The Exodus Intelligence has found a serious flaw in I2P network layer that can de-anonymise people, which is against the prime feature of the privacy focused Tails-Linux Distribution.
I2P is an anonymous overlay network – a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs.
Tails (The Amnesic Incognito Live System) is a Linux distribution that’s designed to run from a DVD, SD card or USB stick, with all outgoing connections going through the Tor anonymizing network. It comes heavily recommended by Edward Snowden and the Tor folks, who created it. I2P (the Invisible Internet Project), which is available for other platforms too, is an anonymizing layer that can be used by applications for secure communications — within Tails it acts as an alternative to Tor, suitable for certain use-cases.
The exploit is a cross-site scripting attack that can effectively de-anonymize the user. This is obviously serious given the purpose of I2P, but again, I2P isn’t turned on by default (because of zero-day fears).
Users are strongly advised to upgrade to the version 1.1 of Tails (that came out on Tuesday), due to “several security holes” in the preceding version.
