Invisible Internet Project (I2P)
Introduction[edit]
Network[edit]
The Invisible Internet Project (I2P) homepage provides a simple overview of the protocol:
I2P is an anonymous network built on top of the internet. It allows users to create and access content and build online communities on a network that is both distributed and dynamic. It is intended to protect communication and resist monitoring by third parties such as ISPs.
Aside from anonymizing traffic within the network, I2P functions with the same capabilities as the Internet, however its design and decentralization create a censorship resistant environment for the free-flow of information.
Mirrored sites hosted on the network allow access to news outlets and other resources in areas where information is being filtered or denied. Online communities wishing to organize in restrictive environments can do so anonymously to mitigate political threat and protect each other.
The I2P anonymous network exposes a simple layer that applications can use to anonymously and securely send messages to each other through "tunnels". The network itself is strictly message-based (IP), but there is a library available to allow reliable streaming communication on top of it (TCP). All communication is encrypted end-to-end -- in total there are four layers of encryption used when sending a message -- and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys). [1]
This design is known as garlic routing which is a variant of onion routing
(used in the Tor network) and benefits from the research on the latter but makes some different tradeoffs. [2] Each client application has their own I2P 'router' that finds other clients by querying against the fully distributed 'network database' - a custom structured distributed hash table (DHT) based on the Kademlia algorithm
. Every router transports traffic for its peers which it uses as cover traffic for its own. To learn more about I2P technical details, see here
.
In contrast to the Tor network, I2P is focused on creating a community around P2P darknet services rather than providing "outproxies"(exits) to the clearnet. The I2P development team is an open group that welcomes all parties who are interested in getting involved
. All the code is open source
. The core I2P Software Development Kit (SDK) and the current router implementation is accomplished in Java, [3] and there is a simple socket based API
for accessing the network from other languages (with a C library available, and both Python and Perl in development). The network is actively being developed and has not yet reached the 1.0 release, but the current roadmap
describes their active schedule.
Tor vs I2P[edit]
Many of Tor's concepts have (virtual) equivalents in I2P, despite the terminology being somewhat different.
Table: Tor vs. I2P Terminology [4]
Tor Terminology | I2P Equivalent |
---|---|
Cell | Message |
Circuit | Tunnel |
Client | Router or Client |
Directory | NetDb |
Directory Server | Floodfill Router |
Entry Guards | Fast Peers |
Entry Node | Inproxy |
Exit Node | Outproxy |
Hidden (Onion) Service | Hidden Service, Eepsite or Destination |
Hidden Service Descriptor | LeaseSet |
Hidden Service 'Stealth Mode' | I2P Client Whitelist [5] or Encrypted LeaseSets [6] [7] |
Introduction Point | Inbound Gateway |
Node | Router |
Onion Proxy | I2PTunnel Client (more or less) |
Relay | Router |
Rendezvous Point | Similar to Inbound Gateway + Outbound Endpoint |
Router Descriptor | RouterInfo |
Server | Router |
Single Onion Service | I2P 0-hop Tunnel [8] |
The I2P comparison page notes the relative strengths of Tor and I2P; those are summarized below.
Tor's primary strengths are: a larger user base; greater academic interest and research; significant funding; a large development team; greater resistance to state-level censorship (TLS transport and bridges); large number of exit nodes; better memory usage; thorough documentation; low client bandwidth overhead; higher throughput and lower latency. [4]
In comparison, I2P's primary strengths are: optimization for hidden services; a fully distributed design; better peer selection; varied and untrusted directory servers; peer-to-peer friendly nature; improved load balancing and resilience; unidirectional tunnels; [9] protection against client activity detection; short-lived tunnels; [10] low bandwidth overhead for full peers; TCP and UDP transports; and being based on the Java programming language. [4]
How-to: Use I2P in Whonix ™[edit]
There are two methods of using I2P in Whonix ™:
- Inproxies inside Whonix-Workstation; or
- I2P client inside Whonix-Workstation (recommended)
The inproxy method is better suited for causal use of I2P. In this instance, users just want to anonymously view an Eepsite and are not concerned about eavesdroppers so long as anonymity is assured.
It is safer to use the I2P client inside Whonix ™, since all I2P traffic is tunneled through Tor and access is fully featured. This is a little more difficult than installing I2P the ordinary way, that is using I2P in the clear, not over Tor.
Readers who are considering using I2P in Whonix ™ are suggested to review the related forum thread.
Inproxies inside Whonix-Workstation[edit]
There are several I2P inproxies and they have similar functionality to Tor2web. [11] Simply use Tor Browser which is installed in Whonix ™ by default to directly access the I2P proxies listed.
Although this is the easiest method, on the downside end-to-end encryption is lost when connecting to the eepsites. This is not the case when I2P is installed directly inside Whonix-Workstation ™ or if I2P is used in the ordinary way. Further, potentially Tor Exit Nodes can Eavesdrop on Communications if an inproxy uses plain http, since it is an unencrypted connection. This risk is averted if the inproxy uses https or is reachable via an onion service. In any case, the I2P inproxy administrator can see all of your traffic in the I2P network and it is impossible to prevent that.
Example list of I2P inproxy domains (in bold):
- http://forum.i2p.rocks
[12]
- http://forum.i2p.re
- http://forum.i2p.xyz
- https://www.hiddenservice.net/
- Many others are down at the time of writing; see footnotes. [13] [14]
I2P Client inside Whonix-Workstation[edit]
Introduction[edit]
The preferred configuration is to connect to Tor before I2P inside Whonix-Workstation ™: user
→ Tor
→ I2P
→ Internet
Before configuring this tunnel link, it is recommended to read the following related wiki entries for general educational purposes on tunnel links. There is no need to apply any instructions from these wiki entries.
Post-Tor I2P Tunnel Effects[edit]
Table: Post-Tor I2P Connections
Domain | Information |
---|---|
Advantages |
|
Disadvantages |
|
Warning: No Stream-isolation Support |
|
Installation and Setup[edit]
- When following these instructions, the
about:config
changes in Tor Browser worsen the browser fingerprint. This is unavoidable if the user intents to use I2P. The modified Tor Browser should only be used for I2P purposes.- In Qubes-Whonix ™, a separate
anon-whonix-I2P
App Qubes is recommended.
- In Qubes-Whonix ™, a separate
Security warning: Adding a third party repository allows the vendor to replace any package on your system. Proceed at your own risk! See Foreign Sources for further information. For greater safety, users adding third party repositories should always use Multiple Whonix-Workstation ™ to compartmentalize VMs with additional software.
Had broken connectivity for some users in past. Probably fixed by now. In case of issues, see this forum discussion: I2P used to work in Whonix 15 now it doesn't in Whonix 16
1. Add the I2P signing key. (Qubes-Whonix ™: whonix-ws-16-clone-1
Template).
Securely download the key.
If you are using Whonix-Workstation ™ (anon-whonix
), run.
If you are using a Qubes Template (whonix-ws-16
), run. [17] [18]
Display the key's fingerprint. [19]
Verify the output.
Digital software signatures can increase security but this requires knowledge. Learn more about digital software signature verification.
The most important check is confirming the key fingerprint exactly matches the output below. [20]
7840 E761 0F28 B904 7535 49D7 67EC E560 5BCF 1346
Do not continue if the fingerprint does not match -- this risks using infected or erroneous files! The whole point of verification is to confirm file integrity.
Copy the signing key to the APT keyring folder. [21]
2. Add the I2P APT repository. (Qubes-Whonix ™: whonix-ws-16-clone-1
Template).
3. I2P installation.
Install package(s) i2p i2p-keyring privoxy
.
A. Update the package lists and upgrade the system.
B. Install the i2p i2p-keyring privoxy
package(s).
Using apt
command line parameter --no-install-recommends
is in most cases optional.
C. Done.
The procedure of installing package(s) i2p i2p-keyring privoxy
is complete.
4. Platform specific notice.
- Qubes-Whonix ™: Shut down the Template.
5. Configure Tor Browser to allow connections to I2P. Privoxy handles redirecting any special domains including *.i2p to its respective locally listening daemon for seamless UX. (Qubes-Whonix ™: anon-whonix-I2P
App Qube)
Note: The following steps will no longer be required once Whonix ™ releases a custom Tor Browser for connecting to alternative networks. [22]
- This step changes the web fingerprint of Tor Browser!
- Leave all other settings as is!
A. Tor Browser → URL bar → Type: about:config
→ Press Enter
key. → search for and modify.
B. extensions.torbutton.use_nontor_proxy
→ set to true
C. network.proxy.share_proxy_settings
→ set to true
D. network.proxy.http
→ set to 127.0.0.1
E. network.proxy.http_port
→ set to 4444
F. network.proxy.no_proxies_on
→ set to 127.0.0.2
G. network.proxy.socks_remote_dns
→ set to false
H. dom.security.https_first_pbm
→ set to false
I. Done. Tor Browser configuration has been completed.
6. Optional: Recommendation.
Before using I2P, it is recommended to access the I2P router configuration and make several adjustments for better performance.
7. Done.
The process of installing I2P has been completed.
Usage[edit]
1. Configure the I2P service to start automatically upon boot.
2. Disable time checks since whonix time fixed by sdwdate over TCP not NTP over UDP [23]:
Open file /var/lib/i2p/i2p-config/router.config
in an editor with administrative (root) write permissions.
This box uses sudoedit
for better security. This is an example and other tools can also achieve the same goal. If this example does not work for you or if you are not using Whonix ™, please refer to this link
.
Add at the end of the file.
Save and exit.
3. Change I2Pconsole interface local IP change. [24]
Open file /var/lib/i2p/i2p-config/clients.config.d/00-net.i2p.router.web.RouterConsoleRunner-clients.config
in an editor with administrative (root) write permissions.
This box uses sudoedit
for better security. This is an example and other tools can also achieve the same goal. If this example does not work for you or if you are not using Whonix ™, please refer to this link
.
Change from 127.0.0.1
to 127.0.0.2
.
Save and exit.
4. Restart I2P. [25]
5. Open I2P Console in Tor Browser (Qubes-Whonix ™:
anon-whonix-I2P
App Qube).
6. Recommendations:
- Go to http://127.0.0.2:7657/confignet
and change:
- set "Prefer IPv4 over IPv6"
- tick Disable inbound (Firewalled by home network, ISP, DS-Lite, or carrier-grade NAT)
- tick Laptop mode - Change router identity and UDP port when IP changes for enhanced anonymity (Experimental)
- under UDP port: tick Completely disable (select only if behind a firewall that blocks outbound UDP)
- Review and adjust the bandwidth settings in
http://127.0.0.2:7657/config
- the default settings of 300 KB/s down / 60 KB/s up are fairly conservative
- users report settings of 5000+ KB/s provide better connectivity
- Changes for I2P reseeders
- go to http://127.0.0.2:7657/configreseed
then scroll down and add to Reseed URLs:
https://zktj5jw72srd7raiqyrhrt4pzebaruk3cf4qclpcqtigedtvhhob6gad.onion/i2pseeds.su3
- go to Proxy type for HTTPS reseed URLs: and choose
SOCKS 5
- then Save changes and reseed now
- go to http://127.0.0.2:7657/configreseed
If errors appear like: "Network: ERR-UDP Disabled and Inbound TCP host/port not set" or "ERR-Clock Skew of X min" or "WARN [Timestamper] .router.time.RouterTimestamper: Unable to reach any of the NTP servers ...", they can be safely ignored.
Notes:
- Once the Local Tunnels (shared clients) section shows a green connection, I2P should be fully functional and it is possible to browse eepsites like
zzz.i2p
. Some users report this process can be lengthy and take more than 10-20 minutes before the tunnels are stable/available. - I2P functional over Tor but the user should be aware that I2P developers do not really support it nor recommending it. Just because it is functional does not mean it is supported. In other words I2P upstream developers will not change any I2P behavior just for the sake of connecting I2P over Tor because I2P is not designed to be running over Tor.
Searching I2P[edit]
Search engines:
- The onion service search engine https://ahmia.fi
now supports I2P eepsites and Tor2Web plans on adding I2P support. [26]
- http://seeker.i2p
is a search engine for I2P eepsites.
Eepsite directories:
- http://stats.i2p
lists registered i2p websites.
- http://identiguy.i2p
lists many known and alive I2P websites.
- http://no.i2p
lists known latest and alive i2p websites. The site list is generated from registered sites and external sources.
- http://inr.i2p
lists known latest and alive i2p websites. The site list is generated from registered sites and external sources.
Figure: I2P Browsing in Whonix ™
Services[edit]
The I2P supported applications webpage
warns that no guarantee can be provided about the safety of compatible applications, plugins and services -- they must be properly configured and might jeopardize anonymity due to design faults or carelessness. Carefully vet these tools and research them diligently beforehand.
Many interesting features and functionality are implemented for I2P in the form of stand-alone packages or plugins that can be optionally installed from their official plugin eepsite. Various tools are available for:
- blogging, forums and wikis
- decentralized file storage
- development tools
- domain naming
- file sharing
- network administration
- real-time chat
- web browsing
- website hosting
The instructions are simple to follow. The signing keys for these plugins are already built into the official I2P package and so are already white-listed. This is not a complete list.
For documentation about default port numbers of I2P plugins, see this page.
I2P-Bote[edit]
I2P-Bote is a serverless, encrypted email plugin that uses I2P for anonymity. Messages are stored in the distributed hash table (DHT)
for 100 days, during which the recipient is able to download them. Emails are automatically encrypted and digitally signed, which means only the intended recipient can read them and they cannot be forged by third parties.
To back up I2P-Bote data, copy the i2pbote folder inside the I2P config directory (~/.i2p/i2pbote on Unix systems or /var/lib/i2p/i2p-config when running as a daemon).
Compartmentalize activities and only use the I2P-Bote/Susimail VM snapshot for this purpose. Generally, applications that run with a browser interface are vulnerable to a whole class of bugs, including cross-site request forgery (CSRF).[27][28]
Features[edit]
- themeable webmail interface
- user interface translated into many languages
- one-click creation of email accounts (called email identities)
- emails can be sent under a sender identity, or anonymously
- ElGamal, Elliptic Curve, and NTRU encryption
- encryption and signing is transparent, without the need to know about PGP
- delivery confirmation
- basic support for short recipient names
- IMAP / SMTP
Planned Features[edit]
- custom folders
- sending and receiving via relays, similar to Mixmaster
- lots of small improvements
[edit]
RetroShare is a friend-to-friend (F2F) network that enables end-to-end encrypted communications, including general messaging, mail, forums, publish-subscribe messaging ('pubsub'), file exchange and even telephony. It can be used as an alternative to Syndie (see further below) and can be tunneled through I2P for enhanced anonymity.
Follow the steps in this guide to connect to others over I2P. Also see: I2P Hidden RetroShare Nodes
.
To install RetroShare, see: Installation.
Syncthing[edit]
Syncthing is a popular libre software for file syncing based on the bittorrent protocol. [29] Syncthing provides several benefits: [30]
- cross-platform availability
- data is not stored on a central server, but only on your computer(s)
- all communication is secured with TLS and perfect forward secrecy
- every node is identified by a strong cryptographic certificate
- a completely open protocol -- open source, open development and open discourse
- portable and simple to use Web GUI
It is possible to tunnel Syncthing traffic over I2P as shown in this guide. [31]
To install Syncthing, run.
Syndie[edit]
Syndie is I2P's distributed (decentralized) forum software, allowing asynchronous conversations between anonymous participants. It was the focus of I2P's creator shortly before he ceased public activity. It supports single and multiple author modes, adjustable visibility of posts and post moderation. Syndie features its own minimalist and secure reader to protect against browser exploitation. In 2018, Syndie was being rewritten in another programming language to provide a more modern and simple interface, along with basic image rendering. [32]
A key benefit of Syndie is that unlike centralized forums, it cannot be easily taken offline via denial of service attacks or administrative action, and there is no single point to monitor group activity. Offline forum participation is possible, by 'syncing up' any accumulated changes when it is convenient (days, weeks or even months later). In addition to simple text messages, entire webpages or the full content of sites can be packaged into a single post, which can even be browsed offline.
The Syndie Technical Features section notes: [33]
On the whole, Syndie works at the *content layer* - individual posts are contained in encrypted zip files, and participating in the forum means simply sharing these files. There are no dependencies upon how the files are transferred (over I2P
, Tor
, Freenet
, gnutella
, bittorrent
, RSS
, usenet
), but simple aggregation and distribution tools will be bundled with the standard Syndie release.
To install Syndie, run.
ZeroNet[edit]
Unfortunately, I2P is not yet natively supported as a tunneling option in ZeroNet. No real progress has been made towards this goal for years; see footnotes to follow developments. [34] [35]
Installing I2P on Whonix-Gateway[edit]
It is possible to run I2P and Tor simultaneously on Whonix-Gateway ™:
user
→Tor
→Internet
; anduser
→I2P
→Internet
Users who are interested in this configuration should follow the detailed instructions found here.
This configuration is untested by Whonix ™ developers and it is considered experimental. Also, Whonix ™ developer HulaHoop has noted it is difficult to have a preconfigured Tor Browser for accessing .i2p
domains and other non-clearnet top-level domains, as well as optimizing I2P operations when tunneled over Tor.
For further information and to report successes/failures of this approach, refer to the
development discussion and old development discussion
.
Footnotes[edit]
- ↑ https://geti2p.net/en/about/intro
- ↑ https://geti2p.net/en/research
- ↑ Currently working with both sun and kaffe; gcj support is planned for later.
- ↑ 4.0 4.1 4.2 https://geti2p.net/en/comparison/tor
- ↑ https://twitter.com/i2p/status/756952247662239744
- ↑ https://geti2p.net/sv/docs/how/network-database
- ↑ I2P documentation is lacking in describing these features, but there are plans to improve the situation.
- ↑ https://twitter.com/i2p/status/756948810790821888
- ↑ This should make it more difficult for adversaries to compromise the relevant information.
- ↑ Making it harder for adversaries to sample for attack purposes.
- ↑ Tor2web is a project which allows Internet users access to Tor Onion Services without Tor Browser.
- ↑ http://i2p.rocks/
- ↑
Non-functional I2P inproxy domains:
- awxcnx I2P eepsite inproxy
- awxcnx I2P IRC inproxy - see Chat for general chat safety advice.
- Or simply add '.to' after '.i2p'. For example, instant of http://forum.I2P
you could use http://forum.i2p.to
- ↑ For onion services, simply append the onion service name after the short eepsite name, omitting the .i2p TLD.
- ↑ This sounds worse than it really is because very few people are expected to use I2P over Tor. Further, I2P itself offers this option. It is not like a leeching mod.
- ↑ https://www.reddit.com/r/i2p/comments/579idi/warning_i2p_is_linkablefingerprintable/
- ↑
Using Qubes UpdatesProxy (
--proxy http://127.0.0.1:8082/
) because Qubes Templates are non-networked by Qubes default and therefore require UpdatesProxy for connectivity. (APT in Qubes Templates is configured to use UpdatesProxy by Qubes default.) - ↑
Even more secure would be to download the key Disposable and then
qvm-copy
it to the Qubes Template because this would avoid
curl
's attack surface but this would also result in even more complicated instructions. - ↑
Even more secure would be to display the key in another Disposable because this would protect the Template from
curl
's andgpg
's attack surface but this would also result in even more complicated instructions. - ↑ Minor changes in the output such as new uids (email addresses) or newer expiration dates are inconsequential.
- ↑
https://forums.whonix.org/t/apt-repository-signing-keys-per-apt-sources-list-signed-by/12302
- ↑ Except in the case of YaCy, which needs internet access.
- ↑
https://i2pgit.org/i2p-hackers/i2p.i2p/-/issues/344
- ↑
https://i2pgit.org/i2p-hackers/i2p.i2p/-/issues/345#note_4419
- ↑
https://i2pgit.org/i2p-hackers/i2p.i2p/-/issues/345#note_4419
- ↑ https://lists.torproject.org/pipermail/tor-talk/2016-January/039814.html
- ↑ https://chaoswebs.net/blog/2016/12/01/Exploiting-I2P-Bote/
- ↑ https://chaoswebs.net/blog/2016/10/15/Stealing-Your-I2P-Email/
- ↑
Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers and replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the internet.
- ↑ https://syncthing.net/
- ↑ This guide is also reposted here
.
- ↑ https://i2pforum.net/viewtopic.php?f=25&t=9
- ↑ https://syndie.de/features.html
- ↑ https://github.com/HelloZeroNet/ZeroNet/issues/57
- ↑ https://github.com/HelloZeroNet/ZeroNet/issues/45