Professional Documents
Culture Documents
theTinHat - Complete I2P Tutorial and Information Guide
theTinHat - Complete I2P Tutorial and Information Guide
The result of I2P's focus on creating its own internal internet is that the
network isn't accessible from a regular computer, as special software
is needed to communicate with other I2P users. With that software
installed, however, your computer can join I2P and begin routing
traffic, just like a Tor middle relay. By doing this I2P creates a
distributed, dynamic, and decentralized network that allows secure
and anonymous communications between individuals. I2P also
bypasses many censorship efforts and prevents adversaries from
determining what you're saying, and who you are saying things to. In
fact, because most I2P users also route other people's traffic, it's
difficult to tell if you're saying anything at all.
How It Works
I2P is a complex beast with a lot going on under the hood, so this
explanation will be a vast, yet useful, oversimplification. If you want a
technical explanation rather than a simplified analogy go ahead and
give the I2P Technical Documentation a visit, otherwise keep reading.
Think of the mail system. Imagine that you had two mailboxes: one
that you receive mail in, and one that you send mail through. Imagine
also that your friend Johnny had the same thing, as well as everyone
else in your neighborhood. The way I2P works is that if you want to
send a message to Johnny you place the letter in your outgoing
mailbox addressed to him. Then three neighbors pass the letter off to
each-other, with each neighbor not knowing who the letter came from
before the person that handed it to them. These people are analogous
to what we call a 'tunnel' in I2P.
After the letter reaches the end of this tunnel, it goes to Johnny's
tunnel. So it goes to one person, who hands it to another, who hands
it to another, etc., until it reaches Johnny. If Johnny want's to send a
letter back this process happens in reverse (but with a different set of
people handling the messages). This example is extremely simplified,
so I'll try to expand on it now that the basic fundamental idea is down.
The first obvious question is why don't you just give the letter to
Johnny directly? The answer is that if the letter was sent to Johnny
directly and Eve was watching, she'd see it. This is not at all
anonymous. By sending it through multiple people we create a large
degree of anonymity.
But wait, can't Eve still watch the letter as it is passed from one hand
to another? Realistically no, there are too many hops for Eve to
actually watch it. Furthermore, with I2P there are thousands of letters
being all passed around at the same time, and for Eve to be able to
distinguish one letter from another is, for all intents and purposes,
impossible. When you send a letter to a neighbor and that neighbor
passes it off to another neighbor, on I2P she's also handing hundreds
of other letters at the same time. This also adds to security and
anonymity because it makes it difficult for attackers to know whether
you're handing someone a letter that you wrote yourself, or if you're
just passing someone else's letter through a tunnel.
Wait a second, can't one of the neighbors just open the letter and
read it on the way through? The answer to this is no. I2P encrypts
messages in multiple layers. Imagine a lockbox with six other
lockboxes inside. Each time the message goes to the next neighbor,
the next lockbox is opened telling that neighbor who to give the
lockboxes to next. At the end of the route Johnny gets the final
lockbox and opens it to find the message.
Features of I2P
1. Email/Messaging
There are a few messaging services on I2P, with the two big ones being
I2P's built in email application and I2P Bote.
The built-in mail application lets you email the regular internet to, and
from I2P. The mail system has quite a few security features built into it,
such as stripping parts of mail headers and delaying outgoing
messages to reduce any correlations that could de-anonymize you.
While this mail system is leaps and bounds more anonymous and
secure than standard email, it is still reliant on the operator who
could, at any time, read your emails.
3. Eepsites
Eepsites are the I2P equivalent of a Tor Hidden Service: they are
websites hosted on the I2P network, whose operators can be
anonymous. Like hidden services, these sites cannot be connected to
off the I2P network. Unlike Tor hidden services, their web addresses
are actually readable, with the domain of .i2p at the end. For example,
salt.i2p is an eepsite which "is a gathering space celebrating crypto
and infoanarchy", and is only available on the I2P network. These
Eepsites may not be of huge interest to many, but if you want to host
an Anarchist, Communist, or hell, even Environmentalist website
anonymously, this is a good way to do it. Visiting eepsites is
anonymous and won't get you placed on a FBI watch-list simply
because you like to read Marx, Goldman, or whatever thinker you may
follow.
4. Torrents
This may be the kicker for many of yee pirates out there, as I2P has the
Postman Tracker and I2PSnark. The tracker is essentially the Pirate
Bay, and I2PSnark is essentially uTorrent. This is where I2P sets itself
apart from Tor, in that it has absolutely no issue with users torrenting.
In fact, torrenting just provides more cover-traffic, improving overall
anonymity. On I2P torrenting is secure and anonymous, and I
personally trust it far more than any VPN provider, as it has privacy by
design rather than privacy by policy.
The torrents available on the tracker are great, and reflect the user-
base of I2P. No, there isn't much (if any) child pornography as some
might claim about darknets. Rather, there are plenty of books,
including huge collections on sci-fi and programming. There are also
copies of the Pirate Bay, backups of leaked government documents,
and books that have been banned in some countries. There are also
movies, music, and of course as always, porn. But comparing
something like the Pirate Bay with the I2P Postman Tracker shows you
the overall attitude of many I2P users; that is to say that they value
transparency, freedom of speech, copy-left, and the power of
technology within society.
Setup
Setting up I2P is easy if you've ever forwarded a port before. If not,
don't worry, I'll explain how. It may seem confusing at times, but just
stick with it, I promise it's not that bad.
I’d also highly recommend using The Tor Browser for browsing I2P
(read this for an expanded explanation of using Tor Browser for I2P,
including a couple of security considerations). To set this up, the first
step is to download the Tor Browser, extract it, and run it (no
installation is necessary).
Next, the way that we will configure the browser to work with I2P is
through the use of an add-on called FoxyProxy. Using the Tor Browser,
navigate to the FoxyProxy page on Mozilla’s website and install the
add-on. After doing so, you will be prompted to restart the browser to
complete the installation.
This may cause the browser to crash, but after re-opening it FoxyProxy
will have a complete rule-set for how it handles traffic such that any
requests to either the clearnet (techno-jargon for the regular internet)
or to Tor hidden services will travel through the Tor network, but any
requests to a domain ending in .i2p will travel through the I2P
network. In other words, you are ready to browse I2P.
With the Tor Browser open and configured, the next step is to start
I2P. If you're on Windows then it is as simple as clicking the icon in the
start-menu. If you're on Linux, then just cd into the i2p folder and
type into your terminal i2prouter start . This may automatically
launch your default browser. If it does, click the "Configure Bandwidth"
button on the I2P console. Then go to the "Service" tab, and click "Do
Not View Console On Startup".
You may want to set this as a bookmark to make things easier. Next,
check the left-hand sidebar. If it says "Network: OK", you're ready to
start using I2P. If it says otherwise, then click on it. This will bring you to
a page describing the problems it may be having (note that it takes
several minutes to connect to the network. Wait five minutes before
worrying).
Troubleshooting
Blocked ports are usually the problem when connecting to I2P. To fix
this, scroll up on that same page that describes the network error and
check which port is entered into the 'UDP Configuration' box. For the
sake of argument, let's say that it is 1793. Copy that number down and
then find out your computer's internal IP address.
With the IP address in hand, type into your URL bar: '192.168.1.1'. This
should bring you to your home router's configuration page. Every
router's menu is a bit different, but just look for menus that are
worded similarly to the way that I word them. Look for a tab that says
"port forwarding". It may be buried within a few menus, but all routers
should have this option. Once you find the port forwarding page, you
need to forward the port that I2P needs to run. Under 'External Port',
enter the first number that you copied down, in our case it is 1793. Do
the same under 'Internal Port'. Then, under 'To IP Address', type in the
internal IP address that you just looked up in the command line, in our
case 192.168.1.127. Make sure to Enable it, and then click to save the
settings.
If all went well, I2P should now be functioning. If you're still having
issues, definitely check out I2P's FAQ for some answers. There are
some more guides inside the I2P network itself for setting up services
such as IRCs, I2PSnark, and I2P-Bote. Definitely play around a bit, and
explore this 'evil dangerous darknet' that the media warns about,
because it's actually pretty fun.
Lastly, if you try out I2P and end up enjoying it and want to contribute
more, try setting up a dedicated I2P relay. I give a step-by-step
explanation of how to do this here.
Tutorials Articles About
3. Shut Up
This one is straight from The Grugq. Shut up. If someone asks you the
weather, it's always Sunny on I2P. People often get carried away with
talking about their personal lives, but if you want to stay anonymous,
either stop talking or misinform. Take for example seemingly trivial
information, such as the weather. If you were to complain about the
weather on IRC 365 days a year, eventually it would narrow the search
down to quite a small area if someone were to look for you. So, if you
feel you must talk, spread misinformation whenever possible. If
someone asks what line of work you do and you're a carpenter, tell
them you're in finance.
4. Rotate Aliases
It was the headline of #salt for quite a while: "Grandiose ego and bad
OPSEC get people f*cked". People often use the same username or
alias online so that they build a reputation, but this is at the cost of
anonymity. The Grugq once said that as soon as your identity starts
being effective and gains a reputation, then it's time to phase it out
and rotate to a new one. This is advice we should heed. If everyone
rotated their identities regularly, entropy would increase and we
would all be safer. Just remember: never cross-contaminate. Keep
your identities separate and distinct from one-another.
5. Disable Javascript
Javascript and anonymizing networks have never gone well together.
Enabling Javascript allows code to run inside your browser that can
work to deanonymize you, and on I2P there's no reason to have it
enabled. So crack open your browser's settings and shut'er'off so you
don't end up like FreedomHost users on Tor. Another quick
modification that can go a long way to helping you to stay safe is to
disable cookies. Cookies have been used before to track Tor users, so
let's disable them before they track I2P users as well.
Bonus:
Never, I repeat never, configure your browser's proxy settings to ignore
non-.i2p domains. If an eepsite loads anything from a regular clear-net
domain, such as a .com, it will be sent through the regular internet
instead of I2P, exposing your real IP address. Dedicate a browser, or
get owned hard.
FOLLOW ON TWITTER
Tutorials Articles About
Note: if you’re not familiar with I2P, click here for a simple explanation
before continuing.
Next, the way that we will configure the browser to work with I2P is
through the use of an add-on called FoxyProxy. Using the Tor Browser,
navigate to the FoxyProxy page on Mozilla’s website and install the
add-on. After doing so, you will be prompted to restart the browser to
complete the installation.
After restarting, download this configuration file for FoxyProxy. I’ve
mirrored it here to make it accessible (just right click the link and
select “Save As”), but originally it was the product of KillYourTV. With
that downloaded, press CTRL+SHIFT+A , and open the preferences for
FoxyProxy. Go to File > Import Settings , on the Preferences panel
and import the configuration file that you just downloaded.
This may cause the browser to crash, but after re-opening it FoxyProxy
will have a complete rule-set for how it handles traffic such that any
requests to either the clearnet (techno-jargon for the regular internet)
or to Tor hidden services will travel through the Tor network, but any
requests to a domain ending in .i2p will travel through the I2P
network. In other words, you are ready to browse I2P.
Security Considerations
While you could start browsing right now, there is one last optional
modification you may wish to make. Click the onion on the top left of
the Tor Browser and select Privacy and Security Settings... . This will
allow you to adjust the security slider. For the utmost security and
anonymity on both Tor and I2P, set the security slider to the maximum
level, which disables a number of features in favour of security at the
cost of usability, such as Javascript. Alternatively, select whichever
setting you are most comfortable with (I find Medium-High to be a
good compromise).
The ability to host hidden services is the hallmark feature of both Tor
and I2P. For those that haven’t ventured into ‘the darknet’, hidden
services are essentially websites that can’t be seen on the regular
internet, are often run by anonymous operators, are end to end
encrypted, and, because of these features, are very hard to censor.
The only problem is that hidden services are, more often than not,
terrible.
This is true for a few reasons. First, they’re usually lacking severely in
the graphic design department, often resembling a Geocities page
from 2001. Second, they’re often in a constant state of flux, wavering
between working perfectly and not responding for hours at a time.
Finally, when they are online, they. Are. Slow. Good luck downloading
any site that is over a few megabytes in size.
This is looking like it could change very soon, however. With three
heaping cups of BitTorrent tech, a splash of bitcoin crypto, and a table
spoon of ingenuity, ZeroNet offers a solution to hidden services that
drastically increases both their speed and reliability (unfortunately our
eyes won’t stop bleeding soon).
The way this works is that if, for example, you want to share your
website over Zeronet, you would first create a private key and a public
key (using the same cryptography as bicoin). The public key functions
as the address or URL for your website. Anyone who has your public
key will be able to find your site. When they do find your site, they’ll
download it and begin sharing it with others automatically. In other
words, they become a peer.
Of course, you don’t want random people to be able to edit your site
before sharing it with others. This would let them completely deface
your site, and add any content to it that they wanted. The private key is
what protects against this. Every time you modify your site, you’ll need
to use your private key to verify that the modifications did indeed
come from you, the site owner. As long as that private key is kept safe
and secret on your computer, only you will be able to modify your site.
When you do modify the site and verify it with your private key, your
computer will begin sharing the new site. When this happens, peers
will check to make sure that the modified version is actually newer
than what they have, and that all the files in it have in fact come from
the site’s owner (i.e. you). Finally, all the modified files will then be
downloaded and immediately shared across the network. This
happens extremely quickly, meaning that sites can also be built to
automatically update the page as new information spreads, making
applications like a Zeronet-style Twitter that updates tweets in real
time as they flow across the peer-to-peer network possible.
If you have been paying attention, this doesn’t necessarily involve Tor
or I2P. Zeronet actually operates over the clear net by default.
However, it can easily be configured (and on Windows this involves just
pressing a button) to operate on top of Tor (I2P integration is in the
works).
One of the implications of this is that you could very easily create a
website, share it over Zeronet using Tor, and if you ever went offline
there would be a whole network of individuals to fill in for you. The flip
side of this is that if you ever visit someone’s site but lose internet
connectivity, you can still browse it offline, you just won’t get any
updates until you’re back online.
Another implication is that when new users visit your site, Zeronet will
automatically ask the torrent tracker for a list of people that it can
download the site from, and instead of downloading it from just your
computer through the often oh-so-slow Tor network, they’ll download
it from several others as well. This makes load speeds run many times
faster.
ZeroID is a service that allows you to create an identity you can use
across ZeroNet that is tied to your private key. This means that
nobody can forge your identity unless they steal that private key. It
also means that you don’t need to remember a password.
Finally, ZeroMe is basically Twitter/Facebook on Zeronet. It lets you
either create an identity unique to just your ZeroMe account, or to use
your ZeroID so that you can hold a common identity across ZeroNet
platforms. On ZeroMe you can post text, images, as well as follow
others, just as you would on Facebook or Twitter.
For links to each of these services, just check out the left-hand toolbar
after you get ZeroNet up and running.
sh /ZeroNet.sh
ZeroNet will then open in your browser, but to get Tor working you
need to do a bit of extra work, the first step being to install Tor onto
your system. While ZeroNet’s documentation details this, I’ve added it
here as well for simplicity. For Debian users, this means:
Save and exit the editor, before modifying a quick account permission:
Finally, reboot your system, rerun ZeroNet, and Tor should be working.
To get ZeroNet to use Tor on every site, do just as the Windows users
did and click the Tor button on the top right of the interface, select
“Enable Tor for Every Connection”, and then restart ZeroNet.
Tor Browser
While you might be using Tor for routing, it is recommended that to
achieve strong anonymity you should install the Tor Browser itself and
use that to browse ZeroNet. The reason for this is that while your IP is
still hidden by Tor, you can still be tracked through techniques such as
browser fingerprinting, which the Tor Browser specifically protects
against.
about:preferences#advanced
Go to the Network tab, Settings, and then set No Proxy For: 127.0.0.1,
as shown below. With those pieces in place, you’re good to start
browsing ZeroNet! Click here to get started with the ZeroNet home
page.
Image By Gothopotam
I2P is a great network, but like any other decentralized system it relies
on a diverse set of actors to operate resiliently. For example, if it ran
on ten servers, six of which were controlled by [insert government
agency here], then it wouldn't be very secure. Thus, one of the easiest,
best ways that you can help support I2P is to run your own high-
bandwidth node on a VPS (Virtual Private Server). While running a
node at home definitely helps, slow residential internet speeds and
unstable desktop computers put a cap on just how helpful the node
can be to the network. Using a VPS with a gigabit connection on the
other hand adds significantly to the speed, capacity, and robustness of
the network.
In fact, not only does running I2P on a VPS benefit the network, it can
also function as a reliable I2P portal that you can connect to from
anywhere. For example, if you boot up your laptop in a coffee shop
and want to get onto I2P without waiting ten minutes to build enough
tunnels, you can instead just connect your laptop to your VPS and get
online instantly*.
This tutorial will teach you how to set up a fairly secure server on
Digital Ocean that functions as a high-bandwidth router on the I2P
network. Of course, you can chose whatever hosting provider you like,
but Digital Ocean is my favorite, and signing up through This referral
link will give you a $10 credit for free, enough to run the server for two
months. It also gives me a small kickback, which helps keep ads off the
site (once you spend $25, I get $25 myself).
*There are some cons to this as well, primarily that the hosting provider could watch what you're doing. But for low
risk activities, like chatting on IRC, it shouldn't be an issue.
Server Setup
If you've read my Owncloud setup guide, most of the steps here will be
quite similar, though slightly different this time around. Also, if you're
using another hosting provider you should probably just skip this part
as it's fairly specific to Digital Ocean.
The first step of course is to sign up for Digital Ocean if you don't
already have an account, and then to create a new droplet. I called my
droplet 'i2prouter', and selected the $5 per month option, which will
give you 1TB of bandwidth out to the network. I also selected the
London data-center. I've set up around ten I2P routers recently and
found London to be one of the fastest. Next, select which operating
system you want to run (this guide is based on Debian 7). Lastly, we're
going to upload our own SSH key, rather than use a password. This
makes the server significantly more secure and faster to log into. If
you're on Windows, then give this guide a read. Linux users who don't
already have an SSH key can simply type into the terminal:
ssh-keygen -t rsa
Issuing this command will ask a few questions, which you can simply
mash enter through, before generating a SSH keypair. We'll need to
copy and paste the public key into the droplet creation page, so if you
saved your key in the default location simply type:
cat ~/.ssh/id_rsa.pub
Copy and paste the contents of this into the 'Add SSH Key' field on
Digital Ocean, and then create the droplet. Once the droplet has been
created, write down its IP address and go back to your terminal to SSH
into it:
Now that we're connected to the server we're going to change a few
things so that it doesn't become the property of Russians in 3 hours.
First, we'll make a new user called i2p (you can name it whatever you
want, but throughout this tutorial I'll reference it as i2p):
adduser i2p
Give it a fairly strong password, then skip through the name and
number fields. We now need to give this user some higher level
privileges through sudo:
visudo
Add a line so that it looks like this, of course replacing the 'i2p' with
whatever username you chose:
What we've just done is given the user i2p the ability to execute
commands as if it were the root user by simply typing sudo before the
command. Using sudo instead of root has a number of benefits,
especially when it comes to auditing and permission limiting. We're
allowing it to execute any commands right now, but we'll lock it down
later so that it is a bit more secure. The last thing we'll do before
logging out and back in as the new user we've created is give root a
password:
passwd root
Give root a very strong password, then issue the following commands,
which will log out, copy your SSH key to the new user you just created,
and then log back in as that user:
exit
ssh-copy-id i2p@[Enter IP Address Here]
ssh i2p@[Enter IP Address Here]
Next, we'll upgrade the system and install some new software:
sudo apt-get update && apt-get upgrade -y
Within this text file we're going to change the SSH port to something
random like 3451, change PermitRootLogin to no, and change
PasswordAuthentication to no:
PermitRootLogin no
PasswordAuthentication no
Close and save this by hitting Control+X, then Y, then enter, making
sure to take note of the new port number you just gave. Now we need
to reload the SSH configuration that we just changed:
Because we just changed the port for SSH, the next time you log in
you'll need to add "-p [port number here]" to the end of the ssh
command.
Now that the firewall is set up, we're going to set up fail2ban so that if
anyone does find the right SSH port they'll get locked out after making
a few failed attempts, so pump this into your terminal:
Installing I2P
If you've gotten this far, you've got a 'secure-enough' platform that you
can now install I2P on. The easiest way to do this is to add the I2P
repository, by editing your sources file and copying and pasting a
couple of lines into it:
Exit out of that, then download the keyring, update your sources, and
install I2P with these commands:
wget https://geti2p.net/_static/i2p-debian-repo.key.asc
sudo apt-key add i2p-debian-repo.key.asc
sudo apt-get update
You'll get a question asking if you want to start I2P at boot, as well as
how much RAM you want to give. I set it to start at boot, and gave it
400Mb.
If you've gotten to this point, you now have I2P installed! But you've still
got a little bit more to go!
Configuring I2P
There's still a few things that we need to tweak to get I2P fully up and
running. The first thing we're going to do is type 'exit' into the terminal,
before reconnecting, but this time slightly differently:
What this command has just done, other than log you into the server,
is forward the 7657 port on your computer to 7657 on the server. This
means that if you pump the following link into your browser, you'll be
connected to the I2P web interface on the server:
http://127.0.0.1:7657/config
Navigate to the Tunnels tab, and set the exploratory tunnel length,
quantity, and backup quantity all to their maximum. This will integrate
your router more quickly into the network. Setting up tunnels is quite
expensive on the CPU, so you might want to lower this later once your
router is fairly integrated and pushing a high bandwidth, but I find it
helps integrate the router quickly on initial setup. It will be a good idea
to write down the default settings before changing them so that you
can revert later.
Last but not least is to add that firewall rule to make I2P accessible. Go
back to your terminal and add a UFW rule for the port you noted
previously:
And that's pretty much it. I2P should be up and running, and after a
few minutes the console page should read 'Network: OK' on the left
hand side.
Loose Ends
There's still one loose end we need to tie, and that's sudo permissions.
Right now your i2p user is allowed to do anything, and we want to
tighten this up a bit.
sudo visudo
Now you want to change where it says 'i2p ALL=(ALL:ALL) ALL' to:
i2p ALL=(ALL:ALL) /usr/sbin/service i2p *, /usr/bin/apt-get
What we've just done is allow the i2p user to install or update
software, and start/stop/restart the i2p service. Other than that they're
all locked down. If you ever want to change this you'll have to log in as
root and update the permissions again. But for now, let's get out of
here:
exit
You're Done
That's pretty much it. It will take a few days for the bandwidth to start
creeping up, but you've now got a high bandwidth router contributing
to the I2P network. Remember to log into it every once in a while to
update the system. Other than that though, it should be fairly set-and-
forget.
Lately, several articles have been published about I2P largely due to
the Silk Road moving from Tor. Some of these articles have done a
good job in covering I2P, others not so much.
It seems that one of the hurdles that authors are having trouble with is
understanding the idea that there is more to I2P than simply a drug
market. Thus, here’s a list of various I2P services that aren’t drug
markets, that may still be of interest. Many of the services have clear-
net alternatives, the advantage being that on I2P your activities are
anonymous and secure.
File Sharing
Tracker2.postman.i2p
Ebooks.i2p
This has a fairly good library of ebooks that can be searched and
downloaded. As of writing this there are 30898 books waiting to be
downloaded.
Tome.i2p
Communication
I2P-Bote
This is a secure, distributed messaging platform similar to email,
but superior in many ways. For more information read my tutorial.
IRC
There’s no link for this one because you’ll need to use an IRC
client. But I2P is home to some great discussions, and there’s some
information on the I2P router console on how to set it up.
Hosting
Personal Website
Pastebin
There’s not a lot to say on this one, except that it’s a simple
pastebin which you can use anonymously.
Id3nt.i2p
Git hosting
Forum.i2p
How-To/Wikis:
Ugha.i2p
Killyourtv.i2p
Irongeeks.i2p
Privacyhawk.i2p
Secure.thetinhat.i2p
Easily the best site on I2P (kidding of course). This is the I2P
mirror of what you’re reading now. Includes tutorials and regular
blog posts.
Miscellaneous
Eepcast.i2p
If there was ever a right time to use the phrase Pirate Radio, this
would be it. Underground 24/7 radio station streaming right to your
PC through I2P.
Keys.echelon.i2p
A PGP key server where you can upload and download PGP keys.
Not a lot to say here other than that its a good choice for anyone
hoping to distribute their keys anonymously.
Planet.i2p
Tahoe-Lafs
Despite all their political baggage, torrents are undeniably one of the
most efficient and effective ways to distribute data. Their speed and
resilience are part and parcel to their popularity. However, because of
their design they also easily expose those who use them.
With that said, VPN companies are also extremely reputation based,
and if a user were to face negative consequences because the VPN
company broke their privacy guarantee, then news would spread like
wildfire and they would likely lose much of their business quite rapidly.
Moreover, VPNs are also quite fast, allowing you to download files
quickly. Whether you accept these risks is a decision that is exclusively
your own.
If you do head down the path of VPNs, know that you’ll want to either
find one that has drop protection built into the provided software, or
(if you’re on Linux) check out my tutorial on using firewall rules to
protect against VPN drops. The reason that this is necessary is that if
the VPN suddenly disconnects and you don’t have adequate
protection in place to stop your torrents, you’ll end up revealing your
real IP address, which may or may not land you in trouble.
For this reason, there are a few options available for torrenting on I2P,
with the strongest being through Vuze, a torrent client with an
optional I2P plugin called I2PHelper. I2PHelper has a built-in I2P client,
meaning that you don’t need to bother with the rather clunky I2P
interface.
Finally, go to the Connection menu in the left panel, and scroll down to
the Networks option set. This is where you will select whether you want
torrents to be downloaded through the regular internet, through I2P,
or through Tor. If you want the utmost anonymity, select I2P. Do not
select Tor for this, as you will harm the network. Finally, click save and
exit the options.
Do know that initially any torrents that you download will be painfully
slow, but over time as your computer becomes better known on the
network your connection will become faster until it is no longer
painfully slow, just slow.
Finding Torrents
Other than the slower speeds, the main downside to torrenting with
I2P is torrent availability. Indeed, you can’t just download any torrent
through I2P. Instead, you must find torrents that are already being
shared by other I2P users. There are two ways to go about this.
First, you could head over to my I2P introduction tutorial and learn
how to navigate to hidden services (websites not available on the
regular internet) on I2P, where you will find a torrent tracker called
Postman. Any torrent you find on Postman will work reliably with I2P,
but the only downside is that the selection isn’t as large as what is
available on the clearnet.
If, on the other hand, you want to download torrents you find on
regular torrenting websites like The Pirate Bay (yes, .torrents, magnet
links to the clearnet won’t work with only I2P enabled), you’ll have to go
through a bit of trial and error. This is because Vuze’s I2PHelper allows
users to torrent both on I2P and the clearnet in parallel, a feature it
calls network mixing. This means that if you download an Ubuntu
torrent, for example, it will download and share Ubuntu through the
regular internet, but it will also go onto I2P and download and share it
there as well.