The Invisible Internet Project (I2P) is a network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user’s traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world.
The Invisible Internet Project began in 2002 and has been active since that time.
How Does I2P Protect Me?
The server is hidden from the user and the user from the server. All I2P network traffic is internal to its network. Traffic inside the I2P network does not interact with the Internet directly. It is a layer on top of the Internet.Encrypted unidirectional tunnels are used between you and your peers to send traffic. No one can see where that traffic is coming from, where it is going, or what the contents are. Additionally I2P transports offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.
Distribution All traffic on the I2P network is encrypted. An observer cannot see a message’s contents, source, or destination. All traffic you route as a participant is internal to the I2P network, you are not an exit node. The network does not do distributed storage of its content ( like Freenet or IPFS). By participating as a node you are not storing content for anyone.If there are hidden services which you dislike, you may refrain from visiting them. Your router will not request any content without your specific instruction to do so.
Is Using I2P Dangerous?
The I2P network is an overlay network. There are no dangers in using an overlay network. If you are engaging activities that are illegal or dangerous on the internet, that does not change if you are using an overlay network.
Regarding using overlay networks, the Java implementation includes a “Strict Countries List” that is used to decide how I2P routers should behave within regions where applications like I2P may be limited by law. For example, while no countries that we know of prohibit using I2P, some have broad prohibitions on participating in routing for others. Routers that appear to be in the “Strict” countries will automatically be placed into “Hidden” mode.
When a router is placed into hidden mode, three key things change about its behavior. It will no longer publish a routerInfo to the NetDB, it will no longer accept participating tunnels, and it will reject direct connections to routers in the same country that it is in. These defences make the routers more difficult to enumerate reliably, and prevent them from running afoul of restrictions on routing traffic for others.
OPSEC Keep track of what profiles you maintain and what services you interact with no matter what network you use. Perform personal risk assessments. The I2P Java software ships with very good defaults for hops for privacy without sacrificing performance.
What About “De-Anonymizing” Attacks? Reducing anonymity is typically done by:
A) identifying characteristics that are consistent across identities or
B) identifying ephemeral characteristics of repeated connections.
Attacks on I2P in the past have relied on correlating NetDB storage and verification. By randomizing the delay between storage and verification, we reduce the consistency with which that verification can be linked to I2P activity, thereby limiting the utility of that data point. Attacks on software configured to work with I2P are out of scope for I2P to solve. When browsing I2P, hosting or using I2P services, it is the responsibility of the user to consider their threat model.
How Do I Connect To the I2P Network?
The core software (Java) includes a router that introduces and maintains a connection with the network. It also provides a handful of applications and configuration options to get you started and personalize your experience.I2Pd is a C++ implementation of the I2P protocol. When using I2Pd you will need to edit configuration files, with Java I2P you can do it all within a user interface.
What Can I Do On The I2P Network?
The network provides an application layer that allows people to use and create familiar apps for daily use. Additionally, the network has its own unique DNS so that you can self host or mirror content on the network. The I2P network functions the same way the Internet does. The Java software includes a BitTorrent client, and email as well as a static website template. Other applications can easily be added to your router console.
What Is the Best OS To Use?
The I2P core software is cross platform. The best OS to use is the one that you feel most comfortable using.
Do I Have To, Or Should I Use I2P in Qubes or Whonix? Am I Not Safe If I Use Something Else?
This depends on your personal threat model. Generally speaking, I2P in Qubes or Whonix are very strong security measures. You can usually use the I2P software with a Firefox or Chromium browser without worry.
It is more important to exercise caution with who you communicate with and how. If you’re doing something that attracts the attention of people with the time and energy to carry out massive, scaled up attacks or sophisticated zero-day attacks, then something extremely thorough like Qubes is an option. On the other hand, if you’re just hosting your blog or surfing I2P sites, then chances are you’re fine just using the OS you’re most comfortable with. The real answer is conscientiousness, don’t say anything you’re not comfortable with somebody repeating.
I Can See My IP Address?
Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P software is public, nobody can see your activities in the network. For instance, you cannot see if a user behind an IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the network.
Firewalled Status?
A firewalled I2P router can still access the I2P network. However, if you want to provide extra capacity to the network, it is necessary to open ports.Open I2P’s port on your modem, router and/or firewall(s) for better connectivity (ideally both UDP and TCP).For more information about Port Forwarding: https://portforward.com/
Browsing Functions in I2P
A properly configured browser supports accessing content on the I2P network ( I2P sites and services ) and accessing clearnet content via the outproxy service specified in the Hidden Services Manager of the I2P router.
Instruction for configuring a browser are outlined here: https://geti2p.net/en/about/browser-config .
There is also a Firefox based extension ( I2P in Private Browsing Mode ) that can be found in the the new experimental Windows installer, or can be added directly from here: https://addons.mozilla.org/en-US/firefox/addon/i2p-in-private-browsing/
Does It Matter What Browser Is Used To Access Content On the I2P Network?
Yes and no. Technically, you can use any browser that has support for proxies. However, some browsers are more secure than others. Also, depending on the browser, it may be more difficult to set up a proxy.
What Browser Should I Use For I2P on Android?
In principle, any browser works, but Privacy Browser is the easiest to set up because it has pre-configured proxy settings for I2P. Instruction can be found here: https://github.com/eyedeekay/Configuring-Privacy-Browser-for-I2P-on-Android#configuring-privacy-browser-for-i2p-on-android
Is It Possible To Install I2P Software on an iPhone?
This is currently not possible without increased effort. If you are tech savvy you can take a look at https://i2pd.readthedocs.io/en/latest/devs/building/ios/. Currently there is no official I2P app available.
What Does It Mean When I See That My I2P Router Needs To Be Integrated Into The Network?
An I2P router needs a few minutes to connect to the network. Sometimes it can take up to an hour.
How Can I tell If The I2P Proxy Is Ready?
You can go to 127.0.0.1:7657/tunnelmgr, if the status of “I2P HTTP Proxy” is green, the proxy is ready and you should be able to surf.
I Cannot Reach I2P Sites
If your router is running and you have shared clients and a browser configured, or are using I2P In Private Browsing Mode and see a proxy ready indicator, check the I2P project website using the link found in /home in the router console. If you can reach that site, then you know that your connection is good and browser is working. If you cannot reach a specific site, please realize that we cannot help you with that.
How Do I Activate the SAM Bridge?
To enable the SAM API: go too http://127.0.0.1:7657/configclients. Find the menu item called “SAM application bridge.” Select “Run at Startup” and press the small arrow to the right of the text.
How Come Router ‘shutdown’ Takes Several Minutes?
Because you are routing traffic for other peers. If you shutdown your router immediately, you interrupt their traffic.