The Invisible Internet Project

1328 readers
1 users here now

I2P Community Edition

This isn't the official I2P channel, if you want go there then you can find it in the links below.

Rules

"Don't be a dick" - Wil Wheaton

General

Media:

File Hosting and Pastebins

Torrents

Social Networks and Microblogging

Exploring I2P

I2P Name Registries

Search engines

IRC

Irc2P comes pre-configured with I2P. To connect with other networks, please follow this tutorial.

Syndie

An open source system for operating distributed forums in anonymous networks

Inproxies

You can use inproxies to surf the I2P network without having to have an I2P router.

Follow us on Twitter

founded 1 year ago
MODERATORS
1
1
FAQ (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 
 

The Invisible Internet Project (I2P) is a network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user’s traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world.

The Invisible Internet Project began in 2002 and has been active since that time.

How Does I2P Protect Me?

The server is hidden from the user and the user from the server. All I2P network traffic is internal to its network. Traffic inside the I2P network does not interact with the Internet directly. It is a layer on top of the Internet.Encrypted unidirectional tunnels are used between you and your peers to send traffic. No one can see where that traffic is coming from, where it is going, or what the contents are. Additionally I2P transports offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.

Distribution All traffic on the I2P network is encrypted. An observer cannot see a message’s contents, source, or destination. All traffic you route as a participant is internal to the I2P network, you are not an exit node. The network does not do distributed storage of its content ( like Freenet or IPFS). By participating as a node you are not storing content for anyone.If there are hidden services which you dislike, you may refrain from visiting them. Your router will not request any content without your specific instruction to do so.

Is Using I2P Dangerous?

The I2P network is an overlay network. There are no dangers in using an overlay network. If you are engaging activities that are illegal or dangerous on the internet, that does not change if you are using an overlay network.

Regarding using overlay networks, the Java implementation includes a “Strict Countries List” that is used to decide how I2P routers should behave within regions where applications like I2P may be limited by law. For example, while no countries that we know of prohibit using I2P, some have broad prohibitions on participating in routing for others. Routers that appear to be in the “Strict” countries will automatically be placed into “Hidden” mode.

When a router is placed into hidden mode, three key things change about its behavior. It will no longer publish a routerInfo to the NetDB, it will no longer accept participating tunnels, and it will reject direct connections to routers in the same country that it is in. These defences make the routers more difficult to enumerate reliably, and prevent them from running afoul of restrictions on routing traffic for others.

OPSEC Keep track of what profiles you maintain and what services you interact with no matter what network you use. Perform personal risk assessments. The I2P Java software ships with very good defaults for hops for privacy without sacrificing performance.

What About “De-Anonymizing” Attacks? Reducing anonymity is typically done by: A) identifying characteristics that are consistent across identities or B) identifying ephemeral characteristics of repeated connections.

Attacks on I2P in the past have relied on correlating NetDB storage and verification. By randomizing the delay between storage and verification, we reduce the consistency with which that verification can be linked to I2P activity, thereby limiting the utility of that data point. Attacks on software configured to work with I2P are out of scope for I2P to solve. When browsing I2P, hosting or using I2P services, it is the responsibility of the user to consider their threat model.

How Do I Connect To the I2P Network?

The core software (Java) includes a router that introduces and maintains a connection with the network. It also provides a handful of applications and configuration options to get you started and personalize your experience.I2Pd is a C++ implementation of the I2P protocol. When using I2Pd you will need to edit configuration files, with Java I2P you can do it all within a user interface.

What Can I Do On The I2P Network?

The network provides an application layer that allows people to use and create familiar apps for daily use. Additionally, the network has its own unique DNS so that you can self host or mirror content on the network. The I2P network functions the same way the Internet does. The Java software includes a BitTorrent client, and email as well as a static website template. Other applications can easily be added to your router console.

What Is the Best OS To Use?

The I2P core software is cross platform. The best OS to use is the one that you feel most comfortable using.

Do I Have To, Or Should I Use I2P in Qubes or Whonix? Am I Not Safe If I Use Something Else?

This depends on your personal threat model. Generally speaking, I2P in Qubes or Whonix are very strong security measures. You can usually use the I2P software with a Firefox or Chromium browser without worry.

It is more important to exercise caution with who you communicate with and how. If you’re doing something that attracts the attention of people with the time and energy to carry out massive, scaled up attacks or sophisticated zero-day attacks, then something extremely thorough like Qubes is an option. On the other hand, if you’re just hosting your blog or surfing I2P sites, then chances are you’re fine just using the OS you’re most comfortable with. The real answer is conscientiousness, don’t say anything you’re not comfortable with somebody repeating.

I Can See My IP Address?

Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P software is public, nobody can see your activities in the network. For instance, you cannot see if a user behind an IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the network.

Firewalled Status?

A firewalled I2P router can still access the I2P network. However, if you want to provide extra capacity to the network, it is necessary to open ports.Open I2P’s port on your modem, router and/or firewall(s) for better connectivity (ideally both UDP and TCP).For more information about Port Forwarding: https://portforward.com/

Browsing Functions in I2P

A properly configured browser supports accessing content on the I2P network ( I2P sites and services ) and accessing clearnet content via the outproxy service specified in the Hidden Services Manager of the I2P router.

Instruction for configuring a browser are outlined here: https://geti2p.net/en/about/browser-config .

There is also a Firefox based extension ( I2P in Private Browsing Mode ) that can be found in the the new experimental Windows installer, or can be added directly from here: https://addons.mozilla.org/en-US/firefox/addon/i2p-in-private-browsing/

Does It Matter What Browser Is Used To Access Content On the I2P Network?

Yes and no. Technically, you can use any browser that has support for proxies. However, some browsers are more secure than others. Also, depending on the browser, it may be more difficult to set up a proxy.

What Browser Should I Use For I2P on Android?

In principle, any browser works, but Privacy Browser is the easiest to set up because it has pre-configured proxy settings for I2P. Instruction can be found here: https://github.com/eyedeekay/Configuring-Privacy-Browser-for-I2P-on-Android#configuring-privacy-browser-for-i2p-on-android

Is It Possible To Install I2P Software on an iPhone?

This is currently not possible without increased effort. If you are tech savvy you can take a look at https://i2pd.readthedocs.io/en/latest/devs/building/ios/. Currently there is no official I2P app available.

What Does It Mean When I See That My I2P Router Needs To Be Integrated Into The Network?

An I2P router needs a few minutes to connect to the network. Sometimes it can take up to an hour.

How Can I tell If The I2P Proxy Is Ready?

You can go to 127.0.0.1:7657/tunnelmgr, if the status of “I2P HTTP Proxy” is green, the proxy is ready and you should be able to surf.

I Cannot Reach I2P Sites

If your router is running and you have shared clients and a browser configured, or are using I2P In Private Browsing Mode and see a proxy ready indicator, check the I2P project website using the link found in /home in the router console. If you can reach that site, then you know that your connection is good and browser is working. If you cannot reach a specific site, please realize that we cannot help you with that.

How Do I Activate the SAM Bridge?

To enable the SAM API: go too http://127.0.0.1:7657/configclients. Find the menu item called “SAM application bridge.” Select “Run at Startup” and press the small arrow to the right of the text.

How Come Router ‘shutdown’ Takes Several Minutes?

Because you are routing traffic for other peers. If you shutdown your router immediately, you interrupt their traffic.

2
0
submitted 4 months ago* (last edited 4 months ago) by [email protected] to c/[email protected]
 
 

This release, I2P 2.6.0, continues our work by fixing bugs, adding features, and improving the network's reliability.

Newer routers will be favored when selecting floodfill routers. I2PSnark received features which improve the performance of PeX(Peer Exchange), in addition to bug fixes. Legacy transport protocols are being removed, simplifying the code in the UDP transports. Locally-hosted destination will be reachable by local clients without requesting their LeaseSet, improving performance and testability. Additional tweaks were made to peer selection strategies.

I2P no longer allows I2P-over-Tor, connections from Tor exit IP addresses are now blocked. We discourage this because it degrades the performance of I2P and uses up the resources of Tor exits for no benefit. If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each. Non-exit relays and Tor clients are unaffected by this and do not need to change anything.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

RELEASE DETAILS Changes

  • Router: Increase minimum version for floodfill routers

  • Router: Disable I2P over Tor

  • Address Book: Cache locally hosted destinations

Bug Fixes

  • I2PSnark: Peer Exchange Tweaks

  • I2PSnark: Bugfixes

  • Router: Peer Selection Tweaks

Other

  • Translation updates
3
1
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
 
 

I2P 2.5.2 is released to fix a bug introduced in 2.5.0 causing truncation of some HTTP content.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

RELEASE DETAILS

Changes

  • Console: Update rrd4j to 3.9.1-preview
  • Router: Publish G cap if symmetric natted

Bug Fixes

  • i2ptunnel: Fix bug causing truncation of some HTTP content
  • i2ptunnel: Fix custom option form width (light theme)
  • Tunnels: Fix selection of peers with expired RIs

Other

  • Translation updates
4
 
 

[2.52.0] - 2024-05-12

Added

  • Separate threads for persisting RouterInfos and profiles to disk
  • Give preference to address with direct connection
  • Exclude addresses with incorrect static or intro key
  • Avoid two firewalled routers in the row in tunnel
  • Drop unsolicited database search replies

Changed

  • Increase number of hashes to 16 in exploratory lookup reply
  • Reduce number of a RouterInfo lookup attempts to 5
  • Reset stream RTO if outbound tunnel was changed
  • Insert previously excluded floodfill back when successfully connected
  • Increase maximum stream resend attempts to 9
  • Reply to exploratory lookups with only confirmed routers if low tunnel build rate
  • Don't accept too old RouterInfo
  • Build client tunnels through confirmed routers only if low tunnel build rate
  • Manage netDb requests more frequently
  • Don't reply with closer than us only floodfills for lookup

Fixed

  • Crash on router lookup if exploratory pool is not ready
  • Race condition in excluded peers for next lookup
  • Excessive number of lookups for same destination
  • Race condition with transport peers during shutdown
  • Corrupted RouterInfo files
5
 
 

Some projects have been DMCA'ed and hosting them on I2P could be a viable alternative.

6
1
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
 
 

I2P 2.5.1 is being released to address Denial-of-Service Attacks affecting the I2P network and services. With this release we disable the IP-based parts of the Sybil attack detection tool which were targeted to amplify the effect and duration of the attack. This should help the network return to normal operation. Those of you who have disabled the Sybil attack detection tool may safely re-enable it. Adjustments to other subsystems to improve RouterInfo validation and peer selection have also been made.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

7
 
 

I'm looking to try out i2p but I'm having trouble getting it going.

I have a docker-compose container going with this docker-compose.yml:

version: "3.5"
services:
    i2p:
        image: geti2p/i2p
        ports:
            - 4444:4444
            - 127.0.0.1:6668:6668
            - 7657:7657
            - 54321:12345
            - 54321:12345/udp
        volumes:
            - ./i2pconfig:/i2p/.i2p
            - ./i2ptorrents:/i2psnark
        restart: always
        environment:
            - IP_ADDR=0.0.0.0
            - JVM_XMX=1024m

The container starts up and the log outputs:

$ docker logs i2p-i2p-1 
Starting I2P
[startapp] Running in container
[startapp] setting reachable IP to container IP 0.0.0.0
Starting I2P 2.4.0-0

But when I try to access the console, I'm seeing:

$ curl localhost:7657
curl: (56) Recv failure: Connection reset by peer

Is there anything else that I need to do here?

8
 
 

The I2P network is currently under a Denial-of-Service attack. This attack affects I2P and i2pd but in different ways and is having a serious effect on network health. Reachability of I2P sites is badly degraded.

Java I2P users are suggested to disable the sybil attack tool, delete the sybil-blocklist, and re-start their routers.

To disable the sybil attack detector tool

Open the sybil attack detector in your router console at http://127.0.0.1:7657/netdb?f=3&m=15

Change "Background Analysis Run Frequency" to "Never"

Click "Save" to save the settings.

To delete the sybil blocklist, run:

On Debian and Ubuntu:

rm "/var/lib/i2p/i2p-config/sybil-analysis/blocklist-sybil.txt"

On other Linuxes and on Mac OSX:

rm "$HOME/.i2p/sybil-analysis/blocklist-sybil.txt"

And on Windows:

del %LocalAppData%\i2p\sybil-analysis\blocklist-sybil.txt"

When you are finished, re-start your I2P router.

If you are hosting a service inside I2P and it is hosted on a Floodfill router, you should consider multihoming the service on a Floodfill-disabled router to improve reachability. Other mitigations are being discussed but a long-term, backward-compatible solution is still being worked on.

9
 
 

zzz has posted the following update:

"I2P network reliability is currently degraded due to a novel and persistent attack. Please be patient as we work on mitigations. If you have not yet updated to the latest release 2.5.0, please do so as it provides some defences."

For i2pd users, you can try building their latest from GitHub which may help.

10
 
 

I host i2p on a rpi 3 in order to use it as a mutualize gateway for my private network. i2p consume so much ressources that I couldn't even curl it's web interfaces. It try to get some info on what are the hardware requirements, but didn't find anything.

  • What are the minimal hardware requirements for the current version of i2p ?
  • Is it a good idea to mutualise a gateway on a private server ?
  • If so, is it a good idea to give access to this gateway through a VPN ?

Thanks for your answers

11
 
 

This is a pre-release of the I2P Easy-Install Bundle for Windows. This changes how the I2P bundle and browser profile manager are installed and integrated with the host system. The Easy-Install bundle is now a "portable" system that can be moved to different locations within or between Windows file-systems while retaining all built-in functionality. A shortcut for starting the I2P router is still provided by the installer for convenience, but the shortcuts for starting the I2P Browser are now integrated with the I2P desktop UI.

The browser profile manager itself has been split away from the monolithic I2P router+Java/jpackage, and moved into an I2P plugin managed by the router. While this was done primarily to reduce how complex the existing code was, this also results in behavior which is closer to the main distribution of I2P for Windows and will lead to a more flexible installer, which can bundle additional default plugins and may be suitable for installation as a Windows service. I2P Plugins can also be updated independently of the router that hosts them, so it will be possible to update the browser profile manager independently of the router itself. It also means that the browser profile manager can be un-installed by uninstalling the plugin, and much more importantly that the browser profile manager is now compatible with all Java I2P distributions.

Why a dev build 3 weeks before the release?

By further delineating the components of the bundle, these changes also affected how the release process happens. In particular the build process of each component has been encapsulated in a CI description which can be reproduced on a local PC. This simplifies and automates the build process by ensuring that up-to-date build tools are installed in a brand-new container for every build. In effect this should speed up the release process for I2P Easy-Install for Windows considerably. This release is a test-run of the new process, so I can document what is going on. It breaks down roughly like this:

  • It takes ~22 minutes to compile all the targets for the i2p.plugins.firefox and make the resulting artifacts available. During this process, I must insert 1 HSM and enter 1 password. (This part used to be about 30 steps, now it takes 1)
  • It takes ~22 minutes to compile all the targets for the i2p.firefox project and make the resulting artifacts available. This process produces only unsigned artifacts identified by their hashes, and is non-interactive. (This part used to be around 60 steps the first time, and 40 steps each additional time)
  • i2p.firefox updates are signed in their .su3 form. The NSIS-powered .exe installer is the current updater. The next step is to sign just this installer and generate a torrent of the result. (This process used to depend on the previous build process and couldn't be done independently. Now it takes about 30 seconds)
  • Generate and sign a newsfeed to notify the users of an update. This process is the only process that is slower when containerized, because there are dozens of feeds to be signed in their respective containers. It takes about an hour.

For you the end user, nothing much should change. You'll get your updates a lot faster, and have more options available for testing. The same installer is used for the updater, and the process is handled the same way. However for developers, testers, and maintainers, this release will result in big changes for the better.

This release still embeds a 2.4.0 Java I2P router. No changes have been made to update the embedded router. Network behavior will be unchanged until the official 2.5.0 release.

12
 
 

Anyone know how to switch browser in i2p mobile? I opted for the built in one, but it's kind of limited and I can't seem to change it. I have Firefox installed but can't select it as the default.

13
1
Thoughts? (sh.itjust.works)
submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/[email protected]
14
 
 

Check the tutorial in my blog!

Borrowed from that other site.

15
 
 

Someone's managed to somewhat revive MuWire, the anonymous filesharing app.

It can be downloaded from within i2p or you can get it here: https://ufile.io/y1uecxev

As always, be careful with unknown binaries. I take no responsibility for the files or what you do with them.

16
 
 

From IDK.

After the very challenging 2.3.0 and 2.4.0 release cycles we're going to have a long release cycle this time, targeting an April release. This release will feature performance improvements and new application features.

To keep track of newly merged features, follow along at: https://git.idk.i2p/i2p-hackers/i2p.i2p/-/merge_requests?scope=all&state=merged&milestone_title=2.5.0

  • Target Release Date: April 29, 2024.
  • Major Changes Due Date: March 31, 2024
  • Tag Freeze Date: December April 11, 2023

If you want to run the code I am (Usually) running, use the master branch from git.

17
 
 

Hello all!

So i would like to increase my upload bandwidth of i2psnark but it doesn't let me go beyond 9.999. I have a 500/500 fiber connection with no cap and like to share bit more then only the 9.999 KBs.

EDIT: I manage to solve it thanks to sopuli.xyz

I changed the i2psnark.upbw.max ration inside ~/local/share/containers/storage/volumes/i2p_i2phome/_data/i2psnark.config.d/i2psnark.config"

the perhaps odd file locations is due to me using podman in rootles mode

18
1
[TUTORIAL] How to make your own private XMPP server federated over tor and i2p (mnemccsdsbtwupoawqiaco2llfmnw5i4b64chep2mvkmu2yqe4xq.b32.i2p)
submitted 9 months ago by [email protected] to c/[email protected]
 
 

From i2p on reddit. Link is to an i2p page so start up your i2p instances.

In this tutorial, I will show how you can make your own private XMPP server, where you will have full control of your user data, messages, groups, files, all of that federated over anonymizing networks such as tor and i2p.

19
1
submitted 9 months ago* (last edited 9 months ago) by [email protected] to c/[email protected]
 
 

The article is in English, don't be fooled by the summary.

20
 
 

From divaexchange:

I2P community related updates:

a) a locally installable I2P(d) testnetwork is available in the public domain. Here is the link to github: https://github.com/h-phil/i2pd-testnet-kubernetes . I2Pd (C++) is supported, I2P java not. The author of the testnet might or might not fix that issue. So: PRs are welcome for those who need Java I2P support. This kurbernetes-based testnet (which scales very well) is a side effect of the I2P de-anonymization study (academic work) which has been finished mid of January 2024 (see below).

b) Independent (of the I2P[d] developers) de-anonymization study (academic research, sponsered by diva.exchange, done at Lucerne University of Applied Science, Switzerland): results in a nutshell "there have been no patterns found, using passive network surveillance technologies, to relate a Lease Set to a Router Info - hence it was not possible to de-anonymize an I2P service provider by just using mass surveillance technology".

Remark 1: the study is NOT trying to identify/exploit bugs within the I2P software to de-anonymize service providers within the I2P network (in this context, this is not interesting for the researchers - the overall I2P architecture is the interesting part).

Remark 2: there are two areas of "I2P de-anonymization" research sponsored by diva.exchange - one is focussing on "taking over I2P tunnel control by harrassing network participants" the other one is focussing on "de-anonymization using network surveillance technologies in combination with pattern recognition".

The study will be published sooner or later on academic channels. To get notified, follow here: https://x.com/@DigitalValueX or https://social.diva.exchange/@social (mastodon)

c) I2P Docker / I2P-SAM news: docker images (https://hub.docker.com/r/divax/i2p) and a complete I2P SAM library (https://github.com/diva-exchange/i2p-sam) are updated regularily. The docker images and the SAM library are used in the academic context. They are well tested and reliable.

21
 
 

I am on a tor site and it has 2 links to an i2p site. The first says "I2P [b32]" and has a link of http://acruexirfkgcqhwxyu75v7dtahr3a44hmbfygngsvubmkrbd6axa.b32.i2p/. This link works in my browser configured for i2p. The second link just says "I2P" and has a url of http://mysu.i2p/ which fails to load. Any ideas?

22
 
 

From StormyCloud:

We are thrilled to share our latest development with the community: CheckI2P.com. This tool is designed for anyone using the Invisible Internet Project (I2P) and seeks a fast and reliable way to verify their connection to an I2P Outproxy.

What is CheckI2P.com?

CheckI2P.com is a straightforward web tool that instantly informs you whether your internet traffic is being correctly routed through an I2P Outproxy. When you visit the site, you'll receive one of two messages:

"You are NOT using a known outproxy" – indicating that your current setup is not connected through an I2P Outproxy.

"You are connected to [insert outproxy name]" – confirming that your connection is securely routed through a recognized I2P Outproxy.

Why This Matters

For those not familiar, I2P is a network layer that allows for censorship-resistant, secure, and anonymous communication. Using an Outproxy is crucial for accessing regular websites outside the I2P network.

Contribute to the Project

We are constantly looking to expand our list of recognized outproxies. If you're aware of any reliable outproxies not currently included, feel free to suggest them in the comments. Moreover, for those who are technically inclined, contributions through Pull Requests are greatly appreciated at our GitHub repository: https://github.com/WaxySteelWorm/checki2p.com

Future Plans

Our vision for CheckI2P.com goes beyond its current functionality. We aim to integrate additional tools for testing various I2P functions, thereby making it a comprehensive resource for I2P users. Your feedback on the current iteration and suggestions for future features are immensely valuable to us.

23
 
 

Prowlarr has a setting for per indexer proxy. It seems most people use this for FlareSolverr but it also supports http and socks. I have i2p working and I can set up i2p as a proxy in a browser and everything works. But when I configure it in prowlarr I get an error 500. Has anyone else gotten this to work this way? I've only found a guide for setting up prowlarr with i2p globally but that breaks clearnet trackers.

24
 
 

Another blogpost on i2p and tor. Not bad from what I can tell. The more exposure the better.

25
 
 

So I'm trying to bridge to physical locations together. At one location I control the firewall and at the other I don't. I would normally use Wireguard but its all dynamic IPs so it would break every so often.

My though was to use I2P to create a bridge between the 2 places. I will use 0 hops on each with encrypted lease sets.

Is this a sain setup? What drawbacks will this have and will it be problematic? Also what security should I use for my encrypted lease set? I want only one device to connect and no others.

Edit: I think I'll use i2p for dns

view more: next ›