By inspecting the traffic into and out of a router, a malicious ISP or state-level firewall could identify that a computer is running I2P. As discussed above, I2P is not specifically designed to hide that a computer is running I2P. However, several design decisions made in the design of the transport layer and protocols make it somewhat difficult to identify I2P traffic:
In the near future, we plan to directly address traffic analysis issues by further obfuscation of I2P transport protocols, possibly including:
As for installing on Windows 10, I wrote a detailed, end-to-end guide here, or you can try the experimental all-in-one installer I am working on from here.
> I'm wary about giving my financial information to a service like this.
You don't have to if you pick a provider that accepts bitcoin](/r/bitcoin). [Mullvad is a well-reputed one.
The core concepts of onion/garlic routing used by I2P and TOR are considered robust, but there are some considerations. I2P hasn't had a formal audit so there could be unidentified vulnerabilities users are not aware of. The network is relatively small currently, and security would be improved by having more nodes in the network. There is a technical breakdown of attacks on I2P the developers try to mitigate, and it seems there has been some recent academic interest which is good.
If you are the subject of a targeted attack by actors with high technical capabilities (nation state, ISP, etc) than I2P (or really anything) isn't going to protect you alone. I see the benefit of I2P being that large scale passive data collection is impractical, and any attacks must be targeted and active.
They disabled i2p by default after this security bug.
https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/index.en.html
Adding startup options: https://tails.boum.org/doc/first_steps/startup_options/index.en.html#boot_menu
i made this same mistake too. first you have to actually download the key: https://geti2p.net/_static/i2p-debian-repo.key.asc (right click and choose "save link as")
apt-key add
only tells apt about it, once you download it to your computer
You'll have trouble making I2P connections through tor, as I2P really wants to be able to accept inbound connections (I2P connections build two tunnels, one inbound and one outbound), and proxying through tor will prevent that. While it can still work without it, it will have a big impact on speed.
If you want to use mixed networks, you could consider just running them side by side, rather than one inside the other. A plugin like FoxyProxy can be used to sort *.i2p domains through the I2P proxy and the rest goes through Tor. Though if you do that, you might want to use to try and make your fingerprint as generic as possible, as you probably don't want adversaries to be able to fingerprint you across networks.
Excited you guys are building on I2P, but I looked through the website and I still don't know what diva.exchange actually is.
The site just says it's "Free Banking Technology" and that it provides privacy, but nothing about what it is or does.
What you described in this post should be on the home page of your website.
I want to make sure I understand: You have developed a general purpose blockchain which can be used by developers to build on top of? Could it be used in a BitMessage (pdf) sort of way, or do you envisage a different use-case?
Not at all a noob question actually, this is a matter of some interest. I2P is not included in TAILS by default because of a couple things, some historical some related intrinsically to I2P and and how you use it. Historically, there was a bug which allowed information to leak from the local host to the I2P proxy which broke the anonymity of TAILS users. Currently, it's because there is no maintainer with the time and energy to take it up, and because of a few important decisions which would have to be made if I2P were to start running on TAILS en-masse. For the purposes of I2P as a component of TAILS, it should be considered an "Embedded" application and Embedded applications should <em>design for</em> and <em>encourage</em> long uptimes. This is because I2P is a peer-to-peer network. Not having central authorities means 1. it depends on the ability to discover peers around the world by reseeding and exploring the network, which takes time and is why I2P takes longer to start than Tor usually, and 2. It needs people using the software to participate, to the extent that they can, in routing tunnels for other people which works best if the router is going to be up for a fairly long time. Since TAILS is by it's very nature "Amnesiac, Incognito" it stands to reason that because of these two facts, I2P performance on TAILS will often be limited by the nature of the system. The questions on that embedding page will need to be considered before TAILS could re-adopt I2P.
However, TAILS is largely a Debian spin underneath. You should be able to install it as you would on any other Debian system. Debian instructions are here: https://geti2p.net/en/download/debian
This page describes it pretty well. Short version, there are .b32.i2p addresses which are raw encoded destinations and don't need any name resolution; there's your node's address book, which is trusted above everything else, and there are various "jump"/"addresshelper" services on the network which you can use to bootstrap your addressbook if you trust them. Site owners can submit their site to one or more of their services if they want it to be publicly known.
Perfectly safe to use. Don't do anything silly though like downloading and running files you don't trust.
Safe to use on any operating system.
You can still use your current browsers.
You can still do that just fine. You can either have two different browsers for clearnet and I2P, change your proxy settings whenever you want to change between them or use an extension which does it automatically based on the address. (.i2p or .com). I think FoxyProxy is recommended.
geti2p.net was were i tried to download, the installer is delivered via i2p2.de.I'm not unable to download it anyway, just wanted someone to know as this should not happen for any project, especially a security / anonymity project.
But thanks for the answer.
Why not also Firefox? You can use an extension to use different proxy based on URL pattern (so Tor for .onion and I2P for .i2p sites) such as FoxyProxy, or better you can have different Firefox profiles: firefox -no-remote -ProfileManager
to create and manage profiles (the no-remote option tells it to ignore any running instances, otherwise it would attach to it and ignore command line arguments), there create an I2P dedicated profile with the right proxy settings.
Iirc i2p will be (or already has, I haven't kept up with i2p development in a while) replacing AES with ChaCha20 with the protocol changes detailed in proposal 144 (1). So recompiling i2p to enable AES-NI may not be very beneficial in the first place.
I have heard that i2pd (written in C++ instead of Java) obtains better performance than the regular i2p daemon. Have you tried that version out yet?
Sorry I couldn't be of much help. I wish you best of luck with your endeavors! If you find any good ways to reduce CPU usage yourself please update us!
(1) - https://geti2p.net/spec/proposals/144-ecies-x25519-aead-ratchet
On Windows, Mac, Linux, it's super easy. On rooted Android it's also very easy, but prepping a browser for it is kind of tedious. Stick to the browser profile distributed on the download page for now and you'll be just fine. https://geti2p.net/firefox
The base32 address is the hash of the base64 key, making .b32.i2p addresses self-authenticating just like .onion. However, with jump services, the procedure is trust-on-first use, as in, you get a public key from a jump service and choose whether to trust it in the future. Roughly ssh-like. i2p does onion routing slightly differently with the addition of message bundling(Garlic routing) and uses slightly different encryption primitives. Those differences are best observed from the specification pages.
> haven't used i2p (or even a computer) in almost a year.
Curious, why's that?
>First things first, can you even install i2p by command line on Linux as a sort of service that runs all the time?
i2p is java based, so you should be able to on a Raspberry Pi 2. IIRC, there's no official OpenJDK 8 package for Raspbian, but there is one for ArchLinux.
https://geti2p.net/en/download
If you use Raspbian, a windows manager will be installed, but you'll have to install Mate on ArchLinux. After you do that, from your "real" computer:
ssh -Y
The -Y allows X11 Forwarding. You may have to configure /etc/ssh/sshd_config on the Pi to allow it. I think Raspbian is on by default and Arch is off by default. When you run the java install command, the window will pop up on your "real" computer.
You may have to install and configure rng-tools for entropy:
Clearnet link: https://geti2p.net/en/about/i2pcon/2015
I2P Torrent link: magnet:?xt=urn:btih:5449d9e20c18d411de1f717a4278e1cc5fd754cf&dn=I2PCon+2015+Slides&tr=http://tracker2.postman.i2p/announce.php
Videos should be posted sooner or later.
Last I remember there was a rasberry pi distro with i2p pre-installed, but I do not remember the name, and I do not believe it was maintained.
But personally, I really like using the debian packages provided by kytv (in-network) and meeh (clear-net).
If you do not want to use the packages for whatever reason, the in-network updates make it really easy to just run the router from the normal install.
Get rid of FoxyProxy and use the browser profile. Foxyproxy is complete crap, as evinced by this misconfiguration of what ought to be a simple task, which I have seen dozens of times since I stared on this sub. It has misled you and you should not use it.
When I was having an issue with my ISP whom i suspected of closing my port I started using AirVPN with their port forwarding for i2p for a little. Although IPv6 isnt supported through them, the open port on IPv4 allowed me to connect to the network no problem.
It's a legitimate concern. If you use FoxyProxy to route .i2p requests through the local I2P proxy, you have the same problem. A malicious eepsite could embed a picture from a clearnet domain that he controls and thereby link the supposedly anonymous user to his real IP.
You can mitigate this by using RequestPolicy. You can furthermore protect yourself against script and plugin based deanonymization by using NoScript.
That's great! Your speed partly depends on how well your are integrated into the network and how many seeders a particular torrent has, so don't take the speeds you are getting now as rigid average. It might feel like a pain in the ass if you're coming from clearnet trackers with speeds in the xMB/s range, but if you pick one, you can generally watch it the next day (unless it's a DVDR or 720p/1080p).
There's no need to leave your I2P open in your browser. It will continue in the background if you close your browser. You can also use whatever browser you like to view the console (127.0.0.1:7657), though I'm not familiar with configuring Chrome to access .i2p sites. If Chrome has a plugin similar to FoxyProxy, it can be done. Be aware that without additional security plugins like NoScript or RequestPolicy, you are vulnerable to deanonymization by a malicious .i2p site. But as long as you only do some torrenting, you probably don't have much to worry about.
I'd like to remind you that I2P needs YOUR participation to work. You are encouraged to keep I2P running for as long as you can, but not doing so will not kill the network (as long as others continue to do so; a classic example of the free rider problem. However, you are strongly discouraged from ungracefully shutting down your router. If you click the shutdown button in the sidebar of the router, you will notice that it says "Shutdown in x minutes", with x being about 10 minutes if your router is functioning normally and thus relaying traffic for others. If you do not wait these x minutes, you will break tunnels of I2P users that are using your router and thus interrupt whatever they were doing, which is frustrating. So whatever you do, please try to avoid shutting down your computer without first gracefully shutting down the I2P router.
Good luck and thanks for giving I2P a try! Spread the word :)
Step 1: Load TAILS live cd in VirtualBox
Step 2: Applications->Network->I2P
Step 3: ???
Step 4: profit
Any particular reason you need it in a full blown debian installation?
Go to Firefox and type in the url I linked above. If it opens the i2p console, you don’t need the app thing. If not, click it and run it.
Pihole is at https://pi-hole.net and will probably require a raspberry pi setup. Check the pihole sub here, they can help with that.
I mean, maybe ungoogled-chromium(This seems closest to what you want AFAICT), Waterfox, or Pale Moon, but within the parameters of your inquiry are implicit trade-offs. The process of decreasing the uniqueness of your browser/OS/hardware combination(Anti-Fingerprinting) is, to my knowledge, primarily documented for Firefox-based browsers, and that work is done primarily by way of Tor browser. There are lots of thoughts on this, including everything from "Browsers are have too complex a job to do to reasonably prevent fingerprinting over time, anonymity-aware applications will need a replacement for the 'web' as we know it." to "If you disable Javascript and do this kind of filtering and use this web profile and stay on an ESR you can make sure you're not that different from anyone else using a similar configuration" to "It's pointless, you actually want your session to be identifiable while your using it, it's linkability that's the problem" all of which are more-or-less true from one perspective or another and with shades in between. In your circumstances, probably ungoogled-chromium though.
A magnet search is easy enough to self-host, I can provide you with instructions to self-host a clearnet magnet search engine over I2P in the meantime, but you can probably figure it out from this: https://github.com/boramalper/magnetico which is an easy to self-host DHT search engine.
An I2P magnet search would need to be adapted to the I2P DHT, magnetico looks like it would be easy to adapt to SAMv3.3, and maybe possible with a redsocks/redudp or a transparent proxy of some type.
There are two. The one from i2pd is here: https://github.com/PurpleI2P/i2pdbrowser/releases/tag/1.3.0 It should be able to help you. It's pretty straightforward and tor-browser-like, it just ships a browser config and NoScript with an i2pd router.
There is also one from Java I2P is here: https://geti2p.net/en/download/firefox but you'll be a guinea-pig of a sort. The new version of the Firefox profile comes with a "jpackaged" version of the Java I2P router which it will attempt to start when you launch the browser. The goal of it actually is to create a "beginner" package and help onboard people to I2P. This may conflict with your i2pd router. In my opinion i2pd is an extremely convenient and elegant router to use if you're a sysadmin, and very compelling choice for an embedded I2P router for non JVM languages if you're a developer, and a good way to satisfy dependencies if you're trying to package an app for I2P, but it's shortcomings show when users need to configure client applications.
>at least 4 encrypted unidirectional communication tunnels, each 0-3 hops in length for a message to make a full round trip
2 inbound tunnels of varying length, 1 local, 1 remote.
2 outbound tunnels of varying length, 1 local, 1 remote.
Your logic is not wrong but you are only considering your local tunnels and not the remote tunnels as well.
Your outbound tunnel must find and meet with the remote client's inbound tunnel for you to make a request to that destination and the remote client's outbound tunnel must find meet with your local inbound tunnel for the client to respond back to you.
I wrote instructions for most popular IRC clients here on the website, usually you can just set one up and use it forever. Alternatively, brb has native support for I2P IRC.
Sure, but what is it you need help with? Which guide I send you to, or write and add to the site next, will depend on what you are trying to accomplish. If you just need to get I2P installed on Windows then I wrote this guide to help you through that process, or, if you don't mind being experimented on a little, you could try the experimental all-in-one installer which is intended to make installing I2P easier, but which currently lacks automatic updates.
The public keys of any clients you want to either block or authorize, depending on your configuration. If you look at the last step in this blog post, you'll be able to see an example: https://geti2p.net/en/blog/post/2019/06/15/i2p-i2pd-ssh-config where only one client is allowed to access the server.
https://geti2p.net/en/blog/post/2020/06/07/file-based-reseed there are also f2f reseeds which are file-based. This is the current freestanding reseed application in go: https://i2pgit.org/idk/reseed-tools
What version are you on? I thought we ripped that browser out years ago. If we didn't, it's going to be gone by 0.9.49 so don't get too used to it. It's pretty useless and difficult to secure. You should be on at least version 0.9.47-1, 0.9.48 preferably, and you should probably follow the IceRaven/WebExtension based browser procedure, and not use the WebView. https://geti2p.net/en/about/browser-config#android Android browser configuration sucks, there are a couple recent threads about why, the IceRaven/Extension setup is the best of a bad situation. Non Firefox options are all known-to-be-broken, and mainline Firefox is not viable until Extensions open back up. WebView leaks on unpredictable Androids, Chrome doesn't let you set proxies.
These are different projects. i2pd is only the router which you can use with other software through I2CP interface. I2pd is a daemon (server) that is written in C++ and does not require Java to run. If you are used to your old I2P experience and your system can run Java, you are better off running I2P.
Hi
Thanks for the reply
I saw i2pd flatpak, is this working by default with i2p-browser? Or i'll have to setup some configuration?
I went look at: https://geti2p.net/en/download
Is i2p configured by default to work with i2p-browser? Or i'll have to setup some configuration?
Asking before installing software that i wont be able to use or config
We aren't bundling the router by default yet, look for it in a few months time. In the meantime, you can use the browser by installing the I2P router application as well, from here: https://geti2p.net/en/download.
I'm trying to read the SAM documentation and use the SAM API. For now I encounter one problem is how do I close the created session? seem that documentation no say how to close a created session.
Blinded leasesets are pretty new, documentation is still a little technical. I believe you pass i2cp options to i2pd by putting them into the label of the tunnel in the tunnels.conf file. You can see all the relevant i2cp options here: https://geti2p.net/en/docs/protocol/i2cp. I don't know how to do blinding with i2pd yet, been too busy with java I2P. You might have better luck asking i2pd devs directly. I only ever really see them on IRC and github, that's where I'd look first. In Java I2P it's a radio button about halfway down the tunnel configuration page. It might be a week or so before I get to it, but I'll try and improve how the site is cross-referenced soon and figure out how to configure i2pd blinded leasesets.
You can do this with i2pcontrol. Unfortunately most of the stuff that talks to it is GUI applications, but if you want to script it I do have these bash functions you could use to get started.
Sure. The one I'm referencing is this one by Adrian Crenshaw: http://www.irongeek.com/downloads/Identifying%20the%20true%20IP%20of%20I2P%20service%20hosts.pdf
All other papers can be found here: All papers can be found here: https://geti2p.net/en/papers/
I don't know, but why would you need one? You take your automatically generated *.b32.i2p address and register a "normal" domain name at for example inr.i2p or stats.i2p.
Just like one assigns DNS names to certain IP addresses.
Then you subscribe to the address lists generated by these sites, and presto!, you have your own i2p domain name system.
You can read more about it here: https://geti2p.net/en/docs/naming
Yes, you can do longer — the maximum length of a tunnel is 7. There's no need for inbound and outbound lengths to match, and there's nothing "unsafe" about longer as compared to shorter. I'm not an expert on the topic, but my understanding is that a longer tunnel might provide you some greater degree of anonymity if you think that a fraction of the network is compromised — but there's not really much practical benefit, and 3 does the job of giving every participant reasonable doubt about where in a tunnel they actually stand.
The more you crank the length up, the less bandwidth and the less reliability you're likely to get, so it's probably not a good idea. And keep in mind when figuring tunnel lengths that tunnels sort of "meet in the middle", so a 3-hop outbound tunnel + a 3-hop inbound tunnel = 6 nodes other than the endpoints participating already (as in this).
As for timing attacks, yes, there's probably a certain amount that can be done — i2p doesn't have all of the countermeasures against such attacks that it conceivably could. But I don't follow your scenario. If an attacker already knows the first and last hops of a tunnel they've already de-anonymized it, why do they need a timing attack?
How can I access the web console from my other machines or password protect it?
If you want to administer it remotely over the internet, you'll want to setup port forwarding on your home router. You'll also definitely want to setup SSL for accessing the router, but I don't have a link for that handy.
On ubuntu you can use the ppa supplied by the i2p team https://geti2p.net/en/download/debian#ubuntu
sudo apt-add-repository ppa:i2p-maintainers/i2p sudo apt-get update sudo apt-get install i2p
This will keep you up to date with the latest updates, and is the preferred way to use i2p on ubuntu.
The other commenters have the differences right. But here is more information if you are curious (https://geti2p.net/en/comparison/tor).
Torrenting is not only acceptable, but a necessary part of i2p. It's how the main router updates are distributed! For more information on torrenting, I suggest you check out http://tracker2.postman.i2p .
In the past, I have tried to measure my criticism of FoxyProxy. As of today, I officially wish that FoxyProxy had never freaking existed. It has caused people like you so many unnecessary and potentially hazardous difficulties. This is the browser profile that you should be using with Firefox on Windows 7. It will install shortcut-launchers on your desktop and start menu to use as well as using a hardened, i2p-only Firefox profile entirely separate from your regular Firefox use. It is far and away the easiest, cleanest way to get an i2p Browser up and running that exists right now.
Probably not, but I'm in the same boat. I think you can set wildcards (*) to still connect normally via Firefox. I just turn FoxyProxy on and off (infact, just use Firefox for I2p sites). FoxyProxy also seems to block Router Console too?
Would be interested if anyone knows how to fix this too.
And... it ended working! Thank you everybody for tolerating my lack of knowledge. The remaining obstacle was in FoxyProxy (mis)configuration. I had checked "SOCKS", which apparently prevented.. stuff to happen. I have no idea what it is about, but that's it.
About HTTPS and 4445, I2P FAQ mentions it as useless. Did I understand correctly if I say it is only useful when using outproxies to the "clearnet"?
Have you configured your browser to use i2p?
>#CONFIGURING FOXYPROXY TO REACH EEPSITES (.I2P)
>
> Launch Firefox and go to
> Click “Continue to download” and then “Add to Firefox” to install the FoxyProxy.
> Restart Firefox and click the FoxyProxy logo next to the URL bar.
> Change “Select Mode:” to “Use proxies based on their pre-defined patterns and priorities”
> Click “Add a new proxy”
> On the “General” tab, make sure “Enabled” is checked and enter a fancy name (ie. I2P) in the “Proxy Name” field. Also make sure that “Perform remote DNS lookups on hostnames loading through this proxy” is checked.
> One the “Proxy Details” tab, select “Manual Proxy Configuration” and enter “localhost” in the “Host or IP Address” field and “4444” in the port field.
> On the “URL Patterns” tab, click “Add New Pattern”, make sure “Enabled” is checked and “Whitelist” and “Wildcards” are selected. Pick a fancy Pattern Name (ie. I2P) and in the “URL Pattern” field, enter “.i2p/”
> Click “OK” twice to return to the main FoxyProxy window and Close it if your proxy has been succesfully added and enabled.
> Firefox will now send all .i2p requests through the local proxy. You can now access the eepsites hosted within I2P.
>
>
A little warning when using FoxyProxy: If an i2p page embeds images or other stuff using clearnet URLs FoxyProxy will load them and you anonymity is over (unless you configured it to use tor as a default).
I2P isn't as extensively studied as Tor and with any piece of software you should always be skeptical about how secure it is. As for the FoxyProxy configurations I would set it to send anything like this *.i2p/* though the i2p proxy.
The I2P router in Abscond is out of date, and Orchid's development has stalled at the moment.
The bitcoinj guys have integrated it into their code and updated it a bit, but so far nothing has been pushed back into the Orchid repository.
And the great beauty about this particular guide, is that you don't even need to have Tor enabled at all, just put a different address or port (or both) in the 'Default' field in FoxyProxy. That way it'll only resolve I2P traffic. Also, this is part 1 of a 2 part guide on how to get I2P-Snark up and running and how to use it. It's a good piece of software, you should try it sometime.
I have a cable provider. Per the suggestion below I tried connecting to a new list of websites and can access at least a couple of them so far. So it seems that the issue was FoxyProxy, but I'm pretty sure that I have it configured properly... what are some not-so-apparent issues with that add-on? Can I just use Firefox's network settings or does that pose some kind of security risk?
I did the same configurations now but still it's not working. =/ Did I do something wrong? I just install i2p repository, install i2p, than I just try to configure FoxyProxy. My proxy details are the same with this;
Am I need to do something except this?
Try changing *.i2p to *.i2p*
That works for me, anyway. Hopefully someone here knows more about this than I do, but would this setup allow an eepsite to load resources through a direct connection by simply embedding clearweb resources in the page? I'm not sure if FoxyProxy loads all resources on a page through the same proxy, or if it would load each one individually by the rules laid out for it. If it's the latter, that seems like it would be a problem.
That's because your browser is sending everything going outside your LAN through I2P.
You need to use the Firefox addon FoxyProxy or the proxy software Privoxy and set it to only proxy I2P domains, letting the rest go through the standard Internet connection.
There isn't really a concern with simply using base32 links, they just aren't simple to remember.
You can use I2P and Tor at the same time through the same browser using something like FoxyProxy, which you can setup to route your traffic to I2P or Tor based on URL signature rules. There may be other plugins with better functionality, but that's the one that I use.
Google setup tutorials for i2p/tor using Privoxy.
The title is misleading. FoxyProxy is open source if you use either their basic or standard extensions. And seeing as how the plus extension is ~$20/year, I doubt then is much interest from lone i2p users. Source:
I found this helpful in setting up i2p. It runs you through the setup of the FoxyProxy plugin for Firefox so .i2p websites are automatically sent through your local proxy.
This explains how to set up the FoxyProxy Addon to automatically handle .i2p websites without interfering with normal internet actions.
I've been looking at https://libertyvps.net and https://www.digitalocean.com, it's just hard to find one that has good reviews privacy-wise, with a decent pricing, and that supports VM encryption!
Ah I see what you mean, yeah I also shutdown my laptop after using it, so sometimes is a pain to start everything again
If you want to participate in the network, participate directly or port-forward through a reasonable VPN like Mullvad. If you don't want to appear in the NetDB, use Hidden Mode. Routing participating I2P traffic through Tor is just going to hurt everybody.
Here's a basic tutorial from:
I think you're skipping the step 5.
(As another Bro here commented, this step by step might not be what you really need. Tell us more about what you had already done to make I2P work)
>How to install I2P? I2P Tutorial. >1. The first step is to download and install Java as I2P is written in the Java programming language. It is possible that you already have this on your computer, but if not, then download the latest version and install it. > >2. Next, download the I2P installer. A console window will open. It shows the installation log. > >3. A browser window will open on the I2P Router Console page to let you know that you have connected successfully to the IP2 network. You may initially have to wait a few minutes while the software finds peers and connects tunnels to them. > >I2P Router Console >4. Next, the Router Console will show that you are fully connected. > >5. Then, you now need to configure your browser to connect through I2P. You can do it in any browser, but you should probably go for Firefox or install Tor Browser. In Firefox, you may try a proxy configuration add-on, like FoxyProxy, or proceed with the manual setup: > >Go to Firefox -> Options -> Advanced tab -> Network tab -> Connection Settings >Check the Manual proxy configuration box and enter the following values: HTTP Proxy: 127.0.0.1, Port: 4444. Also add localhost, 127.0.0.1 to the No Proxy for the box. 6. Welcome to the I2P darknet! You may now access the Dark Web and I2P websites that have the .i2p suffix. Enter the address of any eepSite. A good place to start finding interesting eepSites is the search engine. > >A lot more info (including info on configuring firewall ports) is available on the I2P Darknet site
Here's a basic tutorial from:
>How to install I2P? I2P Tutorial. >1. The first step is to download and install Java as I2P is written in the Java programming language. It is possible that you already have this on your computer, but if not, then download the latest version and install it. > >2. Next, download the I2P installer. A console window will open. It shows the installation log. > >3. A browser window will open on the I2P Router Console page to let you know that you have connected successfully to the IP2 network. You may initially have to wait a few minutes while the software finds peers and connects tunnels to them. > >I2P Router Console >4. Next, the Router Console will show that you are fully connected. > >5. Then, you now need to configure your browser to connect through I2P. You can do it in any browser, but you should probably go for Firefox or install Tor Browser. In Firefox, you may try a proxy configuration add-on, like FoxyProxy, or proceed with the manual setup: > >Go to Firefox -> Options -> Advanced tab -> Network tab -> Connection Settings >Check the Manual proxy configuration box and enter the following values: HTTP Proxy: 127.0.0.1, Port: 4444. Also add localhost, 127.0.0.1 to the No Proxy for the box. 6. Welcome to the I2P darknet! You may now access the Dark Web and I2P websites that have the .i2p suffix. Enter the address of any eepSite. A good place to start finding interesting eepSites is the search engine. > >A lot more info (including info on configuring firewall ports) is available on the I2P Darknet site
OK so here's what I've got for you. It's not much.
Do these steps in BiglyBT. Open the Tools
menu, and expand the Plugins
section. Scroll down to the bottom of the plugin section and select the VPN Helper
Plugin. Select <a rel="nofollow" href="https://www.mullvad.net/">Mullvad</a>
Open Mullvad. Click the "Gear" icon that takes you to the settings. Click the Account
menu. Click the Copy
button to copy your account ID.
Return to BiglyBT. Paste the Mullvad account ID into the Mullvad Account ID
field. Save the settings, close and restart BiglyBT.
I don't think i2p is going to be the best solution for you to download torrents, is that the only reason you want it?
You'd be better off just using a VPN for torrents, Riseup VPN is free and has a pretty good privacy policy.
I don't know about Brave extensions, does the name "FoxyProxy" ring a bell? We generally advise against using that for security reasons, but maybe for a quick try it will be fine.
Regarding Safari, yes you can use that if you change the system proxy settings as described above.
Testing errors are usually temporary, just "trying again" usually fixes them.
If you got it from Google Play, f-droid.i2p.io, or the download link on https://geti2p.net then you probably just need to "Long press to stop" and then start it again.
If that doesn't work, disable your Wi-Fi for about 30 seconds, then re-enable it. Then restart I2P.
If that doesn't work, disable your cellular data(airplane mode) and then re-enable your Wi-Fi without enabling your cellular data. Then restart I2P. Once you're connected to I2P, feel free to re-enable your cellular data. If this is the case, file an issue at https://i2pgit.org/i2p-hackers/i2p.android.base.
Some of the modifications are somewhat I2P-Specific, some of the modifications are scaling related. The "NetDB" page is one of the more accessible pages on the website and explains how it works pretty extensively. CTRL-F
and type "kad" on that page to get a tour of the modifications. Highlights:
> A modification to this algorithm is done to increase the costs of Sybil attacks. Instead of the SHA256 hash of the key being looked up of stored, the SHA256 hash is taken of the 32-byte binary search key appended with the UTC date represented as an 8-byte ASCII string yyyyMMdd, i.e. SHA256(key + yyyyMMdd). This is called the "routing key", and it changes every day at midnight UTC. Only the search key is modified in this way, not the floodfill router hashes. The daily transformation of the DHT is sometimes called "keyspace rotation", although it isn't strictly a rotation.
> Node IDs are verifiable in that we use the router hash directly as both the node ID and the Kademlia key. Incorrect responses that are not closer to the search key are generally ignored. Given the current size of the network, a router has detailed knowledge of the neighborhood of the destination ID space.
For more context on these decisions: https://geti2p.net/en/docs/discussions/netdb
It's possible to run a DHT over I2P which is entirely independent of the I2P DHT, like the Bittorrent DHT which runs inside of I2P already. At various times various implementations of Kademlia, Seedless, IPFS mainline, have all been run over I2P before. Differences between the Bittorrent DHT and the I2P Bittorrent DHT are documented here: https://geti2p.net/en/docs/applications/bittorrent but I suppose that probably doesn't meet your particular case.
My advice would be to implement your PUT-authenticated DHT using SAM and bootstrapping within I2P. That way you retain the anonymity properties which I2P is providing to you but also get to customize your own DHT to your use-case.
It sounds like you skipped browser configuration. I2P is a "royal pain in the a*???" because in the past, we've generally required everyone to be responsible for their own app configuration. I've spent much of the past 3 years disagreeing with that approach, which ironically is what the experimental installer deals with. Browser configuration is the primary reason for it's existence and the very first thing that it ever did, before it ever bundled an I2P router. **In fact, if you run it right now, it will configure your I2P browser without touching the one you already have installed*. I expressly designed it to work that way.
If you don't want to risk it, it is experimental after all and ultimately I get it. It's not even signed by the same guy that is signing the IzPack based installer. I've got other options for you. Like this Firefox addon: https://addons.mozilla.org/en-US/firefox/addon/i2p-in-private-browsing/. It's sort of like multi-account containers with per-container proxies, but I was doing multi-account containers with per-container proxies 3 years before Mozilla. When you visit an I2P site with this extension installed, your browser window will change color and launch you into a "Container Tab" which applies the I2P proxy to that tab and that tab only. Other tabs use the default settings. When you close all the I2P tabs, the history, cookies, and localstorage for all those tabs are cleared. It also enables Firefox's privacy features, which may result in you being logged out of sites after you install the extension.
If that's not your cup of tea and you really want to do manual configuration, then there are instructions with screenshots available on: https://geti2p.net/en/about/browser-config.
Here is the link to the git, holding the code to build a containerized reseed server: https://codeberg.org/diva.exchange/i2p-reseed
The container should not face the internet, but be placed behind a reverse proxy (which we do at DIVA).
>I am going to need more info than that. What browser are you using?
DuckDuckGo, Firefox, Tor Project official browser, all of them. I've used countless browsers, and both ProtonVPN and Tor, all with the same result: inability to resolve the domain name. I can't get into the dark web.
Is this KS legit or just bogus? It seems like they're throwing a lot of buzzwords together and trying to jump on the current climate.
>You can test it now, but my VPS subscription ends soon.
​
If you are the only instance on i2p, you might be able to get some funding by users wanting to support alternatives like this. Do you have a LiberaPay account?
It's possible to tell, with a little effort, that a person is running I2P. It is not possible to tell what they are using it for without much, much more effort. Nothing is impenetrable, but we do what we say on the box. It's a real peer-to-peer multihopping, mixing, low-latency overlay network. https://geti2p.net/en/docs/how/threat-model has more detailed info on what we do and do not do.
Maybe give this one a shot and ask again if anything might be unclear. Most people are willed to help, just not if the answers are already written down in am easily accessible way.
I have tried u/Danrobi1 post. :(
Firefox web extension was installed and shows pressing control shift A
but does not show up on Firefox as an extension and thus I'm unable to use it.
Following the guide didn't work either :/ https://geti2p.net/en/about/browser-config
XD will also require a separate installation of the I2P router.
If you don't want to install the software and its dependencies, maybe Docker is the right fit? You can get I2P and Snark set up with few lines without adding any unnecessary software to your system (other than Docker itself).
Here are the instructions
Unfortunately something I2P can't readily and responsibly provide is legal advice for all cases. If you have serious concerns then consulting a lawyer is the responsible thing to do. That said, we've no reason to believe that Belgium has any laws that would strictly prohibit the use of or participation in I2P. If you use I2P to commit a crime in Belgium, of course that is illegal, but I(Am not a lawyer, but...) I don't think I2P itself is. There are some places where we know I2P(or I2P like activity, i.e. participating in routing anonymous traffic) is legally risky but Belgium is not one of them. https://geti2p.net/en/about/restrictive-countries
I'm not aware of ProtonVPN having any support for routing I2P requests, but they will route Tor requests for you so it's not out of the question. If they do, the right place to ask about it would be on r/ProtonVPN. I'm not a ProtonVPN user and I'm not willing to become one to figure it out right now, but I know someone who is and I'll ask them as soon as they leave work.
A few points (even though we're getting off track as none of this has anything to do with i2p):
The fact that you're open source is great but not really relevant - nearly every shitcoin project is also open source. You don't have to be closed source to be a scam.
So.. your project aims to be a way to swap between cryptocurrencies with no central authority? Is it different from https://bisq.network/ in any major way? How does your sidechain reach consensus without its own token? Does it have special "validator" authority nodes? Who choses them?
The I2P network really isn't set up so much to access clearnet sites. It's more for internal eepsites.
If you want to access clearnet sites anonymously, you'd be better off using Tor.
With three hops, it's definitely noticeable. Like 1-2 seconds, but it's usable and I generally use it to run one or two commands at a time. Reducing the hop count makes it pretty much similar to normal ssh, then I do destination whitelists for authorized devices(with the normal ssh key auth. I'm working on a way to do PAM based 2fa for adding ssh keys next, but sending the auth codes to a device over i2p. I just do this for fun because I think it's neat). I've been trying to figure out how to make mosh work and I'm going to try increasing the hops again. Back when I started doing it I did the ssh-over-tox for the practical paranoid which was about like one hop. ssh-over-tor to a hidden service just feels marginally faster than 3 hops over i2p, but I don't know for sure that it was and it doesn't have i2p's ability to whitelist by destination. But reducing the hops was a big deal.
Thanks for responding!
Thanks!
I was doing some research about how you can mirror Whonix configuration. Like all I2P traffic tunneled through Tor. Is that possible? Maybe making the whole machine go through Tor and than the usual i2p? whonix i2p tunneled through tor
Consult this page too https://www.whonix.org/wiki/Next#I2P
The tunnel length in the wiki is set to 0, I recommend changing it to 1 otherwise you will keep getting website unreachable errors. The wiki should be updated. I think Tunnel length 0 is a bad idea because not many tor exits have a full port exit policy.
I also recommend reducing i2np.ntcp.maxConnections=20 to 15.
Just checked the Tails documentation, looks like they do in fact connect to the i2p network directly <https://tails.boum.org/contribute/design/I2P/#index4h1>.
> For better performance an exception has been made in the firewall configuration that grants direct access to the network for the I2P user running the client so it can reach the I2P network directly, both through TCP and UDP. I2P is explicitly blocked from communicating with the LAN.
edit:
the docs seems to address your other question :)
I think Tails is a stand-alone project. According the its project page, it is a live distribution based on Debian (which is why its version of Firefox is called iceweasel) which is configured to force all network traffic through tor. I don't know who founded it, though.
If you're on windows, we already have a Firefox profile that is preconfigured for I2P. You can get it from the I2P Firefox page
If you're not on windows, u/alreadyburnt has been doing some work on getting that profile available on debian and docker. They can tell you more.
Yeah you're going to want to use the project's own deb archives, you're like... 12 versions behind, going on 13 because it's release week. https://geti2p.net/en/download/debian#debian has instructions that should help you.
Start by switching to the Project-Run PPA: Instructions here to get the latest version. Then when you get it installed, go to /var/lib/i2p/i2p-config/router.config
and explicitly set the browser, or use sudo update-alternatives --config x-www-browser
to change your default browser back to Firefox, or follow the .deb
instructions in i2p.firefox to make yourself a freestanding browser profile and some shortcuts.
Not really, the way I do it is with IceRaven and the Android port of the WebExtension I wrote. IceRaven is a Firefox fork with Extension support on Android. This is the repository, downloads are on the releases page https://github.com/fork-maintainers/iceraven-browser, and the I2P extension is in the add-ons menu. More details here https://geti2p.net/en/about/browser-config#android
I'm not totally sure but I know how to help you check what's going on.
What's probably happening is that the DHT you're seeing in that tab is the regular Bittorrent DHT, which can only discover peers on the Visible internet. Moreover, it publishes your IP address in the visible internet Bittorrent DHT. Instead, you will be using the I2P Bittorrent DHT, through the I2P BiglyBT plugin. If you go to the menubar and open the "View" menu, you should be able to turn on the "I2P Helper" view. You can then see the I2P and Mix DHT stats. This is our "Differences from Regular Bittorrent" section if you want to learn more.
https://geti2p.net is the official site. There are a handful of exact mirrors of that site, and a handful of un-official sites as well, but https://geti2p.net is the official site. This is the site I have checkin rights on. I actually wrote both those answers on the FAQ page.
I think what you're misunderstanding here is the concept of an "Overlay Network" which is a sort of "Network within a network." Overlay networks can have a variety of properties, but one thing they all have in common is that the build a network using software running on internet-connected computers. This allows them to have properties, like anonymous multihopping and onion-routing, that the Internet does not natively support. I2P uses it's overlay network to build its own routing tables, it's own addressing scheme, it's own DNS system, and other very fundamental components of the internet, making it the overlay network that is currently the most similar to the global internet. By using these techniques, I2P is able to hide the nature of what a person is doing on the overlay network even though the overlay network uses the non-anonymous internet(The one where IP addresses are relevant) to use build the supporting connections.
I'd rather do it in a public thread that way we can re-use the answers more easily, especially since I don't have a Windows 7 machine to hand which I could use work through the install. Screenshots will probably help. Explain to me what you've done so far, and I can probably help you. I'll try and dig up a Windows 7 disk to put it in a Qube so I can work with you on it.
I wrote the Windows 10 guide here: https://github.com/eyedeekay/Install-Java-And-I2P-on-Windows and here: https://geti2p.net/en/download/windows which should be able to help with the Windows installation process, and I know that the NSIS stuff in the Firefox Profile installer will work on Windows 7.
Hmm. FreeBSD would indeed be more difficult than Windows, because you would probably need to compile it from source to make it work. Running a reseed server would be easiest on a GNU/Linux or OSX system, but I can make the Go reseed server automatically support Windows this week.
If you are having Win32 specific issues, then I'll need to set up a Win32 machine to work with you on. I only have Win64 available to me at this time. However, if your issues are not Win32 specific, then the operation of the Win64 and Win32 clients should be identical.
Describe for me, what you did when you installed I2P for Windows. Also, did you read this guide: https://geti2p.net/en/download/windows before/during the time when you installed I2P?
Are you normally a Windows user? I wrote a detailed install guide a few months ago. It is still a little elaborate, eliminating the Java dependency would help, but following those steps should give with a working I2P setup. I'd be happy to get some feedback on it, if it helps, what could be improved, etc, here's the git repo.