The Invisible Internet Project

1476 readers
8 users here now

I2P Community Edition

This isn't the official I2P channel, if you want go there then you can find it in the links below.

Rules

"Don't be a dick" - Wil Wheaton

General

Media:

File Hosting and Pastebins

Torrents

Social Networks and Microblogging

Exploring I2P

I2P Name Registries

Search engines

IRC

Irc2P comes pre-configured with I2P. To connect with other networks, please follow this tutorial.

Syndie

An open source system for operating distributed forums in anonymous networks

Inproxies

You can use inproxies to surf the I2P network without having to have an I2P router.

Follow us on Twitter

founded 2 years ago
MODERATORS
1
25
FAQ (self.i2p)
submitted 2 years ago* (last edited 2 years ago) by CAVOK to c/i2p
 
 

The Invisible Internet Project (I2P) is a network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user’s traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world.

The Invisible Internet Project began in 2002 and has been active since that time.

How Does I2P Protect Me?

The server is hidden from the user and the user from the server. All I2P network traffic is internal to its network. Traffic inside the I2P network does not interact with the Internet directly. It is a layer on top of the Internet.Encrypted unidirectional tunnels are used between you and your peers to send traffic. No one can see where that traffic is coming from, where it is going, or what the contents are. Additionally I2P transports offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.

Distribution All traffic on the I2P network is encrypted. An observer cannot see a message’s contents, source, or destination. All traffic you route as a participant is internal to the I2P network, you are not an exit node. The network does not do distributed storage of its content ( like Freenet or IPFS). By participating as a node you are not storing content for anyone.If there are hidden services which you dislike, you may refrain from visiting them. Your router will not request any content without your specific instruction to do so.

Is Using I2P Dangerous?

The I2P network is an overlay network. There are no dangers in using an overlay network. If you are engaging activities that are illegal or dangerous on the internet, that does not change if you are using an overlay network.

Regarding using overlay networks, the Java implementation includes a “Strict Countries List” that is used to decide how I2P routers should behave within regions where applications like I2P may be limited by law. For example, while no countries that we know of prohibit using I2P, some have broad prohibitions on participating in routing for others. Routers that appear to be in the “Strict” countries will automatically be placed into “Hidden” mode.

When a router is placed into hidden mode, three key things change about its behavior. It will no longer publish a routerInfo to the NetDB, it will no longer accept participating tunnels, and it will reject direct connections to routers in the same country that it is in. These defences make the routers more difficult to enumerate reliably, and prevent them from running afoul of restrictions on routing traffic for others.

OPSEC Keep track of what profiles you maintain and what services you interact with no matter what network you use. Perform personal risk assessments. The I2P Java software ships with very good defaults for hops for privacy without sacrificing performance.

What About “De-Anonymizing” Attacks? Reducing anonymity is typically done by: A) identifying characteristics that are consistent across identities or B) identifying ephemeral characteristics of repeated connections.

Attacks on I2P in the past have relied on correlating NetDB storage and verification. By randomizing the delay between storage and verification, we reduce the consistency with which that verification can be linked to I2P activity, thereby limiting the utility of that data point. Attacks on software configured to work with I2P are out of scope for I2P to solve. When browsing I2P, hosting or using I2P services, it is the responsibility of the user to consider their threat model.

How Do I Connect To the I2P Network?

The core software (Java) includes a router that introduces and maintains a connection with the network. It also provides a handful of applications and configuration options to get you started and personalize your experience.I2Pd is a C++ implementation of the I2P protocol. When using I2Pd you will need to edit configuration files, with Java I2P you can do it all within a user interface.

What Can I Do On The I2P Network?

The network provides an application layer that allows people to use and create familiar apps for daily use. Additionally, the network has its own unique DNS so that you can self host or mirror content on the network. The I2P network functions the same way the Internet does. The Java software includes a BitTorrent client, and email as well as a static website template. Other applications can easily be added to your router console.

What Is the Best OS To Use?

The I2P core software is cross platform. The best OS to use is the one that you feel most comfortable using.

Do I Have To, Or Should I Use I2P in Qubes or Whonix? Am I Not Safe If I Use Something Else?

This depends on your personal threat model. Generally speaking, I2P in Qubes or Whonix are very strong security measures. You can usually use the I2P software with a Firefox or Chromium browser without worry.

It is more important to exercise caution with who you communicate with and how. If you’re doing something that attracts the attention of people with the time and energy to carry out massive, scaled up attacks or sophisticated zero-day attacks, then something extremely thorough like Qubes is an option. On the other hand, if you’re just hosting your blog or surfing I2P sites, then chances are you’re fine just using the OS you’re most comfortable with. The real answer is conscientiousness, don’t say anything you’re not comfortable with somebody repeating.

I Can See My IP Address?

Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P software is public, nobody can see your activities in the network. For instance, you cannot see if a user behind an IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the network.

Firewalled Status?

A firewalled I2P router can still access the I2P network. However, if you want to provide extra capacity to the network, it is necessary to open ports.Open I2P’s port on your modem, router and/or firewall(s) for better connectivity (ideally both UDP and TCP).For more information about Port Forwarding: https://portforward.com/

Browsing Functions in I2P

A properly configured browser supports accessing content on the I2P network ( I2P sites and services ) and accessing clearnet content via the outproxy service specified in the Hidden Services Manager of the I2P router.

Instruction for configuring a browser are outlined here: https://geti2p.net/en/about/browser-config .

There is also a Firefox based extension ( I2P in Private Browsing Mode ) that can be found in the the new experimental Windows installer, or can be added directly from here: https://addons.mozilla.org/en-US/firefox/addon/i2p-in-private-browsing/

Does It Matter What Browser Is Used To Access Content On the I2P Network?

Yes and no. Technically, you can use any browser that has support for proxies. However, some browsers are more secure than others. Also, depending on the browser, it may be more difficult to set up a proxy.

What Browser Should I Use For I2P on Android?

In principle, any browser works, but Privacy Browser is the easiest to set up because it has pre-configured proxy settings for I2P. Instruction can be found here: https://github.com/eyedeekay/Configuring-Privacy-Browser-for-I2P-on-Android#configuring-privacy-browser-for-i2p-on-android

Is It Possible To Install I2P Software on an iPhone?

This is currently not possible without increased effort. If you are tech savvy you can take a look at https://i2pd.readthedocs.io/en/latest/devs/building/ios/. Currently there is no official I2P app available.

What Does It Mean When I See That My I2P Router Needs To Be Integrated Into The Network?

An I2P router needs a few minutes to connect to the network. Sometimes it can take up to an hour.

How Can I tell If The I2P Proxy Is Ready?

You can go to 127.0.0.1:7657/tunnelmgr, if the status of “I2P HTTP Proxy” is green, the proxy is ready and you should be able to surf.

I Cannot Reach I2P Sites

If your router is running and you have shared clients and a browser configured, or are using I2P In Private Browsing Mode and see a proxy ready indicator, check the I2P project website using the link found in /home in the router console. If you can reach that site, then you know that your connection is good and browser is working. If you cannot reach a specific site, please realize that we cannot help you with that.

How Do I Activate the SAM Bridge?

To enable the SAM API: go too http://127.0.0.1:7657/configclients. Find the menu item called “SAM application bridge.” Select “Run at Startup” and press the small arrow to the right of the text.

How Come Router ‘shutdown’ Takes Several Minutes?

Because you are routing traffic for other peers. If you shutdown your router immediately, you interrupt their traffic.

2
13
submitted 1 day ago* (last edited 1 day ago) by [email protected] to c/i2p
 
 

I used i2p from InviZible Pro (F-Droid).

I was trying to connect my Monero wallet to a Monero RPC Damon that somebody I know runs and while it did connect the absolute best speed I could ever achieve through it was 45KiB/s. I changed no settings at all and just used the defaults. Turned it on and had 33 client tunnels.

Tor usually gets me ~400KiB/s to the hs, but i thought i2p would be faster.

Edit: it used 2 hops as default and i left it that way.

3
 
 

I want to access i2p on my vps without a always connected ssh tunnel. to tried to configure the client.config according to this: https://geti2p.net/en/faq "Configuring your console to be available on a Public IP address with a username & password

Open ~/.i2p/clients.config and replace

                clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/
          

with

                clientApp.0.args=7657 ::1,127.0.0.1,(System_IP) ./webapps/
          

where you replace (System_IP) with your system's public IP address
Go to http://localhost:7657/configui and add a console username and password if desired - Adding a username & password is highly recommended to secure your I2P console from tampering, which could lead to de-anonymization.
Go to http://localhost:7657/index and hit "Graceful restart", which restarts the JVM and reloads the client applications

After that fires up, you should now be able to reach your console remotely. Load the router console at http://(System_IP):7657 and you will be prompted for the username and password you specified in step 2 above if your browser supports the authentication popup. NOTE: You can specify 0.0.0.0 in the above configuration. This specifies an interface, not a network or netmask. 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP. Be careful when using this option as the console will be available on ALL addresses configured on your system." Is this possible or do i missunderstood something? i want to use yunohost with redirect to redirect fom 127.0.0.1:7657 to my domainexample routersubdomain.mydomain.com. Is this even possible? Setting clientApp.0.args=7657 ::1,127.0.0.1,(System_IP) ./webapps/ wont work for me. I guess its a chain of misstakes i do :S

4
7
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/i2p
 
 

Hello, everyone!

I am running I2P and would like to have it port-forwarded to help out the network. Even though I have port-forwarded both UDP and TCP, it always indicates "firewalled" or "symmetric NAT." As far as I am aware, I do not have a symmetric NAT. I run many other port-forwarded services without any issues, some publicly, so I am not sure what the specific issue with I2P is.

EDIT: After some more digging i managed to fix the issue while using docker. For some reason you need to add the environmental variable EXT_PORT to the compose file like so

services:
    i2p:
        image: geti2p/i2p:latest
        environment:
            - EXT_PORT=XXXX <Make this the same port as the public UDP/TCP port>
        volumes:
            - /XXX/I2P-data/i2pconfig:/i2p/.i2p
            - /XXX/I2P-data/i2ptorrents:/i2psnark
        ports:
            - 4444:4444
            - 6668:6668
            - 7657:7657
            - XXXX:XXXX
            - XXXX:XXXX/udp
5
 
 

I am thinking about using i2p to remotely access my Jellyfin instance. I could set the hops on each side to zero but I am curious about battery life and data usage

6
 
 

On Android/GrapheneOS, Firefox/Mull/variants is the only browser with the needed proxy settings to use with i2p.

After a bit of searching, it works very well!

As i2p servers you can use "i2p", "i2pd" (more minimal but more efficient) or "InviziblePro" which bundles some implementation of i2p.

I am using i2pd currently, and it works well.

Installed the apps with Obtainium

  • Mull from the DivestOS F-Droid repo
  • i2pd from the purplei2p F-Droid repo
  • MullvadVPN from Github, Orbot from the guardianproject repo (as fallback if clearnet sites are used)

The browser can open .i2p and clearnet sites, using a little hack:

network.proxy.no_proxies_on to !.i2p

7
26
Lemmy in I2P (suppo.fi)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/i2p
 
 

Found Lemmy instance in i2p.

http://kulervod.i2p

8
 
 

I been trying to understand the difference between i2p to things like Tor and VPNs.

To my understanding, i2p is its own closed off network, meaning you cannot use i2p to access stuff outside of i2p like the clear net, onion domains, etc?

When using i2p, all traffic is relayed through other users in the i2p network like Tor but there is really no such thing as an exit node since you cannot access content outside of i2p?

Therefore i2p is good for hosting .i2p domains that can only be accessed in the i2p network and is good for P2P applications like Bittorrent?

Is this correct? Or am I still misunderstanding i2p?

And therefore could you and other users on i2p run a bitcoin nodes which will only be federated with bitcoin nodes with the i2p network and never federate with the rest of the bitcoin network, essentially making a fork of bitcoin blockchain on i2p?

And is there any other good use cases to i2p besides dark net websites and torrenting?

9
25
submitted 2 months ago by CAVOK to c/i2p
10
23
submitted 2 months ago by [email protected] to c/i2p
 
 

[2.54.0] - 2024-10-06

Added

  • Maintain recently connected routers list to avoid false-positive peer test
  • Limited connectivity mode(through proxy)
  • "i2p.streaming.profile" tunnel's param to let tunnel select also low-bandwidth routers
  • Limit stream's inbound speed
  • Periodic ack requests in ratchets session
  • Set congestion cap G immediately if through proxy
  • Show tunnel's routers bandwidth caps in web console
  • Handle immediate ack requested flag in SSU2 data packets
  • Resend and ack peer test and relay messages
  • "senduseragent" HTTP proxy's param to pass through user's User-Agent

Changed

  • Exclude 'N' routers from high-bandwidth routers for client tunnels
  • C++11 support has been dropped, the minimal requirement is C++17 now, C++20 for some compilers
  • Removed dependency from boost::date_time and boost::filesystem
  • Set default i2cp.leaseSetEncType to 0,4 and to 4 for server tunnels
  • Handle i2cp.inboundlimit and i2cp.outboundlimit params in I2CP
  • Publish LeaseSet with new timestamp update if tunnel was replaced in the same second
  • Increase max number of generated tags to 800 per tagset
  • Routing path expiration by time instead num attempts
  • Save timestamp from epoch instead local time to profiles
  • Update introducer's iTag if session to introducer was replaced to new one
  • RTT, window size and number of NACKs calculation for streaming
  • Don't select same peer for tunnel too often
  • Use WinApi for data path UTF-8 conversion for Windows

Fixed

  • Jump link crash if address book is disabled
  • Race condition if connect through an introducer
  • "Date" header in I2PControl response
  • Incomplete response from web console
  • AEAD verification with LibreSSL
  • Number of generated tags and new keys for follow-on tagsets
  • Expired leases in LeaseSet
  • Attempts to send HolePunch to 0.0.0.0
  • Incorrect options size in quick ack streaming packet
  • Low bandwidth router appeared as first peer in high-bandwidth client tunnel
11
 
 

I ask because it would be nice to use the "I2P mixed mode" features of qbittorrent, but I want to keep my clearnet traffic on the VPN.

Background

I have I2PD running only on my home gateway for better tunnel uptime.

To ensure that torrent traffic never escapes the VPN tunnel, I have configured qbittorrent to use only the VPN Wireguard interface.

Problem

I think this means qbittorrent I2P traffic will flow into the VPN tunnel, but then the VPN host won't know how to route back to my home gateway where the SAM bridge is running.

12
30
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/i2p
 
 

I've configured my i2pd proxy correctly so things are somewhat working. I was able to visit notbob.i2p. But sometimes Firefox really likes to replace "http" with "https" when I click on a link or even enter the URL manually into the bar. I have "HTTPS-only mode" turned off, and I also have "browser.fixup.fallback-to-https" set to "false" and "network.stricttransportsecurity.preloadlist" to false.

I tried spying on the HTTP traffic in web dev tools, and I see the request gets NS_ERROR_UNKNOWN_HOST. This does not happen when using the xh CLI HTTP client, so Firefox is doing something weird with name resolution. I made sure to turn off the Firefox DNS over HTTPs setting as well, but it didn't seem to make a difference.

I assume that name resolution needs to happen in i2pd. How can I force Firefox to let that happen?

Update: Chrome works fine.

Update: I started fresh and simplified the setup and it seems fixed. I'm not entirely sure why. The only things I've changed from default are DoH and the manual HTTP proxy.

13
14
20
submitted 3 months ago by CAVOK to c/i2p
15
15
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/i2p
 
 

I recently heard about DHT support on I2Psnark, and got curious whether qBittorrent supports this feature on I2P as well. When I first set up qBittorrent to work with I2P, the guide I used instructed to disable DHT, PeX and Local Peer Discovery due to lacking support and security risks. Has anything changed? Is libtorrent still lagging behind on these features?

16
18
I2P Versions & Essentials (doingfedtime.com)
submitted 3 months ago by CAVOK to c/i2p
17
18
 
 

--Stolen and reposted here, sorry zab, but I hope you're fine with some extra promotion--

Hi,

[...]

After about a year off MuWire is back to the land of the living and the network has ~50 active users at any given time. Here is how to set it up and connect:

  1. Go to the GitHub release page

  2. Download the connections.txt file and save it somewhere

  3. Depending on your operating system:

On Windows, download the MuWire-0.8.14-beta2.exe installer and run it. It will install everything you need to run MuWire. Skip to step 5.

On Linux, you need to install Java 17 or newer. This will be different on each distribution

On Mac, you need to install Java from [here] (https://jdk.java.net/22/) (available for both Intel and Apple Silicon).

  1. Download the [MuWire-0.8.14-beta2.zip] (http://muwire-0.8.14-beta2.zip/) file and unzip it. Run the bin/MuWire script to launch MuWire.

  2. Go through the MuWire setup wizard. When the main window appears, select Connections (top-left menu) -> Import connections and select the connections.txt file you saved in step 1.

Watch the bottom right of the main window - there is an icon like a molecule with the number of active connections to the MuWire network. As soon as MuWire connects, you can use it to search, share, download, message other users and more.

Enjoy!

zab_

19
33
submitted 4 months ago by [email protected] to c/i2p
 
 

[2.53.0] - 2024-07-19

Added

  • New congestion control algorithm for streaming
  • Support miniupnp-2.2.8
  • Limit stream's outbound speed
  • Flood to next day closest floodfills before UTC midnight
  • Recognize duplicated routers and bypass them
  • Random SSU2 resend interval

Changed

  • Set minimal version to 0.9.69 for floodfills and 0.9.58 for client tunnels
  • Removed openssl 1.0.2 support
  • Move unsent I2NP messages to the new session if replaced
  • Use mt19937 RNG instead rand()
  • Update router's congestion caps before initial publishing
  • Don't try introducer with invalid address
  • Select newest introducers to publish
  • Don't request relay tag for every session if we have enough introducers
  • Update timestamp for non-reachable or hidden router
  • Reset streaming routing path if duplicated SYN received
  • Update LeaseSet if inbound tunnel failed
  • Reseeds list

Fixed

  • Crash when a destination gets terminated
  • Expired offline signature upon destination creation
  • Race condition between local RouterInfo buffer creation and sending it through the transports
20
26
submitted 5 months ago* (last edited 5 months ago) by CAVOK to c/i2p
 
 

This release, I2P 2.6.0, continues our work by fixing bugs, adding features, and improving the network's reliability.

Newer routers will be favored when selecting floodfill routers. I2PSnark received features which improve the performance of PeX(Peer Exchange), in addition to bug fixes. Legacy transport protocols are being removed, simplifying the code in the UDP transports. Locally-hosted destination will be reachable by local clients without requesting their LeaseSet, improving performance and testability. Additional tweaks were made to peer selection strategies.

I2P no longer allows I2P-over-Tor, connections from Tor exit IP addresses are now blocked. We discourage this because it degrades the performance of I2P and uses up the resources of Tor exits for no benefit. If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each. Non-exit relays and Tor clients are unaffected by this and do not need to change anything.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

RELEASE DETAILS Changes

  • Router: Increase minimum version for floodfill routers

  • Router: Disable I2P over Tor

  • Address Book: Cache locally hosted destinations

Bug Fixes

  • I2PSnark: Peer Exchange Tweaks

  • I2PSnark: Bugfixes

  • Router: Peer Selection Tweaks

Other

  • Translation updates
21
22
 
 

From the maintainer "alreadyburnt" on reddit.

Before we begin: Snap(and AppImages) are still not official packages. This still an experimental package and just a side-project of mine.

A few years ago, I got way too interested in these semi-novel packaging systems that the various distributions came out with. I went on a rampage of experimental package creation, often without necessarily knowing the future of the packages themselves. Many versions ago, the most popular of those packages broke in a particu`larly annoying way, and I did not have time to fix it. Until a few weeks ago, that is, and now, it's actually a lot easier for me to be sure that what I'm packaging is going to actually work because I can generate and test the packages continuously.

TL:DR the Snap, which I created, then broke, is now fixed, and it's likely to stay that way. If you are a snap user stuck on an old version, update as soon as possible.

It is generated using jpackage combined with the Easy-Install source. As a package, it functions like the Easy-Install bundle and not like the .deb or .jar installers.

https://snapcraft.io/i2pi2p

What's the real point? Nobody really cares about Snapcraft that much, except maybe Canonical. A lot of people don't even like them. That's not why there's a Snap of I2P now. The reason there's a Snap of I2P now, and that this experiment was not discontinued outright, is because it demonstrates the power of jpackage, the technology underlying the Easy-Install Bundles for Windows, to generate self-contained images that can easily be adapted to Linux package formats. Once you can stick a jpackage inside a Snap, you can just as easily stick it inside of an AppImage. A slightly different manifest format will leave you with a working Flatpak. The same applies to docker-compose and probably many other tools. Or, you can just stick it all into a .zip file and treat it like an I2P portable installation. The files your packaging are always the same, and are simply generated by jpackageing a custom I2P router launcher.

For more information, see:

https://snapcraft.io/i2pi2p

https://github.com/eyedeekay/I2P-Snaps-and-Appimages/

23
24
 
 

Picked up from the other site. I'm not the dev of this.

Any feedback is welcome, source: https://github.com/umutcamliyurt/I2Proxy

25
9
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/i2p
 
 

On Windows, installing I2P is easy.

On Linux... not so much. That's because Linux isn't Linux. There's a Debian package, but OpenSuse is its own thing. Is there a way to get I2P, Snark, etc. up and running there without having to jump through too many hoops?

view more: next ›