories online.
git.psi.i2p is not your regular GitHub clone
The difference between git.psi.i2p and GitHub is that git.psi.i2p runs on the Tor network and is completely isolated from the rest of the Web, providing 100% anonymity.
Softpedia decided to get in contact with Jeff Becker, the service’s creator and ask him the most basic question. Why?
“I created the service to see if the software it ran on worked, I decided that since it worked, I would keep it as a service to those who wanted to use it,” said Mr. Becker referring to his mix of Tor and I2P for git.psi.i2p’s underlying infrastructure.
The service is still in its infancy, being launched almost two weeks ago, catering to around 30-40 users and hosting only 23 code repositories, 14 of which belong to Mr. Becker.
For a service that lives on the Dark Web only, and has spent a few days of the last week in maintenance mode, that’s pretty good. But we all know how quickly server space and bandwidth can go up, especially for a service that tries to mimic GitHub. We asked Mr. Becker about how serious he is about making this into a business, or if the site is a test that might go offline any day now for good.
“I don’t have any intentions of shutting it down quite yet, it’ll exist for as long as people use it. Right now I pay out of my pocket, but if it gets really expensive, I’ll probably get the donation tin out and beg for Bitcoins, if it ever gets to that point.”
The place for controversial code
But git.psi.i2p is already looking like a handy tool, especially for a certain class of developers that regularly have a problem storing code on GitHub. Include here controversial applications that are usually the target of piracy-related or political scandals.
Just this summer, GitHub suffered DDoS attacks because of two applications hosted on the service, applications that allowed Chinese Internet users to evade China’s infamous firewall. The developers of those applications would have never been tracked down by Chinese police if they used git.psi.i2p.
Of course, with anonymity, there’s also the danger of git.psi.i2p becoming a place for malware developers and infamous, non-standard, and many times illegal adult materials unique to the Dark Web.
Not your regular Dark Web site either
“I have a ‘no porn of any kind’ rule to try to keep the place a bit more professional,” said Mr. Becker to Softpedia, “also, anything blatantly illegal like using the Git repo as a botnet C&C is not allowed.”
“Malware source code is fine given that my site isn’t used to directly infect [users]. I’ll allow source code, but I disagree with the content highly,” Mr. Becker added.
“Malware is fine for proof of concept, educational or research purposes but most of the time it easily escalates beyond that. A lot of malware authors either don’t realize or don’t care that governments can use their malware too.”
Mr. Becker is obviously no Ross Ulbricht, being more interested in keeping anonymity for anonymity’s sake, not because he has something to hide.
“Issues of that nature are only a matter of time for any site,” says Mr. Becker. “In my experience, anonymity networks play almost no role in that kind of activity. Contrary to popular belief, anonymity networks make it safer for regular users than making it ‘easier” for ‘bad’ users.”
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.