Tags

, , ,

Given how easy it is to get started with I2P, I’m surprised it hasn’t got anywhere near the same attention as Tor. Like Tor, I2P is an overlay network that creates a multi-layered outbound tunnel through a series of ‘routers’, and each router along a path can only decrypt one layer. A separate inbound tunnel is created for inbound traffic. In theory, the payload is only accessible to the endpoints. The routing and addressing of I2P peers is also decentralised.
For the users, getting started is a simple matter of downloading and running the client/server software, and waiting for it to build a list of reachable clients.

Pseudonymity
I used the word ‘pseudonymity’ intentionally, and it has a specific meaning – most of us want an online identity, but it’s not always desirable to associate it with our offline lives. As it stands, with most people using social media on the clear Web, it’s fairly trivial to identify who posted what, since profiles are mostly based around real names and real world identities. If you’re using FaceBook, Google and generally social media, there’s a good chance the service providers have built a fairly detailed profile of you – the town of residence, the sites you browse, the people you hang out with, etc., regardless of how much of that info is public. Censorship and surveillance has never been easier, when almost everything’s in the hands of Google, FaceBook, Twitter, etc. So, there are two issues that result in a gross information asymmetry: the triviality and low cost of mass surveillance, and the centralisation of our means to communicate. I2P is a solution to both of these.

Pseudonymity is about creating a profile and identity, but keeping it separate from our real world, identities. That separation could safeguard freedom of expression by enabling the sharing or challenging of controversial ideas without fear of recrimination. Thankfully this is already possible with I2P, Tor, (carefully selected) VPNs and a little understanding of how to sanitise browser traffic. With Tor and I2P, it is possible to have a domain, site and email address that are separate from the clear Web.

Starting I2P
Although the I2P software is more or less usable straight out of the box (at least for Windows), it works much better after waiting about 30 minutes for the client/server to build its list of peers.

When the I2P application is installed and run, it starts the default Web browser with the GUI loaded. This is where users can restart the proxy’s tunnels, view the network status and access some of the hidden services. Clicking the logo at the top-left will toggle the interface between the hidden services menu and the management console.

i2p-application-set

Next, the browser must be configured to route traffic through the local I2P proxy. Go to Internet Options or wherever the connection settings are for the browser, and point the proxy settings to 127.0.0.1 on port 4444. If you’ve got multiple proxies installed on a machine for different things, the FoxyProxy extension for Firefox provides an easy way of switching between them.

One of the weaknesses of Tor and I2P is they mask only the IP addresses of the clients, and not much else – this is why they won’t guarantee anonymity on their own. The payload might still include identifying information, and ideally you’d have something for stripping that identifying information before it leaves the local network. It should be possible to chain I2P and Privoxy, in the same way we might do for Tor, in order to strip potentially identifying information from browser traffic. It’s also possible to use Lynx, with the proxy addresses for HTTP and HTTPs configured in lynx.cfg.

As with the .onion services, not all the I2P services are available at a given moment. Some are offline and others take a while to reach.

Firewall Rules
Apparently firewall configuration isn’t necessary, but I added inbound and outbound rules anyway, just to see whether it made a difference. This can be done by opening the Windows Firewall GUI, and selecting ‘New Rule…’. Here we want to create a rule for a program (‘Rule that controls connections for a program’).

i2p-firewall-rule-1

Find the I2Psvc.exe file in Windows Explorer (C:\Program Files\i2p\) and paste its location into the New Inbound Rule window.

i2p-firewall-rule-location

Proceed with the default options and do the same for the outbound rule.

Email
Of course, an anonymous email account is a necessity, and we have two options: either register a clearweb account over a VPN connection or use an I2P email service. Here I’ve registered a test account with mail.i2p, which is administrated by Postman HQ (hq.postman.i2p).
The downside with this is that mail can only be routed through the I2P network, not from a clearweb mail account to the mail.i2p server or vice versa.

Personal Site
A hidden service on the I2P domain is referred to as an ‘eepsite’. Each user can create their own site/service using the local proxy as a Web Server. As I’ve mentioned, this is likely how social media profiles and groups would be hosted in a few decades.
The server directory is found at C:\Users\[user name]\AppData\Roaming\I2P\eepsite.

eepsite-files

To put this online, click the Hidden Services Manager link under the I2P Internals section, and start the I2P Web server.

i2p-start-web-server

After the Web server is fully operational, which takes a few minutes, the local I2P address is found in the Hidden Services Manager, under Edit Server Settings. Changes to this address should eventually propagate through the I2P addressing system.

get-local-i2p-address

Advertisements