Tutorials Articles About

How To Use I2P | I2P Tutorial & Setup Guide

Category: Darknets
A 11 Minute Read
15 Jan 2014

You've probably heard the term 'Darknet' thrown around a lot. It

seems to be a buzzword that either invokes fear or a sense of l33t
h4ck3r skills. A lot of this attention has been focused on Tor and
hidden services such as the Silk Road, though Tor is only the tip of the
iceberg when it comes to 'darknets'. I2P is another large anonymizing
network that is similar to Tor, but also has some distinct differences.
This tutorial will help remove the confusion surrounding darknets, and
will show you exactly how you can get onto one of the best networks
out there.
What Is I2P
I2P, short for the Invisible Internet Project, spawned in 2003, and is an
anonymizing network that focuses on secure internal connections
between users. Tor, on the other hand, largely focuses on allowing
users to reach the regular internet anonymously (called the clearnet).
In other words, we can think of Tor as being a path to the regular
internet, while I2P seeks to create its own internet. In this light, we can
already see that these two services are apples and oranges, thus there
is no reason to say that one is better than another. Unfortunately this
debate regularly takes place.

The result of I2P's focus on creating its own internal internet is that the
network isn't accessible from a regular computer, as special software
is needed to communicate with other I2P users. With that software
installed, however, your computer can join I2P and begin routing
traffic, just like a Tor middle relay. By doing this I2P creates a
distributed, dynamic, and decentralized network that allows secure
and anonymous communications between individuals. I2P also
bypasses many censorship efforts and prevents adversaries from
determining what you're saying, and who you are saying things to. In
fact, because most I2P users also route other people's traffic, it's
difficult to tell if you're saying anything at all.

How It Works
I2P is a complex beast with a lot going on under the hood, so this
explanation will be a vast, yet useful, oversimplification. If you want a
technical explanation rather than a simplified analogy go ahead and
give the I2P Technical Documentation a visit, otherwise keep reading.

Think of the mail system. Imagine that you had two mailboxes: one
that you receive mail in, and one that you send mail through. Imagine
also that your friend Johnny had the same thing, as well as everyone
else in your neighborhood. The way I2P works is that if you want to
send a message to Johnny you place the letter in your outgoing
mailbox addressed to him. Then three neighbors pass the letter off to
each-other, with each neighbor not knowing who the letter came from
before the person that handed it to them. These people are analogous
to what we call a 'tunnel' in I2P.

After the letter reaches the end of this tunnel, it goes to Johnny's
tunnel. So it goes to one person, who hands it to another, who hands
it to another, etc., until it reaches Johnny. If Johnny want's to send a
letter back this process happens in reverse (but with a different set of
people handling the messages). This example is extremely simplified,
so I'll try to expand on it now that the basic fundamental idea is down.

The first obvious question is why don't you just give the letter to
Johnny directly? The answer is that if the letter was sent to Johnny
directly and Eve was watching, she'd see it. This is not at all
anonymous. By sending it through multiple people we create a large
degree of anonymity.

But wait, can't Eve still watch the letter as it is passed from one hand
to another? Realistically no, there are too many hops for Eve to
actually watch it. Furthermore, with I2P there are thousands of letters
being all passed around at the same time, and for Eve to be able to
distinguish one letter from another is, for all intents and purposes,
impossible. When you send a letter to a neighbor and that neighbor
passes it off to another neighbor, on I2P she's also handing hundreds
of other letters at the same time. This also adds to security and
anonymity because it makes it difficult for attackers to know whether
you're handing someone a letter that you wrote yourself, or if you're
just passing someone else's letter through a tunnel.
Wait a second, can't one of the neighbors just open the letter and
read it on the way through? The answer to this is no. I2P encrypts
messages in multiple layers. Imagine a lockbox with six other
lockboxes inside. Each time the message goes to the next neighbor,
the next lockbox is opened telling that neighbor who to give the
lockboxes to next. At the end of the route Johnny gets the final
lockbox and opens it to find the message.

Of course this analogy is incredibly basic and limiting to the full

understanding of how I2P works, but it gives an idea of the complex
mechanisms that are in place. To give a few technical details of how it
really works, the messages are encrypted using AES encryption, and
authenticated using El-Gamal. Furthermore, one of the differentiating
factors of I2P from Tor is the ability to put multiple messages into one
encrypted packet, making it harder for an outside observer to find out
what's going on. I2P refers to this as Garlic Routing. Also, these
inbound and outbound tunnels are constantly changing to ensure
that any de-anonymizing attacks have limited time to work. Again, if
you're up for some reading and know about networking and
encryption, I would strongly encourage you to give the I2P Technical
Documentation a read, as simplifying and explaining it is quite difficult.

In short, I2P works by encrypting messages and sending them to a

recipient with many hops in between. If you're still confused, here's an
infographic which helps explain how I2P works

Features of I2P
1. Email/Messaging
There are a few messaging services on I2P, with the two big ones being
I2P's built in email application and I2P Bote.
The built-in mail application lets you email the regular internet to, and
from I2P. The mail system has quite a few security features built into it,
such as stripping parts of mail headers and delaying outgoing
messages to reduce any correlations that could de-anonymize you.
While this mail system is leaps and bounds more anonymous and
secure than standard email, it is still reliant on the operator who
could, at any time, read your emails.

I2P Bote is a messaging service that focuses on secure and

anonymous email. It operates only on the I2P network, so you can't
send messages to the clear-net. That being said, it does automatic
encryption, and allows you to create multiple 'email identities'
(accounts) with one click. I2P-Bote is decentralized and stores
messages encrypted on the network, meaning that your trust is in
strong mathematics rather than an anonymous person. It's beginning
to gain quite a bit of popularity and it may be a good choice if you
want to communicate with someone securely. Additionally, you can
set it up to work with Thunderbird, which I describe here.

2. IRC (Internet Relay Chat)

If you're not already familiar, IRC's are basically chat rooms online, and
I2P has an IRC service that allows users to chat anonymously. The I2P
IRC channels are full of some extremely intelligent people that spawn
some great discussions, interspersed with hilarious sarcasm. I've never
been a huge IRC user, but I2P chats stand out as some of the best
you'll see. The best part is that I2P's anonymity offers a near-perfect
sense of freedom of speech. Often controversial topics are talked
about in these channels, but nobody is afraid of offering what may be
a very valid, but unpopular opinion, pushing you to explore new ideas
from new perspectives. If you end up using I2P, I'd definitely check out
the IRC. Two of the best rooms are #salt and #i2p-chat, and you can
connect to them by setting your IRC client (such as X-Chat) to 127.0.0.1
on port 6668.

3. Eepsites
Eepsites are the I2P equivalent of a Tor Hidden Service: they are
websites hosted on the I2P network, whose operators can be
anonymous. Like hidden services, these sites cannot be connected to
off the I2P network. Unlike Tor hidden services, their web addresses
are actually readable, with the domain of .i2p at the end. For example,
salt.i2p is an eepsite which "is a gathering space celebrating crypto
and infoanarchy", and is only available on the I2P network. These
Eepsites may not be of huge interest to many, but if you want to host
an Anarchist, Communist, or hell, even Environmentalist website
anonymously, this is a good way to do it. Visiting eepsites is
anonymous and won't get you placed on a FBI watch-list simply
because you like to read Marx, Goldman, or whatever thinker you may
follow.

Note: The Tin Hat is available as an eepsite as well, over at

secure.thetinhat.i2p!

4. Torrents
This may be the kicker for many of yee pirates out there, as I2P has the
Postman Tracker and I2PSnark. The tracker is essentially the Pirate
Bay, and I2PSnark is essentially uTorrent. This is where I2P sets itself
apart from Tor, in that it has absolutely no issue with users torrenting.
In fact, torrenting just provides more cover-traffic, improving overall
anonymity. On I2P torrenting is secure and anonymous, and I
personally trust it far more than any VPN provider, as it has privacy by
design rather than privacy by policy.
The torrents available on the tracker are great, and reflect the user-
base of I2P. No, there isn't much (if any) child pornography as some
might claim about darknets. Rather, there are plenty of books,
including huge collections on sci-fi and programming. There are also
copies of the Pirate Bay, backups of leaked government documents,
and books that have been banned in some countries. There are also
movies, music, and of course as always, porn. But comparing
something like the Pirate Bay with the I2P Postman Tracker shows you
the overall attitude of many I2P users; that is to say that they value
transparency, freedom of speech, copy-left, and the power of
technology within society.

The drawback of I2P is speed, with an average of about 30KBps, which

is painfully slow compared to the 1-2MB/s that most torrenting sites
offer. But consider this, the longer that you spend waiting to download
a torrent over I2P rather than the Pirate Bay, the less time you'll spend
getting sued. It's a trade-off. Many people start a torrent on I2P and let
it run overnight. Usually by morning it is finished, without worry of the
MPAA or RIAA coming after you for downloading content produced
sixty years ago.

Check out my new tutorial on using Vuze to torrent through I2P, as

well how to seed regular clearnet torrents on I2P!

Setup
Setting up I2P is easy if you've ever forwarded a port before. If not,
don't worry, I'll explain how. It may seem confusing at times, but just
stick with it, I promise it's not that bad.

The first step is to download the I2P installler. If you're running

Windows then the graphical installer should be simple enough. If
you're on a Debian based operating system then just add the
repositories that are listed here, and follow the documentation on
that page accordingly.

I’d also highly recommend using The Tor Browser for browsing I2P
(read this for an expanded explanation of using Tor Browser for I2P,
including a couple of security considerations). To set this up, the first
step is to download the Tor Browser, extract it, and run it (no
installation is necessary).

Next, the way that we will configure the browser to work with I2P is
through the use of an add-on called FoxyProxy. Using the Tor Browser,
navigate to the FoxyProxy page on Mozilla’s website and install the
add-on. After doing so, you will be prompted to restart the browser to
complete the installation.

After restarting, download this configuration file for FoxyProxy. I’ve

mirrored it here to make it accessible, but originally it was the product
of KillYourTV. With that downloaded, press CTRL+SHIFT+A , and open
the preferences for FoxyProxy. Go to File > Import Settings , on the
Preferences panel and import the configuration file that you just
downloaded.

This may cause the browser to crash, but after re-opening it FoxyProxy
will have a complete rule-set for how it handles traffic such that any
requests to either the clearnet (techno-jargon for the regular internet)
or to Tor hidden services will travel through the Tor network, but any
requests to a domain ending in .i2p will travel through the I2P
network. In other words, you are ready to browse I2P.

With the Tor Browser open and configured, the next step is to start
I2P. If you're on Windows then it is as simple as clicking the icon in the
start-menu. If you're on Linux, then just cd into the i2p folder and
type into your terminal i2prouter start . This may automatically
launch your default browser. If it does, click the "Configure Bandwidth"
button on the I2P console. Then go to the "Service" tab, and click "Do
Not View Console On Startup".

Now, in the Tor Browser navigate to http://127.0.0.1:7657/

You may want to set this as a bookmark to make things easier. Next,
check the left-hand sidebar. If it says "Network: OK", you're ready to
start using I2P. If it says otherwise, then click on it. This will bring you to
a page describing the problems it may be having (note that it takes
several minutes to connect to the network. Wait five minutes before
worrying).

Troubleshooting
Blocked ports are usually the problem when connecting to I2P. To fix
this, scroll up on that same page that describes the network error and
check which port is entered into the 'UDP Configuration' box. For the
sake of argument, let's say that it is 1793. Copy that number down and
then find out your computer's internal IP address.

To do this on a Windows machine, open the start menu, type 'cmd'

into the search bar, and then open up a command prompt. Type into
the command prompt "ipconfig /all". This will list off a huge confusing
display of numbers, but just look for a string of numbers that starts
with '192'. For example, it may say '192.168.1.127'. Copy this number
down. If you're on Linux, then just type 'ifconfig' into the terminal, look
for the same string of numbers, and copy them down.

With the IP address in hand, type into your URL bar: '192.168.1.1'. This
should bring you to your home router's configuration page. Every
router's menu is a bit different, but just look for menus that are
worded similarly to the way that I word them. Look for a tab that says
"port forwarding". It may be buried within a few menus, but all routers
should have this option. Once you find the port forwarding page, you
need to forward the port that I2P needs to run. Under 'External Port',
enter the first number that you copied down, in our case it is 1793. Do
the same under 'Internal Port'. Then, under 'To IP Address', type in the
internal IP address that you just looked up in the command line, in our
case 192.168.1.127. Make sure to Enable it, and then click to save the
settings.

If all went well, I2P should now be functioning. If you're still having
issues, definitely check out I2P's FAQ for some answers. There are
some more guides inside the I2P network itself for setting up services
such as IRCs, I2PSnark, and I2P-Bote. Definitely play around a bit, and
explore this 'evil dangerous darknet' that the media warns about,
because it's actually pretty fun.

Another item that I want to note is that NO anonymizing service,

whether it be I2P or Tor, will protect you if you are an idiot. If you post
your real email, your real IP address, or any personal information
(even the weather can reveal you!), then you may no longer be
anonymous. So be smart. Read this short guide on how to safely use
I2P.

Lastly, if you try out I2P and end up enjoying it and want to contribute
more, try setting up a dedicated I2P relay. I give a step-by-step
explanation of how to do this here.
 Tutorials Articles About

I2P Safety | OPSEC Tips To Stay Anonymous

Category: Darknets
A 3 Minute Read
17 Jan 2014

Image By James Cridland

I2P is an amazing network from a technical perspective, as it delivers a

great degree of anonymity and security online. But in the end I2P is
merely a tool, and can only go so far in protecting your anonymity. It is
up to the user to take full advantage of the protection offered by I2P
by acting intelligently. Unfortunately, using I2P in a way that preserves
your anonymity online is more difficult than one may think. So here's
five best practices for the uninitiated to help stay safe on the darknet:
1. Keep Your Router Online 24/7
Imagine if every time you logged into and out of IRC, your router went
on and offline at the same time. Over time, it would become pretty
obvious who the router that the person logging into the IRC channel
belongs to. It may be bad for the power bill, but keep your router
online all day and all night.

2. Share Bandwidth - Lots of Bandwidth!

The more bandwidth you share, the less obvious it is when you
yourself participate in the network. This means that if someone is
watching your connection they wouldn't know whether you were
sending a message to someone, or whether you were just passing one
along from someone else. Also, allowing lots of bandwidth through
your router speeds up the whole network! The only downside is slightly
higher bandwidth use each month, but for most of us that isn't much
of a problem

3. Shut Up
This one is straight from The Grugq. Shut up. If someone asks you the
weather, it's always Sunny on I2P. People often get carried away with
talking about their personal lives, but if you want to stay anonymous,
either stop talking or misinform. Take for example seemingly trivial
information, such as the weather. If you were to complain about the
weather on IRC 365 days a year, eventually it would narrow the search
down to quite a small area if someone were to look for you. So, if you
feel you must talk, spread misinformation whenever possible. If
someone asks what line of work you do and you're a carpenter, tell
them you're in finance.

4. Rotate Aliases
It was the headline of #salt for quite a while: "Grandiose ego and bad
OPSEC get people f*cked". People often use the same username or
alias online so that they build a reputation, but this is at the cost of
anonymity. The Grugq once said that as soon as your identity starts
being effective and gains a reputation, then it's time to phase it out
and rotate to a new one. This is advice we should heed. If everyone
rotated their identities regularly, entropy would increase and we
would all be safer. Just remember: never cross-contaminate. Keep
your identities separate and distinct from one-another.

5. Disable Javascript
Javascript and anonymizing networks have never gone well together.
Enabling Javascript allows code to run inside your browser that can
work to deanonymize you, and on I2P there's no reason to have it
enabled. So crack open your browser's settings and shut'er'off so you
don't end up like FreedomHost users on Tor. Another quick
modification that can go a long way to helping you to stay safe is to
disable cookies. Cookies have been used before to track Tor users, so
let's disable them before they track I2P users as well.

Bonus:
Never, I repeat never, configure your browser's proxy settings to ignore
non-.i2p domains. If an eepsite loads anything from a regular clear-net
domain, such as a .com, it will be sent through the regular internet
instead of I2P, exposing your real IP address. Dedicate a browser, or
get owned hard.

Want to upgrade your online privacy? I use NordVPN to encrypt my

traffic and route it across the globe, and Spideroak for rock solid
encrypted cloud storage!

Share, Follow & Comment

  

  

FOLLOW ON TWITTER
 Tutorials Articles About

I2P Browser Setup Tutorial | Using The Tor

Browser For I2P
Category: Darknets
A 3 Minute Read
10 Feb 2016

Image By Eric Danley

Note: if you’re not familiar with I2P, click here for a simple explanation
before continuing.

While I2P is a fantastic network, there is definitely one thing it lacks

when compared to Tor: a purpose-built browser. While Tor users are
given the gift of the Tor Browser, I2P users are forced to scavenge for a
browser and add-ons that fit their security and anonymity needs.
Fortunately, with just a few tweaks the Tor Browser can be configured
to work with both Tor and I2P. This tutorial will cover exactly how to do
just that.

Why The Tor Browser?

If you don’t already know, the Tor browser isn’t just a standard version
of Firefox. Instead, it is a custom-built browser based on Firefox ESR
(Extended Support Release), the more mature and stable version of
Firefox without the flashy bells and whistles. The Tor Project team
makes a range of changes to the browser that range from removing
identifiers that would otherwise give the browser a unique fingerprint
(you can test your browser’s fingerprint here), to ensuring that there
isn’t any evidence of your browsing session left on your computer after
the browser is closed. As well, the Tor Project adds a few add-ons to
the browser that help increase privacy, security, and anonymity, such
as NoScript, HTTPS-Everywhere, as well as the Tor Button. All in all, this
same setup that makes the Tor Browser perfect for Tor makes it
equally suitable for I2P.

Adding I2P Support To The Tor Browser

Assuming that you have already installed I2P, the first step to setting
up this I2P browser is to download the Tor Browser, extract it, and run
it (no installation is necessary). If you don’t have I2P installed yet, stop
now and go to the I2P website to download and install it first.

Next, the way that we will configure the browser to work with I2P is
through the use of an add-on called FoxyProxy. Using the Tor Browser,
navigate to the FoxyProxy page on Mozilla’s website and install the
add-on. After doing so, you will be prompted to restart the browser to
complete the installation.
After restarting, download this configuration file for FoxyProxy. I’ve
mirrored it here to make it accessible (just right click the link and
select “Save As”), but originally it was the product of KillYourTV. With
that downloaded, press CTRL+SHIFT+A , and open the preferences for
FoxyProxy. Go to File > Import Settings , on the Preferences panel
and import the configuration file that you just downloaded.

This may cause the browser to crash, but after re-opening it FoxyProxy
will have a complete rule-set for how it handles traffic such that any
requests to either the clearnet (techno-jargon for the regular internet)
or to Tor hidden services will travel through the Tor network, but any
requests to a domain ending in .i2p will travel through the I2P
network. In other words, you are ready to browse I2P.

Security Considerations
While you could start browsing right now, there is one last optional
modification you may wish to make. Click the onion on the top left of
the Tor Browser and select Privacy and Security Settings... . This will
allow you to adjust the security slider. For the utmost security and
anonymity on both Tor and I2P, set the security slider to the maximum
level, which disables a number of features in favour of security at the
cost of usability, such as Javascript. Alternatively, select whichever
setting you are most comfortable with (I find Medium-High to be a
good compromise).

Another quick security consideration to be aware of is that with this

setup you are relying on both the anonymity of Tor and I2P. If either is
broken, you are at risk of being deanonymized, which could be of little
consequence, or of life-altering consequence. If your threat model is
towards the latter, this configuration may not be for you. Instead, a
dedicated browser that only connects to I2P (not Tor) will be the more
secure choice. However, that is outside the scope of this tutorial.
 Tutorials Articles About

ZeroNet | Introduction & Setup Tutorial

Category: Darknets
A 6 Minute Read
03 Mar 2017

Image By NASA Goddard Space Flight Center

The ability to host hidden services is the hallmark feature of both Tor
and I2P. For those that haven’t ventured into ‘the darknet’, hidden
services are essentially websites that can’t be seen on the regular
internet, are often run by anonymous operators, are end to end
encrypted, and, because of these features, are very hard to censor.
The only problem is that hidden services are, more often than not,
terrible.
This is true for a few reasons. First, they’re usually lacking severely in
the graphic design department, often resembling a Geocities page
from 2001. Second, they’re often in a constant state of flux, wavering
between working perfectly and not responding for hours at a time.
Finally, when they are online, they. Are. Slow. Good luck downloading
any site that is over a few megabytes in size.

This is looking like it could change very soon, however. With three
heaping cups of BitTorrent tech, a splash of bitcoin crypto, and a table
spoon of ingenuity, ZeroNet offers a solution to hidden services that
drastically increases both their speed and reliability (unfortunately our
eyes won’t stop bleeding soon).

How Zeronet Works

In essence, Zeronet is BitTorrent thrown at the problem of web
hosting. Typically, hidden services run off a single server, which also
functions as a single point of failure. When that server goes down, the
site becomes inaccessible for everybody. When that server gets lots of
traffic, the site becomes slower for everybody.

BitTorrent, on the other hand, utilizes a peer-to-peer system that

drastically increases the reliability and speed of file sharing. Because
of the fact that a given torrent might have 40 people sharing it, when a
single server/user disappears or drops in bandwidth, there are 39
more to keep it alive and fill in the gaps (which also makes censorship
nigh impossible). Zeronet takes this idea and instead of using it only
for file sharing, it uses it to distribute websites. Indeed, with Zeronet
every website seamlessly becomes a torrent.

The way this works is that if, for example, you want to share your
website over Zeronet, you would first create a private key and a public
key (using the same cryptography as bicoin). The public key functions
as the address or URL for your website. Anyone who has your public
key will be able to find your site. When they do find your site, they’ll
download it and begin sharing it with others automatically. In other
words, they become a peer.

Of course, you don’t want random people to be able to edit your site
before sharing it with others. This would let them completely deface
your site, and add any content to it that they wanted. The private key is
what protects against this. Every time you modify your site, you’ll need
to use your private key to verify that the modifications did indeed
come from you, the site owner. As long as that private key is kept safe
and secret on your computer, only you will be able to modify your site.

When you do modify the site and verify it with your private key, your
computer will begin sharing the new site. When this happens, peers
will check to make sure that the modified version is actually newer
than what they have, and that all the files in it have in fact come from
the site’s owner (i.e. you). Finally, all the modified files will then be
downloaded and immediately shared across the network. This
happens extremely quickly, meaning that sites can also be built to
automatically update the page as new information spreads, making
applications like a Zeronet-style Twitter that updates tweets in real
time as they flow across the peer-to-peer network possible.

If you have been paying attention, this doesn’t necessarily involve Tor
or I2P. Zeronet actually operates over the clear net by default.
However, it can easily be configured (and on Windows this involves just
pressing a button) to operate on top of Tor (I2P integration is in the
works).

One of the implications of this is that you could very easily create a
website, share it over Zeronet using Tor, and if you ever went offline
there would be a whole network of individuals to fill in for you. The flip
side of this is that if you ever visit someone’s site but lose internet
connectivity, you can still browse it offline, you just won’t get any
updates until you’re back online.

Another implication is that when new users visit your site, Zeronet will
automatically ask the torrent tracker for a list of people that it can
download the site from, and instead of downloading it from just your
computer through the often oh-so-slow Tor network, they’ll download
it from several others as well. This makes load speeds run many times
faster.

But Wait, There’s More

ZeroNet is still in its infancy and doesn’t have the widest selection of
quality sites quite yet. However, the developers do have several
services already up and running that are interesting in and of
themselves. The first is ZeroName. ZeroName uses Namecoin to
securely turn ugly looking public keys into a regular, human readable
domain name ending with .bit. This is similar to how I2P turns its own
ugly addresses into domain names securely, except it utilizes the
magic of the blockchain to do so. Of course, this vastly simplifies
navigating ZeroNet.
Another service is ZeroMail, which is essentially just an encrypted
email service, similar to Bitmessage. While it doesn’t use the fancy
routing that I2P-Bote boasts, it nevertheless functions a basic mail
platform that allows you to send messages to other people. A key
advantage here is that ZeroMail can utilizes its own .bit domain, which
again frees you from needing to remember/store and verify long keys
every time you send a message or distribute your mailing address.

ZeroID is a service that allows you to create an identity you can use
across ZeroNet that is tied to your private key. This means that
nobody can forge your identity unless they steal that private key. It
also means that you don’t need to remember a password.
Finally, ZeroMe is basically Twitter/Facebook on Zeronet. It lets you
either create an identity unique to just your ZeroMe account, or to use
your ZeroID so that you can hold a common identity across ZeroNet
platforms. On ZeroMe you can post text, images, as well as follow
others, just as you would on Facebook or Twitter.

For links to each of these services, just check out the left-hand toolbar
after you get ZeroNet up and running.

Installation & Setting Up Tor

Windows
Installation on Windows is a very clean and easy process. Head over to
zeronet.io and download and extract the installer. Then, just double
click the ZeroNet.exe file, and it will open up the interface in your
default browser (pictured below).

Setting up Tor is just as easy, as it comes bundled with ZeroNet for

Windows. Once you’re in the interface, check the top right corner and
click on the Tor button, shown below. Then, just click “Enable Tor for
Every Connection”. This will slow things down, but ZeroNet is still
relatively fast, and adding Tor will effectively hide your IP address from
the network. After you’ve done this, click the three-dotted button in
the top left of the interface, and select ‘Shut Down ZeroNet’. Tor will
work for all the sites you visit only after you restart ZeroNet.
Linux
Installation on Linux is also fairly straightforward. Again, just head over
to zeronet.io and download and extract the installer. Afterwards, open
a terminal and cd into the ZeroBundle directory, before executing:

sh /ZeroNet.sh

ZeroNet will then open in your browser, but to get Tor working you
need to do a bit of extra work, the first step being to install Tor onto
your system. While ZeroNet’s documentation details this, I’ve added it
here as well for simplicity. For Debian users, this means:

sudo apt-get update

sudo apt-get install tor

Next, you’ll need to modify the tor configuration file

sudo nano /etc/tor/torrc

Uncomment the lines where it says:

 Control Port 9051
CookieAuthentication 1

Save and exit the editor, before modifying a quick account permission:

usermod -a -G debian-tor [yourlinuxuser]

Finally, reboot your system, rerun ZeroNet, and Tor should be working.
To get ZeroNet to use Tor on every site, do just as the Windows users
did and click the Tor button on the top right of the interface, select
“Enable Tor for Every Connection”, and then restart ZeroNet.

Tor Browser
While you might be using Tor for routing, it is recommended that to
achieve strong anonymity you should install the Tor Browser itself and
use that to browse ZeroNet. The reason for this is that while your IP is
still hidden by Tor, you can still be tracked through techniques such as
browser fingerprinting, which the Tor Browser specifically protects
against.

To do this, head over to torproject.org and download, install, and run

the Tor Browser. Then, in the URL bar go to:

about:preferences#advanced
Go to the Network tab, Settings, and then set No Proxy For: 127.0.0.1,
as shown below. With those pieces in place, you’re good to start
browsing ZeroNet! Click here to get started with the ZeroNet home
page.

Want to upgrade your online privacy? I use NordVPN to encrypt my

traffic and route it across the globe, and Spideroak for rock solid
encrypted cloud storage!
 Tutorials Articles About

I2P Server Setup | High Bandwidth Router Guide

Category: Darknets
A 7 Minute Read
25 Jan 2014

Image By Gothopotam

I2P is a great network, but like any other decentralized system it relies
on a diverse set of actors to operate resiliently. For example, if it ran
on ten servers, six of which were controlled by [insert government
agency here], then it wouldn't be very secure. Thus, one of the easiest,
best ways that you can help support I2P is to run your own high-
bandwidth node on a VPS (Virtual Private Server). While running a
node at home definitely helps, slow residential internet speeds and
unstable desktop computers put a cap on just how helpful the node
can be to the network. Using a VPS with a gigabit connection on the
other hand adds significantly to the speed, capacity, and robustness of
the network.

In fact, not only does running I2P on a VPS benefit the network, it can
also function as a reliable I2P portal that you can connect to from
anywhere. For example, if you boot up your laptop in a coffee shop
and want to get onto I2P without waiting ten minutes to build enough
tunnels, you can instead just connect your laptop to your VPS and get
online instantly*.

This tutorial will teach you how to set up a fairly secure server on
Digital Ocean that functions as a high-bandwidth router on the I2P
network. Of course, you can chose whatever hosting provider you like,
but Digital Ocean is my favorite, and signing up through This referral
link will give you a $10 credit for free, enough to run the server for two
months. It also gives me a small kickback, which helps keep ads off the
site (once you spend $25, I get $25 myself).

*There are some cons to this as well, primarily that the hosting provider could watch what you're doing. But for low
risk activities, like chatting on IRC, it shouldn't be an issue.

Server Setup
If you've read my Owncloud setup guide, most of the steps here will be
quite similar, though slightly different this time around. Also, if you're
using another hosting provider you should probably just skip this part
as it's fairly specific to Digital Ocean.

The first step of course is to sign up for Digital Ocean if you don't
already have an account, and then to create a new droplet. I called my
droplet 'i2prouter', and selected the $5 per month option, which will
give you 1TB of bandwidth out to the network. I also selected the
London data-center. I've set up around ten I2P routers recently and
found London to be one of the fastest. Next, select which operating
system you want to run (this guide is based on Debian 7). Lastly, we're
going to upload our own SSH key, rather than use a password. This
makes the server significantly more secure and faster to log into. If
you're on Windows, then give this guide a read. Linux users who don't
already have an SSH key can simply type into the terminal:

ssh-keygen -t rsa

Issuing this command will ask a few questions, which you can simply
mash enter through, before generating a SSH keypair. We'll need to
copy and paste the public key into the droplet creation page, so if you
saved your key in the default location simply type:

cat ~/.ssh/id_rsa.pub

Copy and paste the contents of this into the 'Add SSH Key' field on
Digital Ocean, and then create the droplet. Once the droplet has been
created, write down its IP address and go back to your terminal to SSH
into it:

ssh root@[Enter IP Address Here]

Now that we're connected to the server we're going to change a few
things so that it doesn't become the property of Russians in 3 hours.
First, we'll make a new user called i2p (you can name it whatever you
want, but throughout this tutorial I'll reference it as i2p):

adduser i2p

Give it a fairly strong password, then skip through the name and
number fields. We now need to give this user some higher level
privileges through sudo:

visudo

Add a line so that it looks like this, of course replacing the 'i2p' with
whatever username you chose:

root ALL=(ALL:ALL) ALL

i2p ALL=(ALL:ALL) ALL

What we've just done is given the user i2p the ability to execute
commands as if it were the root user by simply typing sudo before the
command. Using sudo instead of root has a number of benefits,
especially when it comes to auditing and permission limiting. We're
allowing it to execute any commands right now, but we'll lock it down
later so that it is a bit more secure. The last thing we'll do before
logging out and back in as the new user we've created is give root a
password:

passwd root

Give root a very strong password, then issue the following commands,
which will log out, copy your SSH key to the new user you just created,
and then log back in as that user:

exit
ssh-copy-id i2p@[Enter IP Address Here]
ssh i2p@[Enter IP Address Here]

Next, we'll upgrade the system and install some new software:
 sudo apt-get update && apt-get upgrade -y

sudo apt-get install ufw fail2ban -y

Now we need to edit the SSH settings:

sudo nano /etc/ssh/sshd_config

Within this text file we're going to change the SSH port to something
random like 3451, change PermitRootLogin to no, and change
PasswordAuthentication to no:

Port [Enter Random Port Here]

PermitRootLogin no
PasswordAuthentication no

Close and save this by hitting Control+X, then Y, then enter, making
sure to take note of the new port number you just gave. Now we need
to reload the SSH configuration that we just changed:

sudo service ssh reload

Because we just changed the port for SSH, the next time you log in
you'll need to add "-p [port number here]" to the end of the ssh
command.

The two programs we installed back when we upgraded the system

were ufw and fail2ban, and now we need to set them up. UFW is a
program which makes setting up firewalls extremely easy. All you need
to do is execute these commands, making sure that you enter the
correct ssh port, otherwise you'll be locked out!
 sudo ufw allow [Enter SSH Port Here]

sudo ufw default deny

sudo ufw enable

Now that the firewall is set up, we're going to set up fail2ban so that if
anyone does find the right SSH port they'll get locked out after making
a few failed attempts, so pump this into your terminal:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

sudo service fail2ban restart

Installing I2P
If you've gotten this far, you've got a 'secure-enough' platform that you
can now install I2P on. The easiest way to do this is to add the I2P
repository, by editing your sources file and copying and pasting a
couple of lines into it:

sudo nano /etc/apt/sources.list

Now add these lines to the bottom:

deb http://deb.i2p2.no/ stable main

deb-src http://deb.i2p2.no/ stable main

Exit out of that, then download the keyring, update your sources, and
install I2P with these commands:

wget https://geti2p.net/_static/i2p-debian-repo.key.asc
sudo apt-key add i2p-debian-repo.key.asc
 sudo apt-get update

sudo apt-get install i2p i2p-keyring -y

sudo dpkg-reconfigure i2p

You'll get a question asking if you want to start I2P at boot, as well as
how much RAM you want to give. I set it to start at boot, and gave it
400Mb.

If you've gotten to this point, you now have I2P installed! But you've still
got a little bit more to go!

Configuring I2P
There's still a few things that we need to tweak to get I2P fully up and
running. The first thing we're going to do is type 'exit' into the terminal,
before reconnecting, but this time slightly differently:

ssh -L 7657:127.0.0.1:7657 i2p@[Enter IP Address Here] -p [Enter SSH

What this command has just done, other than log you into the server,
is forward the 7657 port on your computer to 7657 on the server. This
means that if you pump the following link into your browser, you'll be
connected to the I2P web interface on the server:

http://127.0.0.1:7657/config

The first thing we'll change here is the bandwidth, setting it to

400KBps, sharing 100% of it. This equates to just over your 1TB limit on
the $5 droplet (if you chose a larger droplet size, you may want to raise
this).
Now we'll go to the Network tab and write down the default port that's
been set. We're going to need to add a firewall for this a bit later.

Navigate to the Tunnels tab, and set the exploratory tunnel length,
quantity, and backup quantity all to their maximum. This will integrate
your router more quickly into the network. Setting up tunnels is quite
expensive on the CPU, so you might want to lower this later once your
router is fairly integrated and pushing a high bandwidth, but I find it
helps integrate the router quickly on initial setup. It will be a good idea
to write down the default settings before changing them so that you
can revert later.

Last but not least is to add that firewall rule to make I2P accessible. Go
back to your terminal and add a UFW rule for the port you noted
previously:

sudo ufw allow [Enter I2P Port Here]

And that's pretty much it. I2P should be up and running, and after a
few minutes the console page should read 'Network: OK' on the left
hand side.

Loose Ends
There's still one loose end we need to tie, and that's sudo permissions.
Right now your i2p user is allowed to do anything, and we want to
tighten this up a bit.

sudo visudo

Now you want to change where it says 'i2p ALL=(ALL:ALL) ALL' to:
 i2p ALL=(ALL:ALL) /usr/sbin/service i2p *, /usr/bin/apt-get

What we've just done is allow the i2p user to install or update
software, and start/stop/restart the i2p service. Other than that they're
all locked down. If you ever want to change this you'll have to log in as
root and update the permissions again. But for now, let's get out of
here:

exit

You're Done
That's pretty much it. It will take a few days for the bandwidth to start
creeping up, but you've now got a high bandwidth router contributing
to the I2P network. Remember to log into it every once in a while to
update the system. Other than that though, it should be fairly set-and-
forget.

Want to upgrade your online privacy? I use NordVPN to encrypt my

traffic and route it across the globe, and Spideroak for rock solid
encrypted cloud storage!
 Tutorials Articles About

I2P Services | A Curated Guide to I2P

Category: Else
A 3 Minute Read
31 Jan 2015

Image By Daniel Rehn

Lately, several articles have been published about I2P largely due to
the Silk Road moving from Tor. Some of these articles have done a
good job in covering I2P, others not so much.

It seems that one of the hurdles that authors are having trouble with is
understanding the idea that there is more to I2P than simply a drug
market. Thus, here’s a list of various I2P services that aren’t drug
markets, that may still be of interest. Many of the services have clear-
net alternatives, the advantage being that on I2P your activities are
anonymous and secure.

Each link is a b32 address, meaning that you shouldn’t need an

address book lookup, and should be able to go directly to the site.

Also, some content on these websites is under copyright, and thus

downloading it may be illegal in your area. I don’t publicly endorse
piracy, and thus download them at your own discretion. I’m merely
trying to convey the techno-geographical landscape of I2P for
educational purposes. (i.e. don’t Barret Brown me).

File Sharing
Tracker2.postman.i2p

This is one of the top sites on I2P. It features thousands of

torrents which can be loaded up onto your torrent client for secure,
anonymous file-sharing.

Ebooks.i2p

This has a fairly good library of ebooks that can be searched and
downloaded. As of writing this there are 30898 books waiting to be
downloaded.

Tome.i2p

Another ebook library which is currently being reorganized, yet

still has hundreds, if not thousands of ebooks.

Communication
I2P-Bote
 This is a secure, distributed messaging platform similar to email,
but superior in many ways. For more information read my tutorial.

Email

This is a much more typical email service that comes default on

your I2P router. It also allows emails to be sent to the clear-net.

IRC

There’s no link for this one because you’ll need to use an IRC
client. But I2P is home to some great discussions, and there’s some
information on the I2P router console on how to set it up.

Hosting
Personal Website

With I2P comes a built-in anonymous webserver. Here you can

build your own website and host it for free, allowing anyone else on
I2P access to it.

Pastebin

There’s not a lot to say on this one, except that it’s a simple
pastebin which you can use anonymously.

Id3nt.i2p

I2P’s Twitter. It’s a microblogging platform which currently has

over 1100 users.

Git hosting

Anonymous Git hosting for sharing source code.

Forums
Zzz.i2p

A forum for discussion of I2P development. Tends to be fairly

active as far as darknet forums go.

Forum.i2p

A more general discussion forum. This is a good place to go for

general discussion, technical help, as well as development of I2P and
related services.

How-To/Wikis:
Ugha.i2p

A wiki with how-to guides on a variety of topics. A good place for

both new and experienced users.

Killyourtv.i2p

This site has both tutorials, as well as a list of services which it

provides. There’s everything here from how-to’s to Python
documentation.

Irongeeks.i2p

Notes from Tor and I2P workshops, hosted by Adrian Crenshaw.

There’s quite a bit of information here on installing and tweaking
various aspects of both I2P and Tor.

Privacyhawk.i2p

More step-by-step tutorials. This includes some good guide on

installing hardened Gentoo, configuring Thunderbird to access your
 I2P mail, signature verification in Windows, etc. It’s not pretty, but it’s
quite useful.

Secure.thetinhat.i2p

Easily the best site on I2P (kidding of course). This is the I2P
mirror of what you’re reading now. Includes tutorials and regular
blog posts.

Miscellaneous
Eepcast.i2p

If there was ever a right time to use the phrase Pirate Radio, this
would be it. Underground 24/7 radio station streaming right to your
PC through I2P.

Keys.echelon.i2p

A PGP key server where you can upload and download PGP keys.
Not a lot to say here other than that its a good choice for anyone
hoping to distribute their keys anonymously.

Planet.i2p

A feed aggregator for posts made on various I2P websites (except

this one). Its a good place to discover content and keep up to date
with the I2P community.

Tahoe-Lafs

This is a distributed, cryptographically secure file store that

operates over the I2P network. Tahoe-LAFS is fairly complex, so I’d
recommend you read their documentation, but know that most of
 Tutorials Articles About

How To Actually Torrent Privately & Anonymously

For Free
Category: Darknets
A 6 Minute Read
09 Feb 2017

Image By Shane Adams

Despite all their political baggage, torrents are undeniably one of the
most efficient and effective ways to distribute data. Their speed and
resilience are part and parcel to their popularity. However, because of
their design they also easily expose those who use them.

Political/social/philosophical debates aside, torrents present a serious

privacy problem for their everyday users. Indeed, anyone can watch
who torrents what. This tutorial will describe two separate ways, each
with their pros and cons, to route around this issue.

Weak Privacy, Fast Speed: VPN

The most popular method to achieve privacy while torrenting is to use
a VPN. Of course, this comes with a very large caveat that will be
covered shortly. Nevertheless, VPNs work by routing your traffic
through a given server, often in a location of your choice. Importantly,
the server that routes your traffic will also route the traffic of
hundreds, if not thousands of other users. Assuming that the VPN
company doesn’t log who is using the VPN server (a big assumption),
there’s no way for the average actor to tell where the traffic came from
behind the VPN.

What this means is that if you’re downloading a given file using

torrents, all the peers that you’re sharing with will only see the VPN
server’s IP address rather than your own. Of course, they can still
approach the VPN company to try and determine who was behind the
VPN, but most decent VPNs promise not to hand over this
information. Moreover, if your ISP is watching they will also only see
garbled data instead of the actual files, because VPNs encrypt all the
data that passes through them.

Now for the caveat: unfortunately, VPN companies work exclusively

based on promises, and promises are easily broken without you, the
customer, ever knowing. While a VPN company may claim not to log
traffic, you have no way to verify that they’re keeping to this promise.
When faced with the threat of legal action a VPN company may very
well just reveal your information, rendering the privacy they claim to
provide completely null.

With that said, VPN companies are also extremely reputation based,
and if a user were to face negative consequences because the VPN
company broke their privacy guarantee, then news would spread like
wildfire and they would likely lose much of their business quite rapidly.
Moreover, VPNs are also quite fast, allowing you to download files
quickly. Whether you accept these risks is a decision that is exclusively
your own.

If you do head down the path of VPNs, know that you’ll want to either
find one that has drop protection built into the provided software, or
(if you’re on Linux) check out my tutorial on using firewall rules to
protect against VPN drops. The reason that this is necessary is that if
the VPN suddenly disconnects and you don’t have adequate
protection in place to stop your torrents, you’ll end up revealing your
real IP address, which may or may not land you in trouble.

Strong Privacy, Slow Speed: I2P (via Vuze)

I2P is an online anonymity network that leverages the wonders of
cryptography to provide strong privacy. Indeed, if a VPN provides
privacy by policy, then I2P provides privacy by design. It relies less on
promises and more on mathematics to provide the utmost level of
protection. While it operates much slower than a VPN, it is also much
more private and secure, and is completely free.

I2P works by encrypting your connection and routing it through not

just one server, but several servers in such a fashion that by the time
your traffic reaches its destination it is nearly impossible to determine
where it originated from. This is similar to Tor, but with a notable
difference being that the Tor network is not designed to handle heavy
traffic (i.e. torrenting), whereas I2P proudly encourages it.

For this reason, there are a few options available for torrenting on I2P,
with the strongest being through Vuze, a torrent client with an
optional I2P plugin called I2PHelper. I2PHelper has a built-in I2P client,
meaning that you don’t need to bother with the rather clunky I2P
interface.

Installing an I2P-enabled Vuze client is easy. First, head over to Vuze’s

website and download and install the Vuze client. Next, open Vuze and
head to the Tools menu, navigate to Plugins, and finally the Installation
Wizard. Select By List, click Next, and scroll down until you find the
I2PHelper plugin. Select it, click next, and complete the rest of the
installation.

Next, we need to configure I2PHelper just slightly. Navigate again to

the Tools menu, but this time click on Options. On the Mode menu in
the left panel, select Advanced as the user proficiency to give yourself
more options in the interface. Next, head down to Plugins>I2PHelper,
again on the left panel. Here you can adjust your bandwidth. Set it to a
reasonable level based on how much of your network connection you
are willing to share (I set mine to unlimited).

Finally, go to the Connection menu in the left panel, and scroll down to
the Networks option set. This is where you will select whether you want
torrents to be downloaded through the regular internet, through I2P,
or through Tor. If you want the utmost anonymity, select I2P. Do not
select Tor for this, as you will harm the network. Finally, click save and
exit the options.

Do know that initially any torrents that you download will be painfully
slow, but over time as your computer becomes better known on the
network your connection will become faster until it is no longer
painfully slow, just slow.

Finding Torrents
Other than the slower speeds, the main downside to torrenting with
I2P is torrent availability. Indeed, you can’t just download any torrent
through I2P. Instead, you must find torrents that are already being
shared by other I2P users. There are two ways to go about this.

First, you could head over to my I2P introduction tutorial and learn
how to navigate to hidden services (websites not available on the
regular internet) on I2P, where you will find a torrent tracker called
Postman. Any torrent you find on Postman will work reliably with I2P,
but the only downside is that the selection isn’t as large as what is
available on the clearnet.

If, on the other hand, you want to download torrents you find on
regular torrenting websites like The Pirate Bay (yes, .torrents, magnet
links to the clearnet won’t work with only I2P enabled), you’ll have to go
through a bit of trial and error. This is because Vuze’s I2PHelper allows
users to torrent both on I2P and the clearnet in parallel, a feature it
calls network mixing. This means that if you download an Ubuntu
torrent, for example, it will download and share Ubuntu through the
regular internet, but it will also go onto I2P and download and share it
there as well.

The implication of this is that if other I2PHelper users have already

downloaded a regular torrent on the clearnet and are sharing it on I2P
through network mixing as well, then you’ll be able to download it
from them exclusively through I2P. Knowing which torrents are
available through network mixing, however, involves simply adding
them to Vuze and hoping that they find peers, which is by no means a
guarantee. Again, using Postman is a much more reliable method,
even if selection is more limited.

Network Mixing for the Public Good

If, on the other hand, you’re comfortable with the increased speed and
risk of a VPN, but would also like to help those who use I2P exclusively
to torrent, then you’re a prime candidate for enabling network mixing.
Do note that you won’t gain any real benefit in terms of privacy
through this route as your weakest link will still be the VPN, but you’ll
be helping build a more secure and private torrent network by making
more content accessible to it.

The only necessary change to enable this is to go back into Vuze’s

Options menu, navigate to the Connection settings on the left pane,
scroll back down to the Networks option set, and select both Public IP
Network and I2P Network as your default torrent networks. With these
enabled, everything you download through the clearnet will also be
available to those who only use I2P. Just don’t forget to enable your
VPN before you begin torrenting!

Want to upgrade your online privacy? I use NordVPN to encrypt my

traffic and route it across the globe, and Spideroak for rock solid
encrypted cloud storage!

Share, Follow & Comment

 I2P - The Invisible Internet Project
Felipe Astolfi Jelger Kroese
Leiden University Leiden University
fastolfi@gmail.com jelgerkroese@gmail.com
ABSTRACT
I2P is an open source Internet technology that makes it
possible to use and provide Internet services anonymously. It
does so by creating a hidden network within the Internet, a
Darknet. This report looks into the history and development
of the software, the way I2P works and provides a short
developers guide for setting up a website within the I2P
network. Next to that, some applications of I2P are covered,
including anonymous emailing, web hosting and file sharing.
Furthermore, I2P is compared to another anonymizing
internet technology called Tor by looking at their strengths
and weaknesses with regard to different applications. It is
concluded that I2P currently offers high levels of anonymity
and is quicker than Tor for some applications within a
Darknet. Though, for accessing the regular Internet
anonymously, Tor proves to be a better option. However, I2P
is still beta software which requires more development. With
more research, funding and a larger user base it could
potentially provide a faster and more secure way of using
Internet services anonymously than is currently offered by
other applications.
1. PURPOSE, CONTEXT AND HISTORY
The Invisible Internet Project (I2P) is an anonymous network
that can be accessed through regular web browsers. It acts as
a layer upon the internet, which provides users the possibility
to anonymously exchange data. In this way it creates a
network within the Internet. All aspects of the network are
open source, so it can be used to both create web services and
to use web services anonymously. The network has no
central point of communication, which means that there is no
central point where security or anonymity can be
compromised. Since absolute anonymity does not exist, there
is always a tradeoff between security protection and the
computational power needed to make or break the security.
In I2P, users are in control of the level of security, anonymity,
bandwidth usage and latency to meet their specific needs [5].
I2P has been a beta release since its development started in
2003. It has been constantly updated between then and now,
but its founders still claim that it needs more peer reviews
and research for a stable release.
 February 2003: I2P proposed as modification to
Freenet, another anonymous network [10].
 April 2003: I2P grows into own platform as
‘anonCommFramework’ [10].
 July 2003: anonCommFramework becomes I2P
[10].
Jeroen van Oorschot
Leiden University
post@jeroenvanoorschot.nl
 August 2003: start of writing code [10].
 March 2014: Internet search company
DuckDuckGo awards $5000 to I2P, as part of their
open-source donation program [6].
 August 2014: launch of the Privacy Solutions
project, a new organization that develops and
maintains I2P software [6].
 August 2014: Privacy Solutions releases I2P
Android on Google Play [6].
2. OPERATING PRINCIPLES
The I2P network consists of a group of virtual routers. A
router is a piece of software that enable applications to
communicate with each other through the network [14]. The
key point that ensures anonymous communication is the fact
that sender and receiver do not communicate with each other
directly, but through multiple other routers. Everybody using
the network acts as a router as well, so each router constantly
sends and receives a multitude of messages. Some of these
messages might be directed to or coming from that specific
user, but in most cases it will just act as a hop to send other
people’s communication through. Since these types of
communication are undistinguishable it is nearly impossible
to see what communication takes place between which
persons in the network. Thus anonymity is achieved.
2.1 ROUTING MESSAGES THROUGH I2P
I2P can be seen as a secure and anonymous IP layer, where
instead of addressing messages to IP addresses, they are
addressed to location independent identifiers. Also the
messages can be significantly larger than IP packets [6].
All communication between routers goes through tunnels. A
tunnel is a unidirectional path through multiple routers. The
outbound tunnel is a path that is only used to send messages
away from the tunnel creator, the inbound tunnel is a path
that is only used to send messages towards the tunnel creator
[2]. Every router has multiple inbound and outbound tunnels.
Figure 1 shows how a message is transferred from one person
to another through the I2P network. In order to send a
message from Bob to Alice, it first goes through Bob’s
outbound tunnel. At the end of Bob’s outbound tunnel it
enters Alice’s inbound tunnel (possibly after passing through
more routers), which eventually delivers the message to
Alice. By using separate tunnels for incoming and outgoing
messages, both Bob and Alice can set the minimum amount
of hops (routers) they want to use for their communication.
This ensures that communication will always meet the
minimum security level they require, while still operating
under workable latency levels.
Figure 1. The transfer of messages through the network
(adapted from [12]).
2.2 CONNECTING PEERS
To know the flow of messages through the I2P network, we
need to know how connections between individuals are
established. When Bob wants his message to reach Alice, he
needs to know two things: which routers to target in order to
send the message through his own outbound tunnel and the
tunnel entry points of Alice’s inbound tunnels leading to
Alice’s destination.
These pieces of information are called the router information
(routerInfo) and a leaseSet respectively. The Network
Database (netDb) is a distributed hash table based on the
Kademlia (see [3]) protocol. It contains this information and
consists of a pair of algorithms that share it [2].
For communication Bob first needs to build a tunnel. He uses
the routerInfo for this, which he requests in the netDb. The
routerInfo contains:
 Routers identity [11];
 Contact address (IP and port number) [11];
 When it was published [11];
 Set of text options (for debugging) [11];
 Signature of the data above [11].
Figure 2 shows how a tunnel is built. Alice gathers info from
a list of routers she wants to use for her tunnel. She then
sends a build message to the first connection and instructions
to give a build message through to the next router, until the
tunnel of the desired length has been created.
Now the tunnel has been created, Alice needs information
about the destination she wants to reach with her message, in
this case Bob. For this she requests Bob’s current leaseSet at
the netDb.
A leaseSet is a set of multiple leases. A lease contains:
 The tunnel gateway router (by specifying its
identity) [11];
 The tunnel ID on that router to send messages with
(a 4 byte number) [11];
 Expiry date of that tunnel [11].
Next to these leases, a leaseSet contains:
 The destination itself (a 2048bit ElGamal
encryption key, 1024bit DSA signing key and a
certificate) [11];
 Additional encryption public key: used for end-to-
end encryption of garlic messages [11];
 Additional signing public key: intended for
LeaseSet revocation, but is currently unused [11];
 Signature of all the LeaseSet data, to make sure the
Destination published the leaseSet [11].
Alice can now send this information through her outbound
tunnel, with instructions for the outbound tunnel’s endpoint
to send her message to Bob’s inbound gateway. Bob’s
inbound gateway sends the message through the inbound
tunnel, after which Bob receives and decrypts the message.
Alice can also include her own leaseSet with the message, so
Bob can contact her for a response, without having to request
Alice’s leaseSet at the netDb, however this is optional.
Figure 2. Using routerInfo to build a tunnel [11].

Figure 3. Using a leaseSet to reach a specific destination in the
network [11].
2.2 CRYPTOGRAPHY
In order to establish anonymous and secure communication,
I2P uses different layers of encryption. Communication
between routers is protected by transport layer security. The
transport layer encrypts each packet with AES256/CBC.
Keys are exchanged by a 2048-bit Diffie-Hellman exchange
(see [1]).Tunnel messages are encrypted with AES256/CBC
encryption with an explicit IV and verified at the tunnel
endpoint with an additional SHA256 hash [7].
Other messages are wrapped in “Garlic messages”, which are
typical for the I2P encryption. This name is derived from the
“Onion encryption” used by another anonymous network
application called The Onion Router (Tor). It allows
encrypted routing of messages through tunnels. In both
Garlic and Onion encryption, a message is wrapped in
multiple layers of encryption (like the different layers of an
onion covering the center). When the message is sent through
a tunnel, one layer is “peeled off” with each hop, revealing
the next layer of encryption and instructions to send it to the
next router in the tunnel. Garlic encryption additionally
offers the possibility of adding multiple messages (cloves)
inside the layers of encryption. I2P uses this to send two extra
messages next to the original message (figure 4):
 A Delivery Status Message: contains instructions to
send a delivery confirmation back to the originator
of the message
 A Database Store Message: contains a leaseSet for
the destination of the originator of the message
By sending these extra messages, less requests have to be
done to the netDb, which improves latency and reduces the
risk on traffic analysis attacks [7].
Figure 4. Routing of a garlic message that contains three
cloves [7].
3. STRENGTHS AND WEAKNESSES
Multiple applications exist that offer anonymous access to
online content. From these, Tor is by far the most widely used
and the most important reference point. Therefore, we will
compare I2P to Tor in this section before we dive into the
strengths and weaknesses of I2P.
3.1 I2P VS TOR
Both Tor and I2P allow anonymous access to online content,
make use of a peer-to-peer-like routing structure and operate
using layered encryption. But they also differ in some
respects.
The most important difference is that Tor was designed as a
proxy service to access the regular Internet anonymously,
while I2P is designed to create a network within the internet
and contains all its applications reside within its own borders.
Tor has now implemented “Hidden Services” that enable the
use of a network within the regular Internet. I2P, on its turn,
has implemented an application that allows users to connect
to the regular Internet. So while in theory both can be used
for the same applications, practice learns that both Tor and
I2P are much more efficient when used in the way they were
originally intended to be. Another difference is that everyone
using the I2P network acts as a ‘node’ to transfer other
people’s communication. In the Tor network users need to
deliberately choose to become a node. Finally, Tor is written
in C whereas I2P is written in Java.
3.2 STRENGTHS OF I2P
 One of the main characteristics I2P is both its
principal strength and weakness. Designed to be a
self-contained network system, all of its content
cannot be reached from outside and vice-versa.
 It can do nearly everything as the regular Internet
can do, but anonymously. [12]
 Applications within the network are specifically
built for I2P. This it much faster to use them than
using Tor’s hidden services to access similar
applications. [12]
 Short-lived Tunnels in I2P decrease the number of
samples that an attacker can use to mount an active
attack.
 Peer-to-peer anonymizing service makes sure that
all clients on the network also act as routers, which
potentially (depending on the size of the user base)
offers a high level of anonymity.
 It’s very well organized. They have a public and
regularly updated task list describing coming
developments, a list of supported and a well-
documented application programming interfaces
(API’s) for building applications, a transparent use
of the donations, a list of academic papers about I2P
and open research questions.
3.3 WEAKNESSES
 There were a few outproxies that one could use to
access regular Internet through I2P, but almost all
of them are gone. The only outproxy is false.i2p
which has [9]. They state if your primary reason to
use an anonymous network is to anonymously
access sites on the regular Internet, you should use
Tor [9].
 The Low amount of users generates a limited
number of nodes, which means it is (in theory) less
anonymous. In comparison, Tor has a bigger user
base, more funding, support of academic and hacker
communities and with even developers in the pay
list [12].
 It’s still considered experimental software, in beta;
despite its creation in 2003 [6].
 It’s slower than the regular Internet. The encryption
and routing within the I2P network adds a
substantial amount of overhead and limits
bandwidth. However, when more users are
connected to the I2P network, its speed increases
[9].
4. TYPICAL APPLICATIONS
The applications available through I2P are similar to the
regular basic internet applications such as web browsing, e-
mail, blogging and forums, website hosting, real-time chat
(IRC), peer-to-peer file sharing (Torrents) and decentralized
file storage.
4.1. I2P E-MAIL
With a secure and decentralized e-mail service inside I2P,
like other applications, it’s not possible to send messages to
e-mail accounts outside I2P on the regular Internet. I2P uses
strong cryptography and mixing techniques to ensure
security and anonymity [7]. The default e-mail service is so
decentralized that if one would lose a password, it can’t be
retrieved nor reset; it is lost forever.
4.2. EEPSITE (WEBSITES)
Eepsites are the I2P equivalent of website on the regular
Internet. They can contain the same content as regular
websites, although for security reasons Javascript and
plugins are best disabled. Furthermore, due to the lower
bandwidth, most websites employ little bandwidth intensive
media such as images or video and very simple styling. An
important difference with the regular Internet is the absence
of a central Domain Name System (DNS). .i2p Domains can
be registered by anyone and are mostly communicated to
other users through an address book service [4]. In paragraph
six, we’ll provide a quick start guide for setting up an eepsite.
5. SURPRISING APPLICATIONS
There aren’t any really surprising applications, because the
idea of i2p is to have the same features as the regular
internet. We found two applications more interesting to use
on or with a private and self-contained network.
5.1. ANDROID APPLICATION FOR I2P
Still under development and it does not currently provide
strong anonymity [8], but the Android application will enable
a mobile device to access the I2P network. We feel it has a
lot of potential as a secure and anonymous way to access the
network, as a dedicated portable device with prepaid internet
sim-cards is more anonymous by default than a PC used for
other purposes or connected to a landline. At least it’s
cheaper and more widely available.
5.2. TORRENTS
Using torrents over I2P is more secure and anonymous than
VPN services, and for example not possible in Tor. The
torrents available on I2P are mainly copies of the Pirate Bay,
backups of leaked government documents, and books that
have been banned in some countries [13]. An interesting
thing to note is that if an attack or legal measures would ban
torrent from the regular Internet, torrents on I2P could gain a
lot popularity and support. Again, the main drawback it’s the
low speed.
6. GETTING STARTED
One of the main services i2p provides is hosting your own
website. These hidden services are dubbed eepsites. The i2p
client comes with a webserver pre-installed, called Jetty.
When you start this webserver, a sample page with all the
instructions on to set it up is displayed. This webserver has
however limited functionality, as it doesn’t support PHP or
MySQL for example.
In this quick start guide we’ll describe how to set up a
webserver with more advanced functionality. Some basic
understanding of Apache might come in handy. In this
example, we assume a virtual host with the desired
capabilities running at mysite.local on port 8383.
6.1 SETTING UP A TUNNEL TO YOUR WEBSERVER
When the service has started and is properly configured,
browse to the Hidden service manager:
http://127.0.0.1:7657/i2ptunnel/
Click the Tunnel wizard button, select Server tunnel. Here
you select an HTTP tunnel to which you assign a name and
a description.
On the Binding address and port screen, enter the hostname
and the port (mysite.local and 8383 in our case). Check the
box on the final page of the wizard to start the server
automatically when you start I2P.
6.2 ASSIGN A .I2P DOMAIN TO YOUR WEBSITE
In the Hidden service manager, click on your newly created
tunnel. You’ll see that the Website name field is still blank.
You can fill in any lowercase address ending on .i2p;
mysite.i2p for example. However, beforehand it is wise to
check with at least your local address book and a jump
service such as stats.i2p if the name isn’t already taken. As
there is no central authority, such as DNS on the regular web,
conflicting domain names can occur. REFERENCES
1. Al-Aali, G., Boneau, B., and Landers, K. Diffie-
While you’re still on the settings page of the server, click Add Hellman Key Exchange. In proc. CSE 331, Data Structures
to local address book and save the b32 address or click on Fall 2000, University of Notre Dame (2000), 67-74.
details to obtain it. Click Add in the bottom right corner to
add your website to the local address book. 2. Kubieziel, J. To Be or I2P: An introduction into
anonymous communication with I2P. Lecture at 24C3
6.3 CONFIGURE LOCAL SETTINGS (2007).
Find your host file (on Windows, it’s located in
C:\Windows\System32\drivers\etc) and add the following 3. Maymounkov, P. and Mazières, D. Kademlia: A
line to test server: Peer-to-peer Information System Based on the XOR Metric.
In IPTPS '01, Springer-Verlag (2002), 53-65.
mysite.i2p=xyz.b32.i2p
4. Stats.i2p Address Service.
Where mysite.i2p is the address you chose and xyz.b32.i2p http://stats.i2p/i2p/addkey.html
is the b32 address you saved. When you type in your .i2p 5. The Invisible Internet Project. https://geti2p.net/
address in the browser, your server page should pop up.
6. The Invisible Internet Project: Blog.
6.4 REGISTER YOUR .I2P DOMAIN geti2p.net/nl/blog/
Browse to Stats.i2p [4] to add your .i2p site to their database.
The local key you enter here is the long key you’ll find on 7. The Invisible Internet Project: Cryptography.
the settings page of your newly create tunnel. https://geti2p.net/en/docs/how/cryptography
8. The Invisible Internet Project: Download.
It can take a couple of hours up to a few days before your site https://geti2p.net/en/download
is fully registered. Remember that only users using the
stats.i2p jump service or address book propagation service 9. The Invisible Internet Project: FAQ.
will be able to find your website at the designated .i2p https://geti2p.net/en/faq
address. If you want to share your website with others or 10. The Invisible Internet Project: Introduction to I2P.
immediately, share the b32 address (anonymously!). geti2p.net/nl/docs/how/intro
7. FINAL THOUGHTS 11. The Invisible Internet Project: Technical
Introduction. https://geti2p.net/en/docs/how/tech-intro
Having all the same features as the regular Internet with the
possibility of more anonymity and security is really 12. The Invisible Internet Project: Tor / Onion Routing.
attractive. We believe that a self-contained anonymous https://geti2p.net/en/comparison/tor
network is a prerequisite for the freedom of speech in the 13. The Tin Hat: I2P: Welcome To The Darknet | How
Internet Age. A lot of work needs to be done, not only to Configure I2P.
developing tools but making it more user friendly and https://thetinhat.com/tutorials/darknets/i2p.html
quicker. Despite not being as popular as Tor, we believe there
14. Timpanaro, J.P., Chrisment, I., and Festor, O. I2P's
is a future for this technology, especially with the use of
usage characterization. In proc. TMA'12, Springer-Verlag
torrents and e-mailing.
(2012), 48-51