I2P-Bote Introduction and Tutorial | Darknet EmailCategory: messaging
A 6 Minute Read
20 Jan 2014
Image By Joe the Goat Farmer
Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!
Secure messaging platforms are few and far between. While Off The Record Messaging offers strong privacy and security for users, it is not asynchronous, meaning that the two people communicating are meant to be doing so at the same time. While this may not be a problem for many, there are a wide variety of situations in which live chat sessions simply aren't suitable. Email on the other hand, which is asynchronous, is not a good solution either as it is usually stored on servers operated by people who you are forced to trust, meaning that your privacy relies on a simple promise. Moreover, even if the email is encrypted with PGP, the meta-data is still available to be read by adversaries. Enter I2P-Bote: a secure, asynchronous, decentralized and robust messaging platform with strong protections for privacy and anonymity.
What Is I2P-Bote And How Is It Secure?
I2P-Bote is a messaging platform that operates over the the I2P network. It functions similarly to email, however it has a few fundamental properties which set it into a class of its own. These properties are security, anonymity, and resilience. I'll break each of these apart one by one so that you really get a sense of how great this platform is.
The main component which embeds security into I2P-Bote is the way in which it employs encryption. Like e-mail, when sending a message to someone over I2P-Bote the sender enters in the receivers address. However, unlike email where the address looks like firstname.lastname@example.org, I2P-Bote uses cryptographic keys as destinations, which are random numbers and letters. Essentially what this means is that when you send a message to a friend over I2P-Bote you enter in their destination (a long string of random characters), and because their destination is also their public key the email is automatically encrypted using that public key. Therefore, end-to-end encryption is the default in I2P-Bote, and no clear-text messages are ever sent or stored. Moreover, unlike standard email which exposes a large amount of information in the header, mail sent over I2P-Bote sanitizes the headers, removing any gratuitous information, and encrypting whatever remains (such as the subject line).
This is the next component which blows standard email out of the water. Anonymity on I2P-Bote is protected in a number of ways. The first, and most obvious aspect of this is that it operates over I2P. If you're not sure how this adds to anonymity give this primer-tutorial a read, and it should become pretty clear pretty quick. But operating over I2P can be thought of as a back-up or fail-safe for I2P-Bote, as it has another trick up its sleeve. I2P-Bote includes a system where-in the user can select a number of nodes through which the messages will be bounced around before going to the distributed hash table to be stored (more on that later). But this alone isn't much different from how I2P works in the first place, therefore I2P-Bote also integrates a delay between each node as the message is bounced around. This delay can be set to a random interval within a range (for example, a random amount of time between 1-60 minutes per bounce). Thus, not only are the emails bounced around between nodes, but the time that the email itself was sent is obfuscated by a randomized delay. This makes it possible to send a message, log off, and have it arrive some time later without any correlation between the time that you were logged onto I2P and the time the message arrived. The combination of the I2P network protocol and the way in which I2P-Bote routes messages provides a robust and redundant anonymization strategy.
So far the anonymity provided is fairly strong, but there's still a source address that is embedded into each message (even if it is just a random string). Again, however, I2P-Bote has various features which can help to further obfuscate this information. The first way is by simply creating a new identity (i.e. a new I2P-Bote address or destination). Identity creation in I2P-Bote takes less than 20 seconds, allowing users to simply create a new I2P-Bote address through which they can send mail. Approaching the problem this way allows you to also receive messages back from whoever you sent them to. So, if you want to send a message to your technically-apt boss named Bob to tell him he's incompetent without the source address being the same as the regular messages you send him, you can just spin up a new identity and send it to him through that. But what if you don't care about receiving anything back from Bob, you just want to tell him he's an idiot? Well, when sending a message over I2P-Bote one can simply select to not include any source information at all, making the message truly anonymous. Think of it like sending a letter without a return address.
So far we've established how secure I2P-Bote is due to its default use of end-to-end encryption, and how much anonymity it can provide through its use of relay nodes on top of the I2P network, but the last great feature of I2P-Bote is its resilience. Standard email services are centralized. When a three-letter agency decides to attack one of them (Lavabit) it usually succeeds, causing users to lose their email service, lose access to their previous emails, and have the privacy of those emails compromised. This isn't a problem with I2P-Bote. As mentioned previously, I2P-Bote is decentralized and stores messages in a Distributed Hash Table (DHT). In simple english, this basically means that messages are stored in a database that is spread across I2P-Bote users, making it so that there is no clear target for attack. The messages remain in this hash table for 100 days, during which the recipient is able to download them. The added benefit of storing the messages throughout the network is that it obfuscates your use of I2P-Bote. For example, by relaying, storing, and serving messages, an attacker who is watching your internet connection isn't able to know when you're actually sending a message rather than just contributing to the network.
Setting up I2P-Bote is dead simple. Type into the URL bar "http://127.0.0.1:7657/configclients", then scroll to the bottom of the page. Copy and paste this link into the plugin installation box:
Now simply click "Install Plugin". It will take a few minutes to download and install everything, but once it does it will appear on your router Home page under Local Service with the title "Secure Mail".
The first thing you'll want to do in the I2P-Bote web-interface is navigate to the 'Identities' section, located under 'Addresses' on the left, and create a new identity. Here you have a few options in creating your identity. The public name will be the name that appears on all the emails that you send (unless you set the message to anonymous when sending). The description field is just there to help you remember what each identity is for, as nobody but you will ever see it. For encryption you have four options: 256-bit Elliptic Curve, 521-bit Elliptic Curve, 2048-bit ElGamal, and NTRU-1087. ElGamal is the most researched option, but is also weaker than the Elliptic Curve options. NTRU on the other hand is supposedly resistant to Quantum computing. Personally, I opt for 521-bit ECC, however any of these options will be quite secure.
Once you've set up your first identity, pop over to the 'Settings' page. This is where you can make tweaks to the level of anonymity you desire. For example, increasing the length of time between when I2P-Bote checks for new mail, as well as adding the use of relays with a large delay-range, will contribute towards increasing your anonymity. Also, disabling the send time from being included in the message will make it impossible for the recipient to know when it was sent (especially if you use long routes), but due to the slow speed of I2P-Bote the time-stamp may be a desirable feature when the recipient is trusted.
So go ahead, try out I2P-Bote. But more importantly, get your friends to try out I2P-Bote, because the biggest thing holding it back currently is the network effect. If you're looking for more tech specs give the documentation (linked to in the web-mail client) a read through for some more info. It's a great platform that is secure, anonymous, and robust, with the only short-fall being its user-base, a problem that you can fix.
Edit: To learn how to use I2P-Bote with Thunderbird click here