The Invisible Internet Project

1453 readers
24 users here now

I2P Community Edition

This isn't the official I2P channel, if you want go there then you can find it in the links below.

Rules

"Don't be a dick" - Wil Wheaton

General

Media:

File Hosting and Pastebins

Torrents

Social Networks and Microblogging

Exploring I2P

I2P Name Registries

Search engines

IRC

Irc2P comes pre-configured with I2P. To connect with other networks, please follow this tutorial.

Syndie

An open source system for operating distributed forums in anonymous networks

Inproxies

You can use inproxies to surf the I2P network without having to have an I2P router.

Follow us on Twitter

founded 1 year ago
MODERATORS
1
11
FAQ (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by CAVOK@lemmy.world to c/i2p@lemmy.world
 
 

The Invisible Internet Project (I2P) is a network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user’s traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world.

The Invisible Internet Project began in 2002 and has been active since that time.

How Does I2P Protect Me?

The server is hidden from the user and the user from the server. All I2P network traffic is internal to its network. Traffic inside the I2P network does not interact with the Internet directly. It is a layer on top of the Internet.Encrypted unidirectional tunnels are used between you and your peers to send traffic. No one can see where that traffic is coming from, where it is going, or what the contents are. Additionally I2P transports offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.

Distribution All traffic on the I2P network is encrypted. An observer cannot see a message’s contents, source, or destination. All traffic you route as a participant is internal to the I2P network, you are not an exit node. The network does not do distributed storage of its content ( like Freenet or IPFS). By participating as a node you are not storing content for anyone.If there are hidden services which you dislike, you may refrain from visiting them. Your router will not request any content without your specific instruction to do so.

Is Using I2P Dangerous?

The I2P network is an overlay network. There are no dangers in using an overlay network. If you are engaging activities that are illegal or dangerous on the internet, that does not change if you are using an overlay network.

Regarding using overlay networks, the Java implementation includes a “Strict Countries List” that is used to decide how I2P routers should behave within regions where applications like I2P may be limited by law. For example, while no countries that we know of prohibit using I2P, some have broad prohibitions on participating in routing for others. Routers that appear to be in the “Strict” countries will automatically be placed into “Hidden” mode.

When a router is placed into hidden mode, three key things change about its behavior. It will no longer publish a routerInfo to the NetDB, it will no longer accept participating tunnels, and it will reject direct connections to routers in the same country that it is in. These defences make the routers more difficult to enumerate reliably, and prevent them from running afoul of restrictions on routing traffic for others.

OPSEC Keep track of what profiles you maintain and what services you interact with no matter what network you use. Perform personal risk assessments. The I2P Java software ships with very good defaults for hops for privacy without sacrificing performance.

What About “De-Anonymizing” Attacks? Reducing anonymity is typically done by: A) identifying characteristics that are consistent across identities or B) identifying ephemeral characteristics of repeated connections.

Attacks on I2P in the past have relied on correlating NetDB storage and verification. By randomizing the delay between storage and verification, we reduce the consistency with which that verification can be linked to I2P activity, thereby limiting the utility of that data point. Attacks on software configured to work with I2P are out of scope for I2P to solve. When browsing I2P, hosting or using I2P services, it is the responsibility of the user to consider their threat model.

How Do I Connect To the I2P Network?

The core software (Java) includes a router that introduces and maintains a connection with the network. It also provides a handful of applications and configuration options to get you started and personalize your experience.I2Pd is a C++ implementation of the I2P protocol. When using I2Pd you will need to edit configuration files, with Java I2P you can do it all within a user interface.

What Can I Do On The I2P Network?

The network provides an application layer that allows people to use and create familiar apps for daily use. Additionally, the network has its own unique DNS so that you can self host or mirror content on the network. The I2P network functions the same way the Internet does. The Java software includes a BitTorrent client, and email as well as a static website template. Other applications can easily be added to your router console.

What Is the Best OS To Use?

The I2P core software is cross platform. The best OS to use is the one that you feel most comfortable using.

Do I Have To, Or Should I Use I2P in Qubes or Whonix? Am I Not Safe If I Use Something Else?

This depends on your personal threat model. Generally speaking, I2P in Qubes or Whonix are very strong security measures. You can usually use the I2P software with a Firefox or Chromium browser without worry.

It is more important to exercise caution with who you communicate with and how. If you’re doing something that attracts the attention of people with the time and energy to carry out massive, scaled up attacks or sophisticated zero-day attacks, then something extremely thorough like Qubes is an option. On the other hand, if you’re just hosting your blog or surfing I2P sites, then chances are you’re fine just using the OS you’re most comfortable with. The real answer is conscientiousness, don’t say anything you’re not comfortable with somebody repeating.

I Can See My IP Address?

Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P software is public, nobody can see your activities in the network. For instance, you cannot see if a user behind an IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the network.

Firewalled Status?

A firewalled I2P router can still access the I2P network. However, if you want to provide extra capacity to the network, it is necessary to open ports.Open I2P’s port on your modem, router and/or firewall(s) for better connectivity (ideally both UDP and TCP).For more information about Port Forwarding: https://portforward.com/

Browsing Functions in I2P

A properly configured browser supports accessing content on the I2P network ( I2P sites and services ) and accessing clearnet content via the outproxy service specified in the Hidden Services Manager of the I2P router.

Instruction for configuring a browser are outlined here: https://geti2p.net/en/about/browser-config .

There is also a Firefox based extension ( I2P in Private Browsing Mode ) that can be found in the the new experimental Windows installer, or can be added directly from here: https://addons.mozilla.org/en-US/firefox/addon/i2p-in-private-browsing/

Does It Matter What Browser Is Used To Access Content On the I2P Network?

Yes and no. Technically, you can use any browser that has support for proxies. However, some browsers are more secure than others. Also, depending on the browser, it may be more difficult to set up a proxy.

What Browser Should I Use For I2P on Android?

In principle, any browser works, but Privacy Browser is the easiest to set up because it has pre-configured proxy settings for I2P. Instruction can be found here: https://github.com/eyedeekay/Configuring-Privacy-Browser-for-I2P-on-Android#configuring-privacy-browser-for-i2p-on-android

Is It Possible To Install I2P Software on an iPhone?

This is currently not possible without increased effort. If you are tech savvy you can take a look at https://i2pd.readthedocs.io/en/latest/devs/building/ios/. Currently there is no official I2P app available.

What Does It Mean When I See That My I2P Router Needs To Be Integrated Into The Network?

An I2P router needs a few minutes to connect to the network. Sometimes it can take up to an hour.

How Can I tell If The I2P Proxy Is Ready?

You can go to 127.0.0.1:7657/tunnelmgr, if the status of “I2P HTTP Proxy” is green, the proxy is ready and you should be able to surf.

I Cannot Reach I2P Sites

If your router is running and you have shared clients and a browser configured, or are using I2P In Private Browsing Mode and see a proxy ready indicator, check the I2P project website using the link found in /home in the router console. If you can reach that site, then you know that your connection is good and browser is working. If you cannot reach a specific site, please realize that we cannot help you with that.

How Do I Activate the SAM Bridge?

To enable the SAM API: go too http://127.0.0.1:7657/configclients. Find the menu item called “SAM application bridge.” Select “Run at Startup” and press the small arrow to the right of the text.

How Come Router ‘shutdown’ Takes Several Minutes?

Because you are routing traffic for other peers. If you shutdown your router immediately, you interrupt their traffic.

2
21
Lemmy in I2P (suppo.fi)
submitted 16 hours ago* (last edited 16 hours ago) by gerlen@suppo.fi to c/i2p@lemmy.world
 
 

Found Lemmy instance in i2p.

http://kulervod.i2p

3
 
 

I been trying to understand the difference between i2p to things like Tor and VPNs.

To my understanding, i2p is its own closed off network, meaning you cannot use i2p to access stuff outside of i2p like the clear net, onion domains, etc?

When using i2p, all traffic is relayed through other users in the i2p network like Tor but there is really no such thing as an exit node since you cannot access content outside of i2p?

Therefore i2p is good for hosting .i2p domains that can only be accessed in the i2p network and is good for P2P applications like Bittorrent?

Is this correct? Or am I still misunderstanding i2p?

And therefore could you and other users on i2p run a bitcoin nodes which will only be federated with bitcoin nodes with the i2p network and never federate with the rest of the bitcoin network, essentially making a fork of bitcoin blockchain on i2p?

And is there any other good use cases to i2p besides dark net websites and torrenting?

4
5
 
 

[2.54.0] - 2024-10-06

Added

  • Maintain recently connected routers list to avoid false-positive peer test
  • Limited connectivity mode(through proxy)
  • "i2p.streaming.profile" tunnel's param to let tunnel select also low-bandwidth routers
  • Limit stream's inbound speed
  • Periodic ack requests in ratchets session
  • Set congestion cap G immediately if through proxy
  • Show tunnel's routers bandwidth caps in web console
  • Handle immediate ack requested flag in SSU2 data packets
  • Resend and ack peer test and relay messages
  • "senduseragent" HTTP proxy's param to pass through user's User-Agent

Changed

  • Exclude 'N' routers from high-bandwidth routers for client tunnels
  • C++11 support has been dropped, the minimal requirement is C++17 now, C++20 for some compilers
  • Removed dependency from boost::date_time and boost::filesystem
  • Set default i2cp.leaseSetEncType to 0,4 and to 4 for server tunnels
  • Handle i2cp.inboundlimit and i2cp.outboundlimit params in I2CP
  • Publish LeaseSet with new timestamp update if tunnel was replaced in the same second
  • Increase max number of generated tags to 800 per tagset
  • Routing path expiration by time instead num attempts
  • Save timestamp from epoch instead local time to profiles
  • Update introducer's iTag if session to introducer was replaced to new one
  • RTT, window size and number of NACKs calculation for streaming
  • Don't select same peer for tunnel too often
  • Use WinApi for data path UTF-8 conversion for Windows

Fixed

  • Jump link crash if address book is disabled
  • Race condition if connect through an introducer
  • "Date" header in I2PControl response
  • Incomplete response from web console
  • AEAD verification with LibreSSL
  • Number of generated tags and new keys for follow-on tagsets
  • Expired leases in LeaseSet
  • Attempts to send HolePunch to 0.0.0.0
  • Incorrect options size in quick ack streaming packet
  • Low bandwidth router appeared as first peer in high-bandwidth client tunnel
6
 
 

I ask because it would be nice to use the "I2P mixed mode" features of qbittorrent, but I want to keep my clearnet traffic on the VPN.

Background

I have I2PD running only on my home gateway for better tunnel uptime.

To ensure that torrent traffic never escapes the VPN tunnel, I have configured qbittorrent to use only the VPN Wireguard interface.

Problem

I think this means qbittorrent I2P traffic will flow into the VPN tunnel, but then the VPN host won't know how to route back to my home gateway where the SAM bridge is running.

7
 
 

I've configured my i2pd proxy correctly so things are somewhat working. I was able to visit notbob.i2p. But sometimes Firefox really likes to replace "http" with "https" when I click on a link or even enter the URL manually into the bar. I have "HTTPS-only mode" turned off, and I also have "browser.fixup.fallback-to-https" set to "false" and "network.stricttransportsecurity.preloadlist" to false.

I tried spying on the HTTP traffic in web dev tools, and I see the request gets NS_ERROR_UNKNOWN_HOST. This does not happen when using the xh CLI HTTP client, so Firefox is doing something weird with name resolution. I made sure to turn off the Firefox DNS over HTTPs setting as well, but it didn't seem to make a difference.

I assume that name resolution needs to happen in i2pd. How can I force Firefox to let that happen?

Update: Chrome works fine.

Update: I started fresh and simplified the setup and it seems fixed. I'm not entirely sure why. The only things I've changed from default are DoH and the manual HTTP proxy.

8
9
10
15
submitted 1 month ago* (last edited 1 month ago) by Flynn_Mandrake@lemmy.dbzer0.com to c/i2p@lemmy.world
 
 

I recently heard about DHT support on I2Psnark, and got curious whether qBittorrent supports this feature on I2P as well. When I first set up qBittorrent to work with I2P, the guide I used instructed to disable DHT, PeX and Local Peer Discovery due to lacking support and security risks. Has anything changed? Is libtorrent still lagging behind on these features?

11
12
13
 
 

--Stolen and reposted here, sorry zab, but I hope you're fine with some extra promotion--

Hi,

[...]

After about a year off MuWire is back to the land of the living and the network has ~50 active users at any given time. Here is how to set it up and connect:

  1. Go to the GitHub release page

  2. Download the connections.txt file and save it somewhere

  3. Depending on your operating system:

On Windows, download the MuWire-0.8.14-beta2.exe installer and run it. It will install everything you need to run MuWire. Skip to step 5.

On Linux, you need to install Java 17 or newer. This will be different on each distribution

On Mac, you need to install Java from [here] (https://jdk.java.net/22/) (available for both Intel and Apple Silicon).

  1. Download the [MuWire-0.8.14-beta2.zip] (http://muwire-0.8.14-beta2.zip/) file and unzip it. Run the bin/MuWire script to launch MuWire.

  2. Go through the MuWire setup wizard. When the main window appears, select Connections (top-left menu) -> Import connections and select the connections.txt file you saved in step 1.

Watch the bottom right of the main window - there is an icon like a molecule with the number of active connections to the MuWire network. As soon as MuWire connects, you can use it to search, share, download, message other users and more.

Enjoy!

zab_

14
 
 

[2.53.0] - 2024-07-19

Added

  • New congestion control algorithm for streaming
  • Support miniupnp-2.2.8
  • Limit stream's outbound speed
  • Flood to next day closest floodfills before UTC midnight
  • Recognize duplicated routers and bypass them
  • Random SSU2 resend interval

Changed

  • Set minimal version to 0.9.69 for floodfills and 0.9.58 for client tunnels
  • Removed openssl 1.0.2 support
  • Move unsent I2NP messages to the new session if replaced
  • Use mt19937 RNG instead rand()
  • Update router's congestion caps before initial publishing
  • Don't try introducer with invalid address
  • Select newest introducers to publish
  • Don't request relay tag for every session if we have enough introducers
  • Update timestamp for non-reachable or hidden router
  • Reset streaming routing path if duplicated SYN received
  • Update LeaseSet if inbound tunnel failed
  • Reseeds list

Fixed

  • Crash when a destination gets terminated
  • Expired offline signature upon destination creation
  • Race condition between local RouterInfo buffer creation and sending it through the transports
15
26
submitted 3 months ago* (last edited 3 months ago) by CAVOK@lemmy.world to c/i2p@lemmy.world
 
 

This release, I2P 2.6.0, continues our work by fixing bugs, adding features, and improving the network's reliability.

Newer routers will be favored when selecting floodfill routers. I2PSnark received features which improve the performance of PeX(Peer Exchange), in addition to bug fixes. Legacy transport protocols are being removed, simplifying the code in the UDP transports. Locally-hosted destination will be reachable by local clients without requesting their LeaseSet, improving performance and testability. Additional tweaks were made to peer selection strategies.

I2P no longer allows I2P-over-Tor, connections from Tor exit IP addresses are now blocked. We discourage this because it degrades the performance of I2P and uses up the resources of Tor exits for no benefit. If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each. Non-exit relays and Tor clients are unaffected by this and do not need to change anything.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

RELEASE DETAILS Changes

  • Router: Increase minimum version for floodfill routers

  • Router: Disable I2P over Tor

  • Address Book: Cache locally hosted destinations

Bug Fixes

  • I2PSnark: Peer Exchange Tweaks

  • I2PSnark: Bugfixes

  • Router: Peer Selection Tweaks

Other

  • Translation updates
16
17
 
 

From the maintainer "alreadyburnt" on reddit.

Before we begin: Snap(and AppImages) are still not official packages. This still an experimental package and just a side-project of mine.

A few years ago, I got way too interested in these semi-novel packaging systems that the various distributions came out with. I went on a rampage of experimental package creation, often without necessarily knowing the future of the packages themselves. Many versions ago, the most popular of those packages broke in a particu`larly annoying way, and I did not have time to fix it. Until a few weeks ago, that is, and now, it's actually a lot easier for me to be sure that what I'm packaging is going to actually work because I can generate and test the packages continuously.

TL:DR the Snap, which I created, then broke, is now fixed, and it's likely to stay that way. If you are a snap user stuck on an old version, update as soon as possible.

It is generated using jpackage combined with the Easy-Install source. As a package, it functions like the Easy-Install bundle and not like the .deb or .jar installers.

https://snapcraft.io/i2pi2p

What's the real point? Nobody really cares about Snapcraft that much, except maybe Canonical. A lot of people don't even like them. That's not why there's a Snap of I2P now. The reason there's a Snap of I2P now, and that this experiment was not discontinued outright, is because it demonstrates the power of jpackage, the technology underlying the Easy-Install Bundles for Windows, to generate self-contained images that can easily be adapted to Linux package formats. Once you can stick a jpackage inside a Snap, you can just as easily stick it inside of an AppImage. A slightly different manifest format will leave you with a working Flatpak. The same applies to docker-compose and probably many other tools. Or, you can just stick it all into a .zip file and treat it like an I2P portable installation. The files your packaging are always the same, and are simply generated by jpackageing a custom I2P router launcher.

For more information, see:

https://snapcraft.io/i2pi2p

https://github.com/eyedeekay/I2P-Snaps-and-Appimages/

18
19
 
 

Picked up from the other site. I'm not the dev of this.

Any feedback is welcome, source: https://github.com/umutcamliyurt/I2Proxy

20
 
 

On Windows, installing I2P is easy.

On Linux... not so much. That's because Linux isn't Linux. There's a Debian package, but OpenSuse is its own thing. Is there a way to get I2P, Snark, etc. up and running there without having to jump through too many hoops?

21
20
submitted 5 months ago* (last edited 5 months ago) by CAVOK@lemmy.world to c/i2p@lemmy.world
 
 

I2P 2.5.2 is released to fix a bug introduced in 2.5.0 causing truncation of some HTTP content.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

RELEASE DETAILS

Changes

  • Console: Update rrd4j to 3.9.1-preview
  • Router: Publish G cap if symmetric natted

Bug Fixes

  • i2ptunnel: Fix bug causing truncation of some HTTP content
  • i2ptunnel: Fix custom option form width (light theme)
  • Tunnels: Fix selection of peers with expired RIs

Other

  • Translation updates
22
 
 

[2.52.0] - 2024-05-12

Added

  • Separate threads for persisting RouterInfos and profiles to disk
  • Give preference to address with direct connection
  • Exclude addresses with incorrect static or intro key
  • Avoid two firewalled routers in the row in tunnel
  • Drop unsolicited database search replies

Changed

  • Increase number of hashes to 16 in exploratory lookup reply
  • Reduce number of a RouterInfo lookup attempts to 5
  • Reset stream RTO if outbound tunnel was changed
  • Insert previously excluded floodfill back when successfully connected
  • Increase maximum stream resend attempts to 9
  • Reply to exploratory lookups with only confirmed routers if low tunnel build rate
  • Don't accept too old RouterInfo
  • Build client tunnels through confirmed routers only if low tunnel build rate
  • Manage netDb requests more frequently
  • Don't reply with closer than us only floodfills for lookup

Fixed

  • Crash on router lookup if exploratory pool is not ready
  • Race condition in excluded peers for next lookup
  • Excessive number of lookups for same destination
  • Race condition with transport peers during shutdown
  • Corrupted RouterInfo files
23
 
 

Some projects have been DMCA'ed and hosting them on I2P could be a viable alternative.

24
25
submitted 6 months ago* (last edited 6 months ago) by CAVOK@lemmy.world to c/i2p@lemmy.world
 
 

I2P 2.5.1 is being released to address Denial-of-Service Attacks affecting the I2P network and services. With this release we disable the IP-based parts of the Sybil attack detection tool which were targeted to amplify the effect and duration of the attack. This should help the network return to normal operation. Those of you who have disabled the Sybil attack detection tool may safely re-enable it. Adjustments to other subsystems to improve RouterInfo validation and peer selection have also been made.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

25
 
 

I'm looking to try out i2p but I'm having trouble getting it going.

I have a docker-compose container going with this docker-compose.yml:

version: "3.5"
services:
    i2p:
        image: geti2p/i2p
        ports:
            - 4444:4444
            - 127.0.0.1:6668:6668
            - 7657:7657
            - 54321:12345
            - 54321:12345/udp
        volumes:
            - ./i2pconfig:/i2p/.i2p
            - ./i2ptorrents:/i2psnark
        restart: always
        environment:
            - IP_ADDR=0.0.0.0
            - JVM_XMX=1024m

The container starts up and the log outputs:

$ docker logs i2p-i2p-1 
Starting I2P
[startapp] Running in container
[startapp] setting reachable IP to container IP 0.0.0.0
Starting I2P 2.4.0-0

But when I try to access the console, I'm seeing:

$ curl localhost:7657
curl: (56) Recv failure: Connection reset by peer

Is there anything else that I need to do here?

view more: next ›