By inspecting the traffic into and out of a router, a malicious ISP or state-level firewall could identify that a computer is running I2P. As discussed above, I2P is not specifically designed to hide that a computer is running I2P. However, several design decisions made in the design of the transport layer and protocols make it somewhat difficult to identify I2P traffic:
In the near future, we plan to directly address traffic analysis issues by further obfuscation of I2P transport protocols, possibly including:
Why not just use the already-existing anonymous BitTorrent that's integrated into I2P? I2P is like Tor but is almost completely decentralized and self-scaling, and has numerous features that Tor does not (support for UDP traffic, customizable and more obfuscated tunnels, integrated anonymous email and secure messaging with I2P-Bote, a highly resilient distributed data store with the Tahoe-LAFS plugin, and more).
Sure.
tl;dr: Tor is more centralized and designed to visit regular Internet websites anonymously, while I2P is fully distributed/self-organized and designed for P2P apps/hidden services.
Y'a pas vraiment de différence. Le deepweb c'est tout ce qui n'est pas accessible par les robots des moteurs de recherche classiques. Donc un subreddit privé par exemple fait techniquement partie du deepweb, de même que tes messages Facebook.
Après tu as le darknet, qui est le réseau Internet auquel les navigateurs classiques n'ont pas accès, c'est une sorte de web séparé du net normal. Tu peux utiliser le navigateur Tor pour accéder au darknet, ce sont des adresses qui se terminent en .onion. Il y a aussi i2p dans le même style, mais je m'en suis jamais servi.
A noter que comme Tor est un navigateur, tu peux aussi bien accéder au net normal qu'au darknet avec.
Le truc c'est que le deepweb et le darknet sont fantasmés comme des trucs horribles et trash alors que non. Plein de sites normaux sont sur le darknet, comme Wikileaks, pour protéger leurs utilisateurs. Et tu as plein de sites horribles sur le web normal, rien que sur Reddit il y a plein de subreddits immondes.
Monero is currently the only truly anonymous and fungible cryptocurrency out there.
It has two important things missing (being worked on) to complete the feature set.
Ring-Multisig. (online marketplaces would benefit from this) https://monero.stackexchange.com/questions/1686/eli5-how-is-multisig-going-to-work-in-monero
Kovri. (integrates i2p anonymous overlay network into Monero) https://monero.stackexchange.com/questions/2617/i2p-kovri-fundamentals-in-monero https://geti2p.net/en/docs/how/tech-intro
Thankfully there are tools journalists, and private citizens, can use to get around this.
I2P is a popular suite of tools that will let you browse its own darknet of eepsites without detection, send both synchronous and asynchronous encrypted messages to others without the need for any servers and even share files in a torrent-like manner with I2P-Snark.
I've written a quick and dirty guide on how you can install I2P and use Snark, if there is any further interest I can write further sections on how to use those other features.
I'll just leave this here...
https://geti2p.net/en/
Built in torrent client, anonymised and encrypted. I've been using it for a year or so now and love it. The more people who use it the better it'll get... hence the shameless plug. ;)
Yes absolutely. If you're not too concerned about anonymity, you can even configure it for short tunnels so that your connections are as fast as possible. This is a 100% valid use case, I personally do it all the time. I don't know very much about C# specifically, but there is a SAMv3.0 compliant library for .Net languages available here: https://github.com/SamuelFisher/i2pdotnet, you may be able to use it or at least it should be a functioning example of how to set up your connections in C#. The API which non-Java applications mostly use is called SAM, the Simple Anonymous Messaging bridge, and the specification is here: https://geti2p.net/en/docs/api/samv3, I also wrote a blog post on setting up a SAM library: https://geti2p.net/en/blog/post/2019/06/23/sam-library-basics. Once you've done it once, it's actually quite simple and should be very similar to the kinds of network programming you're used to doing, except key-addressed.
Read the design documents of Tor, I2P, Phantom, etc...
https://www.torproject.org/docs/documentation.html.en
https://code.google.com/archive/p/phantom/wikis/MainPage.wiki
Torrents work just the same way as regular, there are trackers and DHT options to discover peers.
What makes it anonymous -- instead of IP address I2P network gives user a virtual destination which cannot be linked with real IP address. Such way neither clients, nor torrent trackers can be trivially identified/taken down.
You may also want to read docs to understand how it really works.
tl;dr it is a lot of cryptography and traffic mixes between relay nodes all around the world.
These guys did an awesome job with the bittorrent protocol, but all their software after that has been closed source. I bet Project Maelstorm will be closed as well. They are already hinting it with this closed beta.
I'd rather bet on something like I2P (https://geti2p.net). You can host a piratebay-like server there and be totally immune to governmental abuse.
As for installing on Windows 10, I wrote a detailed, end-to-end guide here, or you can try the experimental all-in-one installer I am working on from here.
>LN on XMR makes it (much) less private.
Not entirely.
A slight change in the routing protocol can make Monero have the privacy equivalence of I2P with garlic routing.
Learn more about garlic routing here: https://geti2p.net/br/docs/how/garlic-routing
The core concepts of onion/garlic routing used by I2P and TOR are considered robust, but there are some considerations. I2P hasn't had a formal audit so there could be unidentified vulnerabilities users are not aware of. The network is relatively small currently, and security would be improved by having more nodes in the network. There is a technical breakdown of attacks on I2P the developers try to mitigate, and it seems there has been some recent academic interest which is good.
If you are the subject of a targeted attack by actors with high technical capabilities (nation state, ISP, etc) than I2P (or really anything) isn't going to protect you alone. I see the benefit of I2P being that large scale passive data collection is impractical, and any attacks must be targeted and active.
A sufficient (better) infrastructure already exists! All it requires is enough users running and using i2p and posting on the postman and other trackers on i2p... https://geti2p.net https://geti2p.net/en/docs/applications/supported
The concept is completely fine. In fact, it's so fine that it's been done elsewhere and has functioned for years now. Of course, I2P is probably just as fucked in many areas. But the seemingly-common view that the future of anonymous file sharing is resting solely on the ability of Tribler's developers to fix stupid bullshit tells me exactly why that bullshit ended up in the final product: well-meaning people have been throwing resources at it without doing much research.
They're not necessarily better or worse from each other. It depends, however, what you use them for.
In general, Tor is primarily made for and is being used for regular web (Facebook, Google...), and it is best suited for that, but it's being used a lot for Darknet and Deep Web also.
I2P, on the other hand, is primarily made for and is being used for Darknet and Deep Web, but it's being used for regular web also (not as nearly as Tor though).
Of course, there's so much more to all of this, but this is just in general.
Here's some short comparison:
I2P is actually built with P2P in mind, bittorrent is even mentioned in their intro
https://geti2p.net/en/about/intro
Obviously just referring to I2P. And it's only really anonymous if the torrents stay within the I2P network.
OTOH Tor was never designed for this sort of thing & should not be used for torrents. So it's not all of those networks, just certain ones.
The Dark Web exists. The Shadow Web does not.
The Dark Web can be accessed via the Dark Net with applications like Tor (https://www.torproject.org) or I2P (https://geti2p.net).
The Shadow Web is just something people have made up in Creepy Pastas, then made some fake .onion sites to try and perpetuate the myth. It seems to mostly revolve around the myth of Red Rooms, that you can pay Bitcoin to get access to the Shadow Web so you can watch Red Rooms.
The Shadow Web does not exist in the context you're asking.
If you want more information about Tor the protocol, or the Tor Browser Bundle, you can ask in /r/TOR.
I hope that helps.
There are a lot of differences, a few being: I2P is packet switched, as opposed to circuit switched like Tor; I2Ps directory servers are untrusted and changing as opposed to Tors method of using central servers to manage the network. I2P was designed for hidden services, as a result they're much faster than Tor hidden services but I2P can't access clearnet like Tor can with its exit nodes. Some of this functionality has been replaced by outproxies, but they're mostly run as a public service and the network isn't designed for them.
There are a lot of differences in what are seemingly similar protocols. You can find more info here, it's pretty interesting. There's an interview with I2P developers where they discuss so called Garlic routing here that's worth a listen.
Saying I2P is more secure than Tor is probably somewhat exaggerated. I2P's official Tor-comparison notes that Tor has several advantages, whilst I2P has others. Tor has formally been peer reviewed in a sense that I2P hasn't. I2P has potential to be more secure under certain circumstances, but it's not generally more secure.
That being said, best of luck with I2Pberry!
i made this same mistake too. first you have to actually download the key: https://geti2p.net/_static/i2p-debian-repo.key.asc (right click and choose "save link as")
apt-key add
only tells apt about it, once you download it to your computer
> 3) I assume EC 25519 is also an option? EC 25519 DH?
I took a look at the cryptographic section of your technical introduction, specifically the section on ElGamal/AES+SessionTags.
An alternative to that construction is the <code>crypto_box</code> primitive avalaible in NaCl, an implementation of which is available in Java (via the JNI). This is a construction of curve25519(DH)+xsalsa20(symmcrypto)+poly1305(authentication), which encrypts messages from a source curve25519 keypair to a destination curve25519 public key and requires a unique, random, non-repeating nonce per message.
A summary of how it works: A shared encryption key is created by a DH exchange on the curve25519 keys. This key is then fed together with the nonce into the XSalsa20+Poly1305 encryption scheme to encrypt and authenticate the message.
Note that the shared encryption key is constant for a given pair of source and destination, hence why a non-repeating nonce is required.
Note that using this construction would mean AES would no longer be required, you could just crypto_box
your message directly instead of crypto_box
ing an AES encryption key. This implementation decision is of course up to you.
If signatures are required: Curve25519 keys can also be converted to Ed25519 keys, which can then be used for signing with the crypto_sign
primitive. It may be easier to have separate signing and DH keys, however.
Not at all a noob question actually, this is a matter of some interest. I2P is not included in TAILS by default because of a couple things, some historical some related intrinsically to I2P and and how you use it. Historically, there was a bug which allowed information to leak from the local host to the I2P proxy which broke the anonymity of TAILS users. Currently, it's because there is no maintainer with the time and energy to take it up, and because of a few important decisions which would have to be made if I2P were to start running on TAILS en-masse. For the purposes of I2P as a component of TAILS, it should be considered an "Embedded" application and Embedded applications should <em>design for</em> and <em>encourage</em> long uptimes. This is because I2P is a peer-to-peer network. Not having central authorities means 1. it depends on the ability to discover peers around the world by reseeding and exploring the network, which takes time and is why I2P takes longer to start than Tor usually, and 2. It needs people using the software to participate, to the extent that they can, in routing tunnels for other people which works best if the router is going to be up for a fairly long time. Since TAILS is by it's very nature "Amnesiac, Incognito" it stands to reason that because of these two facts, I2P performance on TAILS will often be limited by the nature of the system. The questions on that embedding page will need to be considered before TAILS could re-adopt I2P.
However, TAILS is largely a Debian spin underneath. You should be able to install it as you would on any other Debian system. Debian instructions are here: https://geti2p.net/en/download/debian
This page describes it pretty well. Short version, there are .b32.i2p addresses which are raw encoded destinations and don't need any name resolution; there's your node's address book, which is trusted above everything else, and there are various "jump"/"addresshelper" services on the network which you can use to bootstrap your addressbook if you trust them. Site owners can submit their site to one or more of their services if they want it to be publicly known.
It's a bit like Tor, but it's designed explicitly for hidden services instead of for using the global internet (although people voluntarily run "outproxies" to the global internet from I2P, but this isn't its suggested or typical use). And it's not just websites - it also has integrated anonymous BitTorrent, IRC, and many, many other types of services (there's even been telnet BBSes, and there are more exotic datastores on I2P as well like Tahoe-LAFS, a GNUtella/edonkey2k network, etc.). This is partly because it can support anonymization of nearly any kind of internet traffic, not just TCP streams.
It's also much more decentralized that Tor, in many ways, because most (or many, anyway) I2P users are also relay nodes for traffic. This also means that it self-scales much better than Tor, but it can also mean that the performance is not quite as good because more of the relays are on home connections as opposed to real servers in datacenters, which is the case for most of Tor's relays.
Having a greater number and greater diversity of relays can make anonymity much stronger. But what really makes I2P theoretically more anonymous than Tor is the fact that an I2P user who is relaying traffic for others (called "Participating Traffic") has their own traffic "covered" by a multitude of other traffic streams, making timing and correlation attacks much more difficult. This protection is enhanced greatly if one's I2P router has good uptime and lots of shared bandwidth, as the rest of the network will not relay very much through a router if it's not reliable in those ways. For that reason, it's recommended to keep an I2P router running as close to 24/7 as possible, with as much shared bandwidth as you can offer.
There's tons of great documentation on their website, feel free to check it out.
Also, I2P has been around since 2003, about the same length as Tor, and is pretty mature, with a solid dev team (but they're always looking for help!).
Here is the donation address for those interested: 1BPdWwovytfGdBwUDVgqbMZ8omcPQzshpX
Extracted from this link:
https://geti2p.net/en/get-involved/donate
And blockr.io shows they have only received 0.25 BTC since they made that address 9 months ago: http://btc.blockr.io/address/info/1BPdWwovytfGdBwUDVgqbMZ8omcPQzshpX
It's getting easier, though. This project, which I worked on bundles up I2P and an OpenJDK 16 VM into a "jpackage" then sticks that into an installer which includes a Firefox profile and a script to launch it. Using it with either Firefox or Tor Browser installed results in a turnkey I2P setup and doesn't interfere with any non-I2P-Browsing configuration. It's the easiest and safest path I could come up with to a "Garlic Browser Bundle."
> Why doesn't i2p get mentioned much in the deepweb world or am I just going blind ?
no. you're not blind. i2p just doesn't get much love for a variety of reasons (lack of content, difficulty finding things, entirely programmed in java etc.) I think i2p is pretty good despite its critics.
> Im just wondering in reality would hosting with i2p be the safer option in regards to staying safe and cutting out potential ddos attacks?
dos attacks still happen on i2p but their aimed at the network. this page explains all the issues and features of i2p network in its current state: https://geti2p.net/en/docs/how/threat-model
geti2p.net was were i tried to download, the installer is delivered via i2p2.de.I'm not unable to download it anyway, just wanted someone to know as this should not happen for any project, especially a security / anonymity project.
But thanks for the answer.
Yeah it's actually really easy. Have a look at i2psam and the SAM libraries in general. I'll be back with more tomorrow. Got to get up early.
The above is really good advice! In addition, depending on your interests, you could:
So, OB has always been excluded from the DNM discussion because its protocol runs over UDP, which means it can't be routed over Tor. Members of the OB community have said that they are specifically not interested in catering to the drug trade.
But.
Integrating OB with I2P has been raised as an idea, and has good support among the developers. This would allow it to be used with strong anonymity, for both users and vendors, potentially even stronger anonymity than with Tor.
While it isn't a priority for the devs (at the moment), and they still have a bit of more foundational work to do on the software, it is in their sights, and very well could happen. It also helps that I2P has very advanced and straightforward APIs, and is easily embedded in other applications (like how Vuze can use an embedded I2P router for anonymous BitTorrent) - or, in the reverse, there is a well-made Plug-In structure within I2P that allows the integration of other apps with it.
So all in all, there may be hope. If anyone in this community has coding skills, this would be an awesome project to contribute to...
If you ever do get some time, I know I2P is a seriously amazing and rad project that definitely needs good java peeps. The code is also super well-documented, well-tested, and the community is super welcoming.
TMP had little to no support, was multisig only and PGP was mandatory too, so please don't put all this on the account of I2P.
There were plenty of users until support was stopped.
They closed up shop after Op Onymous (and by the way it's still not clear how LE got the IP of the hidden service SR server in Iceland)
I2P has been around since at least 2003 so it's not that young and had a good number of reviews already.
Stuff would certainly pop up when it gains traction but you know, this is how things work, you need a problem first to be able to find a solution for it.
This is not at all the dark web, no. Whoever said it's "technically the dark web" has no idea what they are talking about which is actually very common when it comes to the deep/dark web. This is just the normal Internet, the clear web. The deep/dark web is accessible through a browser using a specific routing protocol and set up with encrypted nodes and "exit relays" and in order to get on the "Dark web" you have to download the Tor browser bundle (or I2P which is far less popular) and then visit the dark web websites which are known as onion sites. I'll give some onion URL's that are safe to visit and not illegal (a common misconception is that the deep web/dark net only hosts illegal material, which is completely false) to show what they look like and to get you started. Obviously you can only access these through the Tor browser I linked above:
3g2upl4pq6kufc4m.onion (the DuckDuckGo search engine)
easycoinsayj7p5l.onion (a bitcoin escrow)
uj3wazyk5u4hnvtk.onion (the official Pirate Bay onion)
Don't forget to run an I2P router as well! Like a more decentralized Tor that self-scales with more users, like BitTorrent - and there's file sharing! It also has better security (in my opinion) than Tor.
Nothing is perfect:
http://wwwcip.cs.fau.de/~spjsschl/i2p.pdf
https://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release (look at the first line)
With Tor or i2p, even if you are de-anonymized, the packets are still encrypted end to end so that they can't see what you are doing on the market, just that you are connecting to it.
That being said, the vendors and the market itself face the most danger in a de-anonymization scenario.
Try I2P. It actively encourages bitTorrent, everyone is an "exit node", and the more people use it, the faster it will get:
I have Google Fiber and sent 300 Mbps to I2p. I'm trying to get a movement of KC Google Fiber people to boost the network up in bandwidth and usage!
Iirc i2p will be (or already has, I haven't kept up with i2p development in a while) replacing AES with ChaCha20 with the protocol changes detailed in proposal 144 (1). So recompiling i2p to enable AES-NI may not be very beneficial in the first place.
I have heard that i2pd (written in C++ instead of Java) obtains better performance than the regular i2p daemon. Have you tried that version out yet?
Sorry I couldn't be of much help. I wish you best of luck with your endeavors! If you find any good ways to reduce CPU usage yourself please update us!
(1) - https://geti2p.net/spec/proposals/144-ecies-x25519-aead-ratchet
We already have multiple ways of doing that. Two official for i2p, one official for i2pd, and maybe half a dozen unofficial or experimental ones. Here's a tour:
Official Way #1 was actually largely developed here on r/i2p, and it was the beginning of my involvement with the I2P project directly, the Firefox Profile Bundle. If you have Firefox already installed on Windows, you can use this. It is a Firefox profile bundled with extensions, a launcher script, and a desktop shortcut. Just run it, and you'll have a Firefox profile you can launch from a start menu or desktop shortcut.
Official Way #2 is a fork of the Tor Browser Bundle which is built for I2P. It works similarly to Tor Browser. For now, it still requires you to have an I2P router installed, but no other configuration is required. https://geti2p.net/en/download/lab It works on Mac OSX and Linux as well as Windows and can be run from the folder it's extracted to. This is the closest analogue to Tor Browser Bundle.
I2PD has a Firefox Portable based bundle which they supply to Windows users by default at https://i2pd.website/. It is the first to bundle both the router and Firefox together. Java I2P's version will do this soon.
Since Android is so obtuse to configure a browser on, I have an unofficial way. It's a multibrowser webextension, I've tested it on Firefox, Fennec(F-Droid) and GNU IceCat for Android successfully with partial success in Brave and Chromium so far. For now, it configures everything to be routed over I2P, but the next version will implement a "Private Browsing with I2P" contextual identity like Brave already does with Tor. It also enforces webRTC proxy obedience and enables the available webextension privacy API's to provide a simple interface for managing browser data.
SGLG makes an unofficial AppImage bundle. I haven't used it yet, but it is a thing that exists. https://github.com/IITFA is their github.
Those are the major ones. Hopefully that has you covered.
You already solved it, but:
you don't --import
fingerprints or key ids. You import the entire key. Either from a file, shell direction, or running gpg --import
and pasting it onto the terminal and ending with Ctrl+D.
On the last box, you could have just followed the instructions to "Enter number(s)" and it will basically --recv-keys
the key for you.
Of course, for people you don't really know like free software developers, you'll want to search the fingerprint from gpg --fingerprint
online to see what comes up like:
>"2D3D 2D03 910C 6504 C121 0C65 EE60 C0C8 EE72 56A8"
That's the master key from https://geti2p.net/en/get-involved/develop/release-signing-key. But you should not rely on one source, but cross-verify the fingerprint from multiple sources. Ideally you would use the web of trust to verify the key, or an in-person meeting or phone call, but that's not always reasonable for developers you don't know.
Unfortunately there are quite a few claims that I2P provides stronger anonymity with weak conjecture and no citations to papers (at least I haven't seen any).
Even I2P's own documentation on garlic routing doesn't have any concrete definitions. But they focus on the bundling, not redundant routes; so perhaps I had a few details backwards above, but even tor does some degree of bundling due to its use of TCP.
The worst detail is the use of Elgamal in every packet. Asymmetric operations are relatively expensive, especially compared to symmetric crypto. HORNET for instance only uses asymmetric operations for the setup and uses only (fast!) symmetric operations afterwards. Better, HORNET relays don't need to store any per-connection state (as the state is embedded in the packets) they can be implemented with multiple threads or on multiple servers without synchronizing connection states.
On Windows, Mac, Linux, it's super easy. On rooted Android it's also very easy, but prepping a browser for it is kind of tedious. Stick to the browser profile distributed on the download page for now and you'll be just fine. https://geti2p.net/firefox
The base32 address is the hash of the base64 key, making .b32.i2p addresses self-authenticating just like .onion. However, with jump services, the procedure is trust-on-first use, as in, you get a public key from a jump service and choose whether to trust it in the future. Roughly ssh-like. i2p does onion routing slightly differently with the addition of message bundling(Garlic routing) and uses slightly different encryption primitives. Those differences are best observed from the specification pages.
You've already been made aware of the most significant non-core implementations of i2p. I'm not sure what you mean by i2p's directory-like services, but if you mean the reseeds, they are actually self-hostable. That's the prescribed way but there are actually others, and you can even do it from a file, which is pretty decentralized.
I think you're confused about #3 as far as criticisms of i2p. What you're describing sounds like an attack on Freenet, not i2p. In i2p, false positives(someone being suspected of a crime because they were implicated by some kind of ill-designed NIT) would not be likely just because you automatically and unintentionally routed somebody's illegal-material-containing packets. After all, you'd still never have handled those packet in an unencrypted, unobfuscated form. The small anonymity set thing, though, is kind of an issue. If you can identify routers and then deny them the ability to participate in the network by other means, then you could identify services by watching a site and DOSing routers until it goes down. Same basic thing's technically true for Tor, just bigger anonymity set, edit: also bridges and PT's. I bet with enough time you could identify some fraction of hidden service operators by correlating downtime to naturally occurring power outages.
Unless one suggests a marked improvement in terms of language(rust, as in str4d's ire, for example, or Go, there's also a partial Go router out there too), criticisms of Java in favor of C or C++ are kind of hard to justify in 2018. The issues with all those languages have been preached about on hundreds of over-opinionated pointless blogs since the 80's, convincing like .001% of people. I'm comfortable saying language wars are pointless. Java has serialization problems, C has memory problems. It's been decades, isn't anybody tired yet? You pick your poison and you try to avoid it's flaws.
That is unfounded shit opinion right there...and that kind of thinking is applicable to every crypto currency.
Once again I am not some super "Vergian Verge fam" member who is all about the XVG. I am saying that if you want to pick at it.. pick at it about actual faults it has rather than creating things to hate about it.
Here ... Verge acts like the addition of I2P and Tor to their crypto currency is revolutionary... but any crypto currency can have those things applied to it by the end user. Download I2P and Tor, setup I2P and Tor then use I2P to access the Tor network and BOOM! whatever crypto you want is super private about your IP....
So if you can Use I2P and Tor with Monero... Why use XVG?
See that is how to bring up a fault about something and question it's validity.... not "the founders are rich and pumping the coin" when there is essentially no evidence of this.
Worse that vaporware makes no sense... There isn't some gradient of crypto currency evaluation that starts on the good end with "totally LIT" and on the other side is "Worse than vaporware".
If you want to use the english language you need to use words for the purposes others use them for... you are using vaporware as a synonym for "Shit" or something.
Are you doing this because it sounds technical and gives credence to your opinion? Or do you think Vaporware and Shit are synonyms?
Since it's been more than a day, I'll try to answer.
Special software: You only need to install I2P, and have a web browser. More can be found here: https://geti2p.net/en/about/browser-config
The difference between the domains: The long domain is named the Base32 address. That is a special address that I2P knows how to route to an anonymous server. The shorter name is there for convince, and points to the Base32 address.
~~Yes. This was a specific provision of the USA PATRIOT Act. The info goes straight to the feds, which probably means DHS/FBI/NSA/DITU and their affiliates. Now, that doesn't mean that they're likely at all to act on it, or even to notice you in the flood of data they receive, but those records are there and they are filed away.~~ EDIT: Maybe not...
My advice would be to pirate as much of this stuff as you can online, ideally using a private method like torrents over I2P
Well, it seems like the OB guys are smart to make their system look like it has no intention of being used anonymously, so as to keep officials off their backs.
However, it also seems like it would be easy to run a whole network of stores entirely within the i2p&nbsp;network, or possibly within the Tor network as hidden services.
At first blush, it appears that OB has been designed with minimal assumptions, thereby allowing other groups to extend it in ways that the original authors officially "never intended"...
> haven't used i2p (or even a computer) in almost a year.
Curious, why's that?
>First things first, can you even install i2p by command line on Linux as a sort of service that runs all the time?
i2p is java based, so you should be able to on a Raspberry Pi 2. IIRC, there's no official OpenJDK 8 package for Raspbian, but there is one for ArchLinux.
https://geti2p.net/en/download
If you use Raspbian, a windows manager will be installed, but you'll have to install Mate on ArchLinux. After you do that, from your "real" computer:
ssh -Y
The -Y allows X11 Forwarding. You may have to configure /etc/ssh/sshd_config on the Pi to allow it. I think Raspbian is on by default and Arch is off by default. When you run the java install command, the window will pop up on your "real" computer.
You may have to install and configure rng-tools for entropy:
Clearnet link: https://geti2p.net/en/about/i2pcon/2015
I2P Torrent link: magnet:?xt=urn:btih:5449d9e20c18d411de1f717a4278e1cc5fd754cf&dn=I2PCon+2015+Slides&tr=http://tracker2.postman.i2p/announce.php
Videos should be posted sooner or later.
Je te rejoins sur l'action dans la durée (et j'en profite pour caser mon petit message, installez i2p! - même si vous ne l'utilisez pas, ça aide à anonymiser ceux qui en ont besoin).
Ici, j'espère quand-même encore trouver une réaction qui fasse au moins amender ce projet.
Also available via anonymous BitTorrent using I2P (edit: these links will only work through I2P):
http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=31273
magnet link: magnet:?xt=urn:btih:88e7bc1124dcfc44a42cc54c5a5635d634c605fe&dn=Tails+1.3+%28incl.+I2P+0.9.18%29&tr=http://tracker2.postman.i2p/announce.php
Erm, I realize I may have interpreted that incorrectly. The other interpretation is essentially what i2p does out of the box, handing you a short list of hosts from a trusted (central) authority, and letting each user add their own as they please. It's clunky, unscalable, and unfriendly, but it does work. I2p's actual solution set is more complex than this, and I recommend you read about it right from the source, as they explain their own system better than I could do justice in a reddit comment. :-)
straight from the faq (https://geti2p.net/en/faq#exit ):
> Is my router an "exit node" to the regular Internet? I don't want it to be.
> No. Unlike Tor, "exit nodes" or "outproxies" are not an inherent part of the network. Only volunteers who set up and run separate applications will relay traffic to the regular Internet. There are very, very few of these.
Thanks for helping me find the i2p faq writers say exactly what I'm saying here.
Strong privacy isn't guaranteed according to the i2p website, at least last time I was there. Also, Tor has been hardened considerably over the past couple of years (deterministic builds for one). See the following for a much more complete comparison:
Why don't people just use BitTorrent over I2P? Why would they choose Tribler which has had less security analysis and has fewer nodes to mix data with?
Well, he's not. Just look at the attack surface against i2p, and compare that to Tor, which unlike i2p has undergone intense scrutiny at the hands of the most funded and sophisticated intelligence agencies in the world.
The Marketplace (a darknet market featuring multisig only transactions, timelocked transactions, shared accounts, mandatory PGP encryption etc.) Also reachable through Tor.
There are a number of services on I2P, and anyone can make his own secure, anonymous site: https://geti2p.net/en/docs/applications/supported#blogging-and-forums
> Our work brings the Bittorrent tit-for-tat idea to darknets. You help other become anonymous to get your own privacy.
To be fair, I2P was doing exactly this even ten years ago.
P.S. - check out I2P, I've been a big fan of it for a long time - it's a bit like Tito Jackson next to Tor's Michael, but it's got some really big improvements over Tor regarding how it works and its security model. Plus, it scales with more users and has a built-in torrent client!
Last I remember there was a rasberry pi distro with i2p pre-installed, but I do not remember the name, and I do not believe it was maintained.
But personally, I really like using the debian packages provided by kytv (in-network) and meeh (clear-net).
If you do not want to use the packages for whatever reason, the in-network updates make it really easy to just run the router from the normal install.
The market has already rejected Bytecoin because of the 82% premine - volume on Poloniex is down to 1.8 BTC in the last 24 hours (vs. 202 BTC for Monero in the same period).
We are already starting to diverge from the Bytecoin codebase, hence the description as the "reference implementation" for CryptoNote, and we have fixed core issues (such as an overly aggressive block reward penalty algorithm) and made major improvements (hashing algorithm is over 12x faster than the original Bytecoin implementation) in the 5-ish weeks that Monero has been out.
We also have a policy of not hyping Monero up, and whilst we will be putting a roadmap out, we are quiet on features until they're actively in development. For example: we didn't announce our planned I2P integration until we had structured a partnership with the I2P team and had a firm development plan already in operation. We plan on keeping our heads down and continuously pushing out innovative features and better tooling as time progresses, and fully expect that Monero's value will continue to grow as utility increases. All of our development is completely open - we discuss things on an ongoing basis in #monero-dev on Freenode, our pull requests and 100% of the code is public, so no closed-source binary only releases with source code being released "later". This means more eyes on the code and on the architecture, which leads to continuous, iterative improvements:)
There are two. The one from i2pd is here: https://github.com/PurpleI2P/i2pdbrowser/releases/tag/1.3.0 It should be able to help you. It's pretty straightforward and tor-browser-like, it just ships a browser config and NoScript with an i2pd router.
There is also one from Java I2P is here: https://geti2p.net/en/download/firefox but you'll be a guinea-pig of a sort. The new version of the Firefox profile comes with a "jpackaged" version of the Java I2P router which it will attempt to start when you launch the browser. The goal of it actually is to create a "beginner" package and help onboard people to I2P. This may conflict with your i2pd router. In my opinion i2pd is an extremely convenient and elegant router to use if you're a sysadmin, and very compelling choice for an embedded I2P router for non JVM languages if you're a developer, and a good way to satisfy dependencies if you're trying to package an app for I2P, but it's shortcomings show when users need to configure client applications.
>at least 4 encrypted unidirectional communication tunnels, each 0-3 hops in length for a message to make a full round trip
2 inbound tunnels of varying length, 1 local, 1 remote.
2 outbound tunnels of varying length, 1 local, 1 remote.
Your logic is not wrong but you are only considering your local tunnels and not the remote tunnels as well.
Your outbound tunnel must find and meet with the remote client's inbound tunnel for you to make a request to that destination and the remote client's outbound tunnel must find meet with your local inbound tunnel for the client to respond back to you.
I wrote instructions for most popular IRC clients here on the website, usually you can just set one up and use it forever. Alternatively, brb has native support for I2P IRC.
Sure, but what is it you need help with? Which guide I send you to, or write and add to the site next, will depend on what you are trying to accomplish. If you just need to get I2P installed on Windows then I wrote this guide to help you through that process, or, if you don't mind being experimented on a little, you could try the experimental all-in-one installer which is intended to make installing I2P easier, but which currently lacks automatic updates.
The public keys of any clients you want to either block or authorize, depending on your configuration. If you look at the last step in this blog post, you'll be able to see an example: https://geti2p.net/en/blog/post/2019/06/15/i2p-i2pd-ssh-config where only one client is allowed to access the server.
VPNs -
express, Nord, proton, mullvad, windscribe. These I'm stating here because I know people who've used all these.
I2P Network -
Anonymous internet project. Basically, an internet within the internet. It consists of an interconnected network of encrypted tunnels. Works on Garlic routing & Mix networking.
https://en.m.wikipedia.org/wiki/I2P
r/i2p & r/i2ptorrenting
Difference between aforementioned is vast & varying as is their usage & functionality.
Here, I'm talking about only torrenting.
Torrenting Speeds in VPNs will be much higher than I2P.
https://geti2p.net/en/blog/post/2020/06/07/file-based-reseed there are also f2f reseeds which are file-based. This is the current freestanding reseed application in go: https://i2pgit.org/idk/reseed-tools
What version are you on? I thought we ripped that browser out years ago. If we didn't, it's going to be gone by 0.9.49 so don't get too used to it. It's pretty useless and difficult to secure. You should be on at least version 0.9.47-1, 0.9.48 preferably, and you should probably follow the IceRaven/WebExtension based browser procedure, and not use the WebView. https://geti2p.net/en/about/browser-config#android Android browser configuration sucks, there are a couple recent threads about why, the IceRaven/Extension setup is the best of a bad situation. Non Firefox options are all known-to-be-broken, and mainline Firefox is not viable until Extensions open back up. WebView leaks on unpredictable Androids, Chrome doesn't let you set proxies.
This is by far the best resource on i2p: https://geti2p.net/en/about/intro
Other than that, two big things to keep in mind are:
These are different projects. i2pd is only the router which you can use with other software through I2CP interface. I2pd is a daemon (server) that is written in C++ and does not require Java to run. If you are used to your old I2P experience and your system can run Java, you are better off running I2P.
Hi
Thanks for the reply
I saw i2pd flatpak, is this working by default with i2p-browser? Or i'll have to setup some configuration?
I went look at: https://geti2p.net/en/download
Is i2p configured by default to work with i2p-browser? Or i'll have to setup some configuration?
Asking before installing software that i wont be able to use or config
We aren't bundling the router by default yet, look for it in a few months time. In the meantime, you can use the browser by installing the I2P router application as well, from here: https://geti2p.net/en/download.
I'm trying to read the SAM documentation and use the SAM API. For now I encounter one problem is how do I close the created session? seem that documentation no say how to close a created session.
Blinded leasesets are pretty new, documentation is still a little technical. I believe you pass i2cp options to i2pd by putting them into the label of the tunnel in the tunnels.conf file. You can see all the relevant i2cp options here: https://geti2p.net/en/docs/protocol/i2cp. I don't know how to do blinding with i2pd yet, been too busy with java I2P. You might have better luck asking i2pd devs directly. I only ever really see them on IRC and github, that's where I'd look first. In Java I2P it's a radio button about halfway down the tunnel configuration page. It might be a week or so before I get to it, but I'll try and improve how the site is cross-referenced soon and figure out how to configure i2pd blinded leasesets.
You can do this with i2pcontrol. Unfortunately most of the stuff that talks to it is GUI applications, but if you want to script it I do have these bash functions you could use to get started.
Sure. The one I'm referencing is this one by Adrian Crenshaw: http://www.irongeek.com/downloads/Identifying%20the%20true%20IP%20of%20I2P%20service%20hosts.pdf
All other papers can be found here: All papers can be found here: https://geti2p.net/en/papers/
I don't think there's any existing low-latency anonymity solution that isn't in some way vulnerable NSA-level adversaries. I2P has a different overall design, and, while there are numerous attacks in its [threat model](https://geti2p.net/en/docs/how/threat-model), most of them seem very expensive and it takes significant steps to mitigate them. Despite this, I2P could never be a replacement for Tor because it's not meant for clearnet browsing.
The threat model is different when you're browsing a trusted .onion site than when you're browsing a clearnet site. When you're browsing the darknet, there's no exit node, which changes the game when it comes to traffic correlation.
Whether these protocols are theoretically vulnerable or not, I think it's still going to be vastly more expensive and cumbersome to spy on Tor users than it is to spy on someone who simply browses the web with little to no protection. The NSA might be able to deanonymize _some of the users, some of the time_ after pouring millions of dollars into it, but they don't even have to _try_ when it comes to the typical web user. And the more people who use Tor, the more mixed everyone's traffic becomes, and we don't know how these attacks would scale when you have millions of users sharing the same 6,000 Tor relays.
The first few comments on that BitcoinTalk thread mention surprise at the lack of community interest in this project announcement. According to this StackExchange answer, the client linked did not even exist and the bounty for it was unclaimed as of 2016. Yet the initial release was three years prior! Today, the bounty page now says that it has been paid. And here is the GitHub repo, inactive for four years.
I find it difficult to believe that this was just overlooked. My experience tells me that Bitcoin censorship has been pervasive for a long time, even on the BitcoinTalk forum. Am I mistaken?
They both have strengths and weaknesses. Here's a nice comparison:
https://geti2p.net/en/comparison/tor
Speaking for myself, I like I2P's more decentralized nature, and the fact that it's optimized for hidden services, which means that it can be much faster than Tor.
There is Also https://geti2p.net/en/ as an alternative to TOR. It is similar but operates in a slightly different way. You can also look into using a more privacy based OS like qubesOS, and running it on a thumb drive so if your laptop is confiscated, they have less evidence. Something like QuebesOS running on a thumb drive might give you some extra protection from any malware your government/ISP might be using to see what you are up to because you can keep any inforation that could be linked backed to you isolated from your Tor, I2P, VPN traffic. You could also keep a regular os on your hard drive and keep all your normal activities on there so, once again, if it is confiscated they won't fin VPNs Tor &c. &c.
Also, you pretty much live in r/cyberpunk.
Hey just looking through the website and they said this
To powerful passive external observers as well as large colluding internal observers, standard tunnel routing is vulnerable to traffic analysis attacks - simply watching the size and frequency of messages being passed between routers. https://geti2p.net/en/get-involved/todo
That's kinda what I was asking about.
Basically it's a darknet like tor but it was build from the ground up focusing on its hidden service functionality and being completely decentralized with no one group in control of the network. Unlike tor it's built to handle large data transfers over the network (there's an official bittorrent client) and theoretically could scale much better then tor. Here's the Wikipedia article about it and an i2p vs tor comparison.
I don't know, but why would you need one? You take your automatically generated *.b32.i2p address and register a "normal" domain name at for example inr.i2p or stats.i2p.
Just like one assigns DNS names to certain IP addresses.
Then you subscribe to the address lists generated by these sites, and presto!, you have your own i2p domain name system.
You can read more about it here: https://geti2p.net/en/docs/naming
Yes, you can do longer — the maximum length of a tunnel is 7. There's no need for inbound and outbound lengths to match, and there's nothing "unsafe" about longer as compared to shorter. I'm not an expert on the topic, but my understanding is that a longer tunnel might provide you some greater degree of anonymity if you think that a fraction of the network is compromised — but there's not really much practical benefit, and 3 does the job of giving every participant reasonable doubt about where in a tunnel they actually stand.
The more you crank the length up, the less bandwidth and the less reliability you're likely to get, so it's probably not a good idea. And keep in mind when figuring tunnel lengths that tunnels sort of "meet in the middle", so a 3-hop outbound tunnel + a 3-hop inbound tunnel = 6 nodes other than the endpoints participating already (as in this).
As for timing attacks, yes, there's probably a certain amount that can be done — i2p doesn't have all of the countermeasures against such attacks that it conceivably could. But I don't follow your scenario. If an attacker already knows the first and last hops of a tunnel they've already de-anonymized it, why do they need a timing attack?
Actually, they are fundamentally very different. If the same attack was attempted on an i2p network, it would fail - here's a relevant quote from their website:
> Protection against detecting client activity, even when an attacker is participating in the tunnel, as tunnels are used for more than simply passing end to end messages (e.g. netDb, tunnel management, tunnel testing)
TOR does not protect against this btw.
Although both are trying to accomplish the same purpose, TOR relies on every node being secure which is easily compromised by a couple of bad nodes. i2p takes a different approach.
Here are just a couple of the main reasons why i2p is more secure than TOR:
Tunnels in I2P are short lived, decreasing the number of samples that an attacker can use to mount an active attack with, unlike circuits in Tor, which are typically long lived.
I2P APIs are designed specifically for anonymity and security, while SOCKS is designed for functionality.
Essentially all peers participate in routing for others
Unidirectional tunnels instead of bidirectional circuits, doubling the number of nodes a peer has to compromise to get the same information. Counter-arguments and further discussion here.
Floodfill peers ("directory servers") are varying and untrusted, rather than hardcoded
Packet-switched instead of circuit-switched
Source & Further Reading: https://geti2p.net/en/comparison/tor
Actually let me take that back. i2p is fine for torrenting and even supports and encourages torrenting; it has a built-in torrent client that is ready to go as soon as you install I2P.
https://geti2p.net/en/docs/applications/bittorrent
You're correct and my apologies.
The article goes over most attack points in the official threat model page. Tries to explain those attacks in simpler terms, for a larger audience.
Concludes that those attacks are not hard to mitigate if the network grows and with small (low impact) adjustments to the protocol.
> Some of the algorithms related to peer manipulation and search may need to be improved at some point, but these changes would not require major protocol revision
And he ends on a note that should inspire most of us privacy/anonymity concerned to help I2P where we can.
> If the world changed in such a way that secure communication was more important [...], I2P looks like a fine network to take on the challenge.
My TL;DR: download, install I2P, and help the network grow.
You didn't see the "comparisons" section that specifically lists Tor?
> The two primary differences between Tor / Onion-Routing and I2P are again related to differences in the threat model and the out-proxy design (though Tor supports hidden services as well). In addition, Tor takes the directory-based approach - providing a centralized point to manage the overall 'view' of the network, as well as gather and report statistics, as opposed to I2P's distributed network database and peer selection.
Please let me know if someone creates a donation address for Kovri specific development. So far I am only aware of the general I2P donation address: https://geti2p.net/en/get-involved/donate
The issue was discussed here: https://github.com/monero-project/kovri/issues/43
OpenBazaar is not anonymous in any way at the moment and runs over UDP so it can't even be routed over Tor. However, integrating OB over I2P is on the OB roadmap, which will be very, very exciting...
Just add a new VISA/Mastercard via PP. That's it.
For exchanged.i2p.. download i2p (similar to TOR but different): https://geti2p.net/
Configure browser: https://geti2p.net/en/about/browser-config
On your desktop, double-click the icon "start i2p (no windows)"
Wait 5-10 minutes for the router to finish build up network n' shit.
Then on the browser you ALREADY configured, just enter the URL: exchanged.i2p (be patient). Add to the address book if you want, it will show up a full b32 encrypted address (add it if you want).
You're golden.
if you are running it on the same computer you plan to browse with, its dead simple:
first you dload this thingy:
https://geti2p.net/en/download
then you modify your web browser proxy settings:
https://geti2p.net/en/about/browser-config
Its recommended to get a whole new browser for use with i2p. So if you generally use chrome, install firefox and modify the firefox settings, so you know that firefox is your i2p browser. if you use firefox, then make chrome your i2p browser. You get the idea.
How can I access the web console from my other machines or password protect it?
If you want to administer it remotely over the internet, you'll want to setup port forwarding on your home router. You'll also definitely want to setup SSL for accessing the router, but I don't have a link for that handy.
I2P, one of the implementations of a "darknet", uses encryption that is much more resistant to many types of attacks than standard SSL while also hiding sender and reciever. This makes it very suitable for transmitting PII when even the address of the sender can be considered personally identifying.
Each IRC server is run by somebody. I2P IRC operators might be more anonymous than the current server, but this may not even be a good thing. I2P encourages applications to use it as a library rather than just dropping it in like a proxy.