rss-icon twitter-icon

THE TIN HAT

The Tin Hat

I2P: Welcome To The Darknet | How to Configure I2P

You've probably heard the term 'Darknet' thrown around a lot. It seems to be a buzzword that either invokes fear or a sense of l33t h4ck3r skills. A lot of this attention has been around Tor, and hidden services such as the Silk Road, though Tor is just the tip of the iceberg for 'darknets'. I2P is another large anonymizing network that is similar to Tor, but has some distinct differences. This tutorial will help remove the confusion surrounding darknets, and will show you exactly how you can get onto one of the best networks out there.

What Is I2P

I2P (short for the Invisible Internet Project) spawned in 2003, and is a anonymizing, secure network that focuses on internal connections between other users. This is in contrast to Tor, which largely focuses on allowing users to reach the regular internet anonymously (called the clearnet). In other words, these two services are apples and oranges, and there's no reason to say that one is better than another.

Furthermore, I2P isn't accessible from a regular computer, as software is needed to set up a networking process. However, with that software your computer can join the I2P network and begin to route traffic, just like a Tor non-exit relay. By doing this, I2P creates a distributed, dynamic, decentralized network that allows secure and anonymous communications between individuals. I2P also bypasses many censorship efforts and prevents adversaries from determining what you're saying, and who you are saying these things to (it's even difficult to tell if you're saying anything at all).

How It Works

I2P is quite complex and has many layers, but I'll try to simplify it as much as possible. If you want a technical explanation rather than an oversimplified analogy, go ahead and give the I2P Technical Documentation a visit.

Take the mail system: imagine that you had two mailboxes, one that you receive mail in, and one that you send mail through. Imagine also that your friend Johnny had the same thing, as well as everyone else in your neighborhood. The way I2P works is that if you want to send a message to Johnny you place the letter in your outgoing mailbox addressed to Johnny. Then three neighbors pass it off to each-other, with each neighbor not knowing who the letter came from before the person that handed it to them. These people are analogous to what we call a 'tunnel' in I2P.

After the letter reaches the end of this tunnel, it goes to Johnny's tunnel. So it goes to one person, who hands it to another, who hands it to another, etc, until it reaches Johnny. If Johnny want's to send a letter back this process happens in reverse (but with a different set of people handling the messages). This example is extremely simplified, so I'll try to expand it a bit now that the basic fundamental idea is down.

The first obvious question is why don't you just give the letter to Johnny directly? The answer is that if the letter was sent to Johnny directly and Eve was watching, she'd see it. This is not at all anonymous. By sending it through multiple people we create a large degree of anonymity.

But wait, can't Eve still watch the letter as it is passed from one hand to another? Realistically no, there are too many hops for Eve to actually watch it. Furthermore, with I2P there are thousands of letters being all passed around at the same time, and for Eve to be able to distinguish one letter from another is near-impossible. When you send a letter to a neighbor, and that neighbor passes it off to another neighbor, on I2P he's also handing hundreds of other letters at the same time. This also adds to security and anonymity because it makes it difficult for attackers to know whether you're handing someone a letter that you wrote yourself, or if you're just passing someone else's letter through a tunnel.

Wait a second, can't one of the neighbors just open the letter and read it on the way through? The answer to this is no. I2P encrypts messages in multiple layers. Imagine a lockbox with six other lockboxes inside. Each time the message goes to the next neighbor, the next lockbox is opened, telling that neighbor who to give the lockboxes to next. At the end of the route Johnny gets the final lockbox and opens it to find the message.

Of course this analogy is incredibly basic and limiting to the full understanding of how I2P works, but it gives an idea of the complex mechanisms that are in place. To give a few technical details of how it really works, the messages are encrypted using AES encryption, and authenticated using El-Gamal. Furthermore, one of the differentiating factors of I2P from Tor is the ability to put multiple messages into one encrypted packet, making it harder for an outside observer to find out what's going on. I2P refers to this as Garlic Routing. Also, these inbound and outbound tunnels are constantly changing to ensure that any de-anonymizing attacks have limited time to work. Again, if you're up for some reading and know about networking and encryption, I would strongly encourage you to give the I2P Technical Documentation a read, as simplifying and explaining it is quite difficult.

In short, I2P works by encrypting messages and sending them to a recipient with many hops in between. If you're still confused, here's an infographic which helps explain how I2P works

Features of I2P

1. Email/Messaging

There are a few messaging services on I2P, the two big ones being I2P's built in email application, as well as I2P Bote.

The built-in mail application lets you email the regular internet to, and from I2P. The mail system has quite a few security features built into it, such as stripping parts of mail headers and delaying outgoing messages to reduce any correlations that could de-anonymize you. While this mail system is leaps and bounds more anonymous and secure than standard email, it is still reliant on the operator.

I2P Bote is a messaging service that focuses on secure and anonymous email. It operates only on the I2P network, so you can't send messages to the clear-net. That being said, it does automatic encryption, and allows you to create multiple 'email identities' (accounts) with one click. I2P-Bote is decentralized and stores messages encrypted on the network, meaning that your trust is in strong mathematics instead of a person. It's beginning to gain quite a bit of popularity and it may be a good choice if you want to communicate with someone securely.

2. IRC (Internet Relay Chat)

If you're not already familiar, IRC's are basically chat rooms online, and I2P has an IRC service that allows users to chat anonymously. The I2P IRC channels are full of some extremely intelligent people that spawn some great discussions, as well as some hilarious sarcasm. I've never been a huge IRC user, but I2P chats stand out as some of the best you'll see. The best part is that I2P's anonymity offers a high degree of freedom of speech. Often controversial topics are talked about in these IRC channels, but nobody is afraid of offering what may be a very valid, but unpopular opinion, pushing you to explore new ideas from new perspectives. If you end up using I2P, I'd definitely check out the IRC. Two of the best rooms are #salt and #i2p-chat.

3. Eepsites

Eepsites are the I2P equivalent of a Tor Hidden Service: they are websites hosted on the I2P network, who's operators can be anonymous. Like hidden services, these sites cannot be connected to off the I2P network. Unlike Tor hidden services, their web addresses are actually readable, with the domain of .i2p at the end. For example, salt.i2p is an eepsite which "is a gathering space celebrating crypto and infoanarchy", and is only available on the I2P network. These Eepsites may not be of huge interest to many, but if you want to host an Anarchist, Communist, or hell, even Environmentalist website anonymously, this is a good way to do it. Visiting eepsites is anonymous, and won't get you placed on a FBI watch-list simply because you like to read Marx, Goldman, or whatever thinker you may follow.

Note: The Tin Hat is available as an eepsite as well, over at thetinhat.i2p!

4. Torrents

This may be the kicker for many of you torrenters out there, as I2P has something called the Postman Tracker, as well as I2PSnark. The tracker is essentially like the Pirate Bay, and I2PSnark is essentially like uTorrent. This is where I2P sets itself apart from Tor, in that it has absolutely no issue with users torrenting. Moreover, torrenting on I2P is secure and anonymous, and I personally trust it far more than a VPN provider, as it has privacy by design rather than privacy by policy.

The torrents available on the tracker are great, and reflect the user-base of I2P. No, there isn't much (if any) child pornography as some might claim about darknets. Rather, there are plenty of books, including huge collections on sci-fi and programming. There are also copies of the Pirate Bay, backups of leaked government documents, and books that have been banned in some countries. There are also movies, music, and of course, as always, porn. But comparing something like PirateBay with the I2P Postman Tracker shows you the overall attitude of many I2P users; that is to say that they value transparency, freedom of speech, copy-left, and the power of technology within society.

The drawback of I2P is speed, with an average of about 30KBps, which is painfully slow compared to the 1-2MB/s that most torrenting sites offer. But consider this, the longer that you spend waiting to download a torrent over I2P rather than the Pirate Bay, the less time you'll spend getting sued. It's a trade-off. Many people start a torrent on I2P and let it run overnight. Usually by morning it is finished, without worry of the MPAA or RIAA coming after you for downloading content produced sixty years ago.

Setup

Setting up I2P is fairly easy if you've ever forwarded a port before. If not, don't worry, I'll explain how. It may seem confusing at times, but just stick with it, I promise it's not that bad.

The first step is to download the I2P installler. If you're running Windows then the graphical installer should be simple enough. If you're on a Debian based operating system, then just add the repositories that are listed here, and follow the documentation on that page accordingly.

I'd also highly recommend setting up a separate browser that you only use for I2P. I'm going to be using Chromium, the open source version of Chrome. If you do decide to use Chromium, you're going to need to download the add-on called Proxy SwitchySharp. To configure Proxy SwitchySharp to work with I2P you need to use these settings:

HTTP Proxy: 127.0.0.1, Port 4444;
HTTPS Proxy: 127.0.0.1, Port 4445;
No Proxy For: localhost; 127.0.0.1;
I2P proxy settings

Warning: setting 'no proxy' for non-.i2p domains opens you to be extremely easily de-anonymized when visiting eepsites. I recommend highly to use a dedicated browser.

The next step is to start I2P. If you're on Windows then it is as simple as clicking the icon in the start-menu. If you're on Linux, then just cd into the i2p folder and type into your terminal "i2prouter start". This may automatically launch your default browser. If it does, click the "Configure Bandwidth" button on the I2P console. Then go to the "Service" tab, and click "Do Not View Console On Startup".

I2P Console

If Chromium didn't start by default, then start it now and go to this address:

http://127.0.0.1:7657/

You can optionally set this as the home page to make things easier. Now, check the left-hand sidebar. If it says "Network: OK", you're ready to start using I2P. If it says otherwise, then click on it. This will bring you to a page describing the problems it may be having (note that it takes several minutes to connect to the network. Wait five minutes before worrying).

Troubleshooting

Blocked ports are usually the problem when conencting to I2P. To fix this, scroll up on that same page that describes the network error and check which port is entered into the 'UDP Configuration' box. For the sake of argument, let's say that it is 1793. Copy that number down, and then find out your computers internal IP address.

To do this on a Windows machine, open the start menu, type 'cmd' into the search bar, and then open up a command prompt. Type into the command prompt "ipconfig /all". This will list off a huge confusing display of numbers, but just look for a string of numbers that starts with '192'. For example, it may say '192.168.1.127'. Copy this number down. If you're on Linux, then just type 'ifconfig' into the terminal, look for the same string of numbers, and copy them down.

With the IP address in hand, type into your URL bar: '192.168.1.1'. This should bring you to your home router's configuration page. Every router's menu is a bit different, but just look for menus that are worded similarly to the way that I word them. Look for a tab that says "port forwarding". It may be buried within a few menus, but all routers should have this option. Once you find the port forwarding page, you need to forward the port that I2P needs to run. Under 'External Port', enter the first number that you copied down, in our case it is 1793. Do the same under 'Internal Port'. Then, under 'To IP Address', type in the internal IP address that you just looked up in the command line, in our case 192.168.1.127. Make sure to Enable it, and then click to save the settings.

If all went well, I2P should now be functioning. If you're still having issues, definitely check out I2P's FAQ for some answers. There are some more guides inside the I2P network itself for setting up services such as IRCs, I2PSnark, and I2P-Bote. Definitely play around a bit, and explore this 'evil dangerous darknet' that the media warns about, because it's actually pretty fun.

The last thing that I want to note is that NO anonymizing service, such as I2P or Tor, will protect you if you are an idiot. If you post your real email, your real IP address, or any personal information (even the weather can reveal you!), then you may no longer be anonymous. So be smart. Read this short guide on how to safely use I2P.


Support The Tin Hat when you sign up for Digital Ocean and get a $10 credit free!