- 1 Introduction
- 2 Inproxies inside Whonix-Workstation
- 3 Use I2P client inside Whonix-Workstation (Preferred)
- 4 Services
- 5 Installing I2P on Whonix-Gateway (I2P and Tor simultaneously)
- 6 Footnotes
The Invisible Internet Project (I2P) is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other through "tunnels". The network itself is strictly message based (IP), but there is a library available to allow reliable streaming communication on top of it (TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys). This is known as Garlic routing which is a variant of Onion routing and benefits from the research on the latter but makes some different tradeoffs. Each client application has their I2P "router" that finds other clients by querying against the fully distributed "network database" - a custom structured distributed hash table (DHT) based off the Kademlia algorithm. Every router transports traffic for its peers which it uses as cover traffic for its own.
Read more about I2P's technical details here.
I2P is focused on creating a community around P2P darknet services rather than providing "outproxies"(exits) to the clearnet.
The I2P development team is an open group, welcome to all who are interested in getting involved, and all of the code is open source. The core I2P SDK and the current router implementation is done in Java (currently working with both sun and kaffe, gcj support planned for later), and there is a simple socket based API for accessing the network from other languages (with a C library available, and both Python and Perl in development). The network is actively being developed and has not yet reached the 1.0 release, but the current roadmap describes their schedule.
Overview on ways to use I2P with Whonix
- You can either use inproxies inside Whonix-Workstation to browse Eepsites or install I2P inside Whonix-Workstation.
- The inproxy method is more suited for a causal use of I2P, where you just want to anonymously view an Eepsite and don't care about eavesdroppers as long you are anonymous.
- Using the I2P client inside Whonix-Workstation (Preferred) is safer, all I2P traffic gets tunneled through Tor, fully featured but a tiny bit more difficult than installing I2P the ordinary way, i.e. using I2P in the clear, not over Tor.
Much of Tor's concepts carry over to I2P despite the terminology being somewhat different.
Other interesting concepts of note:
- Tor HS "stealth mode" == I2P client whitelist or using Encrypted LeaseSets (I2P documentation is lacking but there are plans to improve)
- Tor "Single Onion Service" == I2P 0-hop tunnels
http://identiguy.i2p - lists all known and alive I2P websites.
Inproxies inside Whonix-Workstation
Note that you will lose the end-to-end encryption to the eepsites, which I2P would provide, if you would install it directly inside Whonix-Workstation, or if you would use it the ordinary way. Depending on if the inproxy uses http (unencrypted), https (or is reachable through a hidden service), also Exit Nodes Eavesdropping applies. In any case, the I2P inproxy admin can also see all of your traffic in the I2P network and there is no way to prevent that.
List of I2P inproxy domains (bolded):
- many others are down 
Use I2P client inside Whonix-Workstation (Preferred)
Connecting to Tor before I2P
It is possible to run I2P inside the Whonix-Workstation.
user -> Tor -> I2P -> Internet
In case you want to do that, it is recommended to read the following two related wiki articles:
- Anonymity is provided by Tor.
- I2P router console works normal inside Tor Browser. No need to install a graphical user interface on the Whonix-Gateway.
- Eepsites (.i2p) can be reached directly from Tor Browser.
- I2P's end-to-end encryption will be used like usual.
- No Stream-Isolation Support
- I2P does not have stream isolation support meaning that visits to Eepsites are linkable and fingerprintable; each request includes the same X-I2P-Dest* headers, which are unique only to yourself. This might be true for outproxy requests as well.
- If you access site1.i2p and then site2.i2p, site3.i2p … and so on, each one of those operators will see the exact same X-I2P-Dest* values. Meaning if they are colluding, they will know that they were all accessed by the same person.
- The longer you leave I2P running, the better profile those operators can build on you. The X-I2P-Dest* values only change on restart of the I2P instance or on stop/start of the HTTP Proxy tunnel. I2P has no fix for this at the moment, however someone is writing an experimental plugin to provide a stream-isolating mechanism for http-over-I2P. The si-i2p-plugin is an I2P SAM application which presents an http proxy(on port 4443 by default) that acts as an intermediate between your browser and the I2P network. It uses the SAM library to create a unique destination for each I2P site that you visit. This way, your base32 destination couldn't be used to track you with a network of colluding sites.
- Adds load to Tor.
- Adds load to I2P.
- It's slower than I2P directly on Whonix-Gateway or the ordinary usage.
- No contribution to the I2P network (leeching). 
Installation and Setup:
|Security warning. Adding a third party repositories gives the vendor the ability to replace any package on your system. Use at your own risk. (More Info)|
Currently supported architectures include amd64, i386, armel, armhf (for Raspbian), and powerpc.
TO-DO: Update signing key info when migration from KYTV infrastructure happens.
pub 4096R/0x67ECE5605BCF1346 2013-10-10 I2P Debian Package Repository <firstname.lastname@example.org> Key fingerprint = 7840 E761 0F28 B904 7535 49D7 67EC E560 5BCF 1346
Download key with scurl to home folder.
scurl -o i2p-pubkey.asc https://geti2p.net/_static/i2p-debian-repo.key.asc
Check fingerprints/owners without importing anything.
gpg --with-fingerprint i2p-pubkey.asc
If it looks good import into trusted.gpg.d.
gpg --no-default-keyring --keyring ./i2p-pubkey.gpg --import i2p-pubkey.asc sudo cp i2p-pubkey.gpg /etc/apt/trusted.gpg.d/i2p-pubkey.gpg
For default Whonix using Debian stable:
sudo su -c "echo -e 'deb http://deb.i2p2.no/ jessie main\ndeb-src http://deb.i2p2.no/ jessie main' > /etc/apt/sources.list.d/i2p-release.list"
For Whonix build using Debian Testing or Unstable (Sid):
sudo su -c "echo -e 'deb http://deb.i2p2.no/ unstable main\ndeb-src http://deb.i2p2.no/ unstable main' > /etc/apt/sources.list.d/i2p-release.list"
Update your package lists.
sudo apt-get update
Install I2P and dependencies.
sudo apt-get install i2p i2p-keyring
2. Configure I2P as a service that automatically runs when your system boots, set the amount of Ram to your needs and leave the User as i2psvc
sudo dpkg-reconfigure i2p
3. To reconfigure Tor Browser so you can access the local web interface, apply the following six steps.
TODO: Currently broken with 7.0a1. https://forums.whonix.org/t/new-version-of-tbb-no-longer-accepts-foxyproxy-plugin/2565/32
Step One: Terminate Tor Browser if it is currently running.
echo 'pref("xpinstall.signatures.required", false);' > /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/preferences/50_addons_unsigned_allow.js
Step Three: Install FoxyProxy.
sudo apt-get install xul-ext-foxyproxy-standard
Step Four: To access the proxy/local WebUI of the desired application, the FoxyProxy add-on and its configuration must be made available to Tor Browser.
ln -s /usr/share/xul-ext/foxyproxy-standard/ /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browseremail@example.com
cp /usr/share/usability-misc/tbb-foxyproxy/foxyproxy.xml /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/
Step Six: Restart Tor Browser.
For steps on how to reverse this Tor Browser configuration and restore the default Tor Browser fingerprint, please press expand on the right side.
Step Undo: Restore the default Tor Browser configuration.
Then restart Tor Browser.
Note: Tor Browser will soon ship with sandboxing on an opt-in basis. Unfortunately the initial sandbox versions are incompatible with such configurations and must not be enabled.
4. Start/Stop the I2P service:
Start the I2P service
sudo systemctl start i2p
Stop the I2P service
sudo systemctl stop i2p
Status of the I2P service
sudo systemctl status i2p
To run I2P manually as User:
- Note: The config folder changes to /home/user/.i2p/
Please review and adjust the bandwidth settings on the configuration page, as the default settings of 300 KB/s down / 60 KB/s up are fairly conservative.
Many interesting features and functionality are implemented for I2P in the form of stand-alone packages or plugins that can be optionally installed from their official plugin eepsite. The instructions are simple to follow. The signing keys for these plugins is already built into the official I2P package and so are already whitelisted. This is not a complete list.
See this page for documentation about default port numbers of I2P plugins.
I2P-Bote is a serverless, encrypted email plugin that uses I2P for anonymity. Messages are stored in the distributed hash table (DHT) for 100 days, during which the recipient is able to download them.
To back up your I2P-Bote data, copy the i2pbote folder inside your I2P config directory (~/.i2p/i2pbote on Unix systems or /var/lib/i2p/i2p-config when running as a daemon).
Compartmentalize your activities and only use your I2P-Bote/Susimail VM snapshot for this purpose. Generally, applications that run with a browser interface are vulnerable to a whole class of bugs, including cross-site request forgery (CSRF).
- Webmail interface;
- User interface translated into 15 languages;
- One-click creation of email accounts (called email identities);
- Emails can either be sent under a sender identity or anonymously;
- 2048-bit ElGamal, 256/521-bit Elliptic Curve and NTRU-1087 encryption;
- Transparent, automatic encryption and signing without relying on third-party software such as PGP/GnuPG;
- Sending and receiving via relays with delay periods set by the user, similar to Mixmaster;
- Theme support;
- POP3 / IMAP / SMTP;
- Cc and Bcc support;
- Delivery confirmation;
- Basic support for short recipient names; and
- Android support (via I2P's Android client).
- Outproxy to interoperate with clearnet mail servers;
- Custom folders;
- Multi-device identity syncing;
- Support for short email addresses like firstname.lastname@example.org;
- HashCash as an anti-spam solution should it become a problem; and
- Lots of other small improvements.
The development of I2P's distributed forum software (Syndie) is stalled indefinitely. RetroShare is the recommended replacement for Syndie's functionality which can be tunneled through I2P for enhanced anonymity.
Follow the steps in this guide to connect to others over I2P.
As part of a summer coding project (as of 2016), ZeroNet is being modified to natively support tuneling over I2P.
Installing I2P on Whonix-Gateway (I2P and Tor simultaneously)
user -> Tor -> Internet
user -> I2P -> Internet
Whonix I2P documentation thread:
- * http://i2p.rocks/
- http://i2p2piszzzndhfvr.onion - simply append the Onion Service name after the short eepsite name, omitting the .i2p TLD as shown.
awxcnx I2P eepsite inproxy
awxcnx I2P IRC inproxy (See Chat for general chat safety advice.)
or simply add '.to' after '.i2p'. For example, instant of http://forum.I2P you can use http://forum.i2p.to.
- Sounds worse than it is. Only very few people are expected to use I2P over Tor. I2P offers those options itself. It's not like a leeching mod.
- To import asc key files into trusted.gpg.d they must be converted into a .gpg keychain file first.
- I2P .deb Packages installation instructions from I2P's third party repository
- This action doesn't lower security too much, unless you install add-ons from unsafe sources. Disabling the signature check is required because Tor Browser is based on a newer version of Firefox, while the add-ons in Debian are "unsigned". This step is safe because add-ons are signed and verified when apt-get downloads them, but they do not have the signature that Firefox's code is expecting (a Firefox signature wouldn't make them any safer).
Impressum | Datenschutz | Haftungsausschluss
Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, the content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.