this post was submitted on 17 Jan 2025

13 points (93.3% liked)

The Invisible Internet Project

1528 readers

1 users here now

I2P Community Edition

This isn't the official I2P channel, if you want go there then you can find it in the links below.

Rules

Be nice and friendly
Don't spam
No darknet markets
No malicious content
No closed source software
No excessive self promotion
No violence or hate speech
I2P related posts only
Please use English
No illegal file sharing
Lemmy rules also apply here
No crypto-currency

"Don't be a dick" - Wil Wheaton

General

Main project site (clearnet)
I2P Forum (clearnet) Official I2P community and development forum
zzz zzz's personal website, old developers forum
planet.i2p RSS aggregator

Media:

Incogtube - Youtube front end

File Hosting and Pastebins

FS Filesharing service
Cake Pastebin short term filesharing and pastebin
PrivateBin Encrypted pastebin
IDK's CowYo pastebin, Mirror (Requires JS)

Torrents

PaTracker Main torrent tracker
Chudo's Torrents (French) torrent tracker

Social Networks and Microblogging

Teddit - Privacy respecting Reddit front end
Ramble - Multi-Network reddit alternative

Exploring I2P

Notbob List online .i2p sites and categorizes them

I2P Name Registries

inr.i2p
reg.i2p operated by PurpleI2P Team
dns.chudo.i2p
isitup.i2p Another I2P Name Registry and checking tools to see if a eepsite is offline.

Search engines

IRC

Irc2P comes pre-configured with I2P. To connect with other networks, please follow this tutorial.

Irc2P (works out of the box)

Syndie

An open source system for operating distributed forums in anonymous networks

Syndie Project Syndie Project Website
Syndie Documentation Project
syndie.darrob.i2p
syndie.echelon.i2p
syndie.inscrutable.i2p
syndie.killyourtv.i2p
syndie.meeh.i2p
syndie.welterde.i2p

Inproxies

You can use inproxies to surf the I2P network without having to have an I2P router.

i2phides.me / i2p.mk16.de (i2p-inproxy.mk16.de)
onion.ly
www.darknetproxy.com

founded 2 years ago

MODERATORS

CAVOK

[email protected]

Am I the only one who wishes that i2p had a reliable secure DNS service? (lemmy.zip)

submitted 2 weeks ago by [email protected] to c/i2p

10 comments fedilink hide all child comments

The way DNS works in i2p makes it unreliable and vulnerable to attacks. It wouldn't be to hard for an adversary to do a man in the middle or even do a fake version of a site. Also resolving DNS names is hard and takes a lot of effort.

Honestly the entire system needs to be rethought.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 2 weeks ago (1 children)

Are I referring to name resolution on the network or for when you’re trying to access open Internet webpages via an out proxy?

[–] [email protected] 2 points 2 weeks ago (1 children)

Name resolution via i2p

[–] [email protected] 5 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I still am not sure what your question is asking. Typically, name resolution is handled by your local I2P router using an address book. You trust whatever subscriptions are dumping into your address book. There isn’t really a central naming authority. Names can be set by whatever authority you choose.

Are you concerned about getting a bad address book subscription? What, concretely, do you mean by DNS?

[–] [email protected] 2 points 2 weeks ago (1 children)

I2p is vulnerable to a malicious party spreading a "alternate" base address for a domain name. All someone would need to do is get a bad entry into something like notbob.

Ideally domain names should work via consensus. A node could request a domain name and then the major of the network could agree to issue a cert. On the client side there could be some sort of cert verification.

[–] [email protected] 2 points 1 week ago* (last edited 1 week ago) (1 children)

non maliciously this is occasionally a problem. different registrars have different rules, some will delete a name after so long the destination is dead, others wont. so registrars will let you register an abandoned name with a new destination, but some wont. But local address books will default to the older destination over the newer one.

i think it was done this way so there could be no one thing declaring google.i2p goes to a destination, locally you decide. wouldn't be a bad idea to incorporate some sort of cert though, a lot of that work would fall to the registrars to agree i'd think, like on expiring names.

i think the idea of using dht for this so it's more like a network consensus thing has come up, but there's reasons not to do this.

[–] [email protected] 2 points 1 week ago (1 children)

I think the reason it isn't like that is because it is incredibly complex to do. Also if there is a design flaw it could be used to attack people.

[–] [email protected] 1 points 1 week ago (1 children)

definitely opens up another surface for attack, could see flooding namespace, sibyl, hijacking consensus mechanism somehow, lots of very bad content would surface too which some of the current "curators" try to dampen. Consensus mechanism would be tricky to get right

[–] [email protected] 1 points 1 week ago

It would need to have some sort of overhead cost to make attacks unfeasible. By adding that you would then be slowing everything down and creating a new source of problems.

It isn't a winning battle I guess.