How To Use I2P | I2P Tutorial & Setup Guide

Category: darknets

A 11 Minute Read

15 Jan 2014

You've probably heard the term 'Darknet' thrown around a lot. It seems to be a buzzword that either invokes fear or a sense of l33t h4ck3r skills. A lot of this attention has been focused on Tor and hidden services such as the Silk Road, though Tor is only the tip of the iceberg when it comes to 'darknets'. I2P is another large anonymizing network that is similar to Tor, but also has some distinct differences. This tutorial will help remove the confusion surrounding darknets, and will show you exactly how you can get onto one of the best networks out there.

What Is I2P

I2P, short for the Invisible Internet Project, spawned in 2003, and is an anonymizing network that focuses on secure internal connections between users. Tor, on the other hand, largely focuses on allowing users to reach the regular internet anonymously (called the clearnet). In other words, we can think of Tor as being a path to the regular internet, while I2P seeks to create its own internet. In this light, we can already see that these two services are apples and oranges, thus there is no reason to say that one is better than another. Unfortunately this debate regularly takes place.

The result of I2P's focus on creating its own internal internet is that the network isn't accessible from a regular computer, as special software is needed to communicate with other I2P users. With that software installed, however, your computer can join I2P and begin routing traffic, just like a Tor middle relay. By doing this I2P creates a distributed, dynamic, and decentralized network that allows secure and anonymous communications between individuals. I2P also bypasses many censorship efforts and prevents adversaries from determining what you're saying, and who you are saying things to. In fact, because most I2P users also route other people's traffic, it's difficult to tell if you're saying anything at all.

How It Works

I2P is a complex beast with a lot going on under the hood, so this explanation will be a vast, yet useful, oversimplification. If you want a technical explanation rather than a simplified analogy go ahead and give the I2P Technical Documentation a visit, otherwise keep reading.

Think of the mail system. Imagine that you had two mailboxes: one that you receive mail in, and one that you send mail through. Imagine also that your friend Johnny had the same thing, as well as everyone else in your neighborhood. The way I2P works is that if you want to send a message to Johnny you place the letter in your outgoing mailbox addressed to him. Then three neighbors pass the letter off to each-other, with each neighbor not knowing who the letter came from before the person that handed it to them. These people are analogous to what we call a 'tunnel' in I2P.

After the letter reaches the end of this tunnel, it goes to Johnny's tunnel. So it goes to one person, who hands it to another, who hands it to another, etc., until it reaches Johnny. If Johnny want's to send a letter back this process happens in reverse (but with a different set of people handling the messages). This example is extremely simplified, so I'll try to expand on it now that the basic fundamental idea is down.

The first obvious question is why don't you just give the letter to Johnny directly? The answer is that if the letter was sent to Johnny directly and Eve was watching, she'd see it. This is not at all anonymous. By sending it through multiple people we create a large degree of anonymity.

But wait, can't Eve still watch the letter as it is passed from one hand to another? Realistically no, there are too many hops for Eve to actually watch it. Furthermore, with I2P there are thousands of letters being all passed around at the same time, and for Eve to be able to distinguish one letter from another is, for all intents and purposes, impossible. When you send a letter to a neighbor and that neighbor passes it off to another neighbor, on I2P she's also handing hundreds of other letters at the same time. This also adds to security and anonymity because it makes it difficult for attackers to know whether you're handing someone a letter that you wrote yourself, or if you're just passing someone else's letter through a tunnel.

Wait a second, can't one of the neighbors just open the letter and read it on the way through? The answer to this is no. I2P encrypts messages in multiple layers. Imagine a lockbox with six other lockboxes inside. Each time the message goes to the next neighbor, the next lockbox is opened telling that neighbor who to give the lockboxes to next. At the end of the route Johnny gets the final lockbox and opens it to find the message.

Of course this analogy is incredibly basic and limiting to the full understanding of how I2P works, but it gives an idea of the complex mechanisms that are in place. To give a few technical details of how it really works, the messages are encrypted using AES encryption, and authenticated using El-Gamal. Furthermore, one of the differentiating factors of I2P from Tor is the ability to put multiple messages into one encrypted packet, making it harder for an outside observer to find out what's going on. I2P refers to this as Garlic Routing. Also, these inbound and outbound tunnels are constantly changing to ensure that any de-anonymizing attacks have limited time to work. Again, if you're up for some reading and know about networking and encryption, I would strongly encourage you to give the I2P Technical Documentation a read, as simplifying and explaining it is quite difficult.

In short, I2P works by encrypting messages and sending them to a recipient with many hops in between. If you're still confused, here's an infographic which helps explain how I2P works

Features of I2P

1. Email/Messaging

There are a few messaging services on I2P, with the two big ones being I2P's built in email application and I2P Bote.

The built-in mail application lets you email the regular internet to, and from I2P. The mail system has quite a few security features built into it, such as stripping parts of mail headers and delaying outgoing messages to reduce any correlations that could de-anonymize you. While this mail system is leaps and bounds more anonymous and secure than standard email, it is still reliant on the operator who could, at any time, read your emails.

I2P Bote is a messaging service that focuses on secure and anonymous email. It operates only on the I2P network, so you can't send messages to the clear-net. That being said, it does automatic encryption, and allows you to create multiple 'email identities' (accounts) with one click. I2P-Bote is decentralized and stores messages encrypted on the network, meaning that your trust is in strong mathematics rather than an anonymous person. It's beginning to gain quite a bit of popularity and it may be a good choice if you want to communicate with someone securely. Additionally, you can set it up to work with Thunderbird, which I describe here.

2. IRC (Internet Relay Chat)

If you're not already familiar, IRC's are basically chat rooms online, and I2P has an IRC service that allows users to chat anonymously. The I2P IRC channels are full of some extremely intelligent people that spawn some great discussions, interspersed with hilarious sarcasm. I've never been a huge IRC user, but I2P chats stand out as some of the best you'll see. The best part is that I2P's anonymity offers a near-perfect sense of freedom of speech. Often controversial topics are talked about in these channels, but nobody is afraid of offering what may be a very valid, but unpopular opinion, pushing you to explore new ideas from new perspectives. If you end up using I2P, I'd definitely check out the IRC. Two of the best rooms are #salt and #i2p-chat, and you can connect to them by setting your IRC client (such as X-Chat) to 127.0.0.1 on port 6668.

3. Eepsites

Eepsites are the I2P equivalent of a Tor Hidden Service: they are websites hosted on the I2P network, whose operators can be anonymous. Like hidden services, these sites cannot be connected to off the I2P network. Unlike Tor hidden services, their web addresses are actually readable, with the domain of .i2p at the end. For example, salt.i2p is an eepsite which "is a gathering space celebrating crypto and infoanarchy", and is only available on the I2P network. These Eepsites may not be of huge interest to many, but if you want to host an Anarchist, Communist, or hell, even Environmentalist website anonymously, this is a good way to do it. Visiting eepsites is anonymous and won't get you placed on a FBI watch-list simply because you like to read Marx, Goldman, or whatever thinker you may follow.

Note: The Tin Hat is available as an eepsite as well, over at secure.thetinhat.i2p!

4. Torrents

This may be the kicker for many of yee pirates out there, as I2P has the Postman Tracker and I2PSnark. The tracker is essentially the Pirate Bay, and I2PSnark is essentially uTorrent. This is where I2P sets itself apart from Tor, in that it has absolutely no issue with users torrenting. In fact, torrenting just provides more cover-traffic, improving overall anonymity. On I2P torrenting is secure and anonymous, and I personally trust it far more than any VPN provider, as it has privacy by design rather than privacy by policy.

The torrents available on the tracker are great, and reflect the user-base of I2P. No, there isn't much (if any) child pornography as some might claim about darknets. Rather, there are plenty of books, including huge collections on sci-fi and programming. There are also copies of the Pirate Bay, backups of leaked government documents, and books that have been banned in some countries. There are also movies, music, and of course as always, porn. But comparing something like the Pirate Bay with the I2P Postman Tracker shows you the overall attitude of many I2P users; that is to say that they value transparency, freedom of speech, copy-left, and the power of technology within society.

The drawback of I2P is speed, with an average of about 30KBps, which is painfully slow compared to the 1-2MB/s that most torrenting sites offer. But consider this, the longer that you spend waiting to download a torrent over I2P rather than the Pirate Bay, the less time you'll spend getting sued. It's a trade-off. Many people start a torrent on I2P and let it run overnight. Usually by morning it is finished, without worry of the MPAA or RIAA coming after you for downloading content produced sixty years ago.

Check out my new tutorial on using Vuze to torrent through I2P, as well how to seed regular clearnet torrents on I2P!

Setup

Setting up I2P is easy if you've ever forwarded a port before. If not, don't worry, I'll explain how. It may seem confusing at times, but just stick with it, I promise it's not that bad.

The first step is to download the I2P installler. If you're running Windows then the graphical installer should be simple enough. If you're on a Debian based operating system then just add the repositories that are listed here, and follow the documentation on that page accordingly.

I’d also highly recommend using The Tor Browser for browsing I2P (read this for an expanded explanation of using Tor Browser for I2P, including a couple of security considerations). To set this up, the first step is to download the Tor Browser, extract it, and run it (no installation is necessary).

Next, the way that we will configure the browser to work with I2P is through the use of an add-on called FoxyProxy. Using the Tor Browser, navigate to the FoxyProxy page on Mozilla’s website and install the add-on. After doing so, you will be prompted to restart the browser to complete the installation.

After restarting, download this configuration file for FoxyProxy. I’ve mirrored it here to make it accessible, but originally it was the product of KillYourTV. With that downloaded, press CTRL+SHIFT+A , and open the preferences for FoxyProxy. Go to File > Import Settings , on the Preferences panel and import the configuration file that you just downloaded.

This may cause the browser to crash, but after re-opening it FoxyProxy will have a complete rule-set for how it handles traffic such that any requests to either the clearnet (techno-jargon for the regular internet) or to Tor hidden services will travel through the Tor network, but any requests to a domain ending in .i2p will travel through the I2P network. In other words, you are ready to browse I2P.

With the Tor Browser open and configured, the next step is to start I2P. If you're on Windows then it is as simple as clicking the icon in the start-menu. If you're on Linux, then just cd into the i2p folder and type into your terminal i2prouter start . This may automatically launch your default browser. If it does, click the "Configure Bandwidth" button on the I2P console. Then go to the "Service" tab, and click "Do Not View Console On Startup".

Now, in the Tor Browser navigate to http://127.0.0.1:7657/

You may want to set this as a bookmark to make things easier. Next, check the left-hand sidebar. If it says "Network: OK", you're ready to start using I2P. If it says otherwise, then click on it. This will bring you to a page describing the problems it may be having (note that it takes several minutes to connect to the network. Wait five minutes before worrying).

Troubleshooting

Blocked ports are usually the problem when connecting to I2P. To fix this, scroll up on that same page that describes the network error and check which port is entered into the 'UDP Configuration' box. For the sake of argument, let's say that it is 1793. Copy that number down and then find out your computer's internal IP address.

To do this on a Windows machine, open the start menu, type 'cmd' into the search bar, and then open up a command prompt. Type into the command prompt "ipconfig /all". This will list off a huge confusing display of numbers, but just look for a string of numbers that starts with '192'. For example, it may say '192.168.1.127'. Copy this number down. If you're on Linux, then just type 'ifconfig' into the terminal, look for the same string of numbers, and copy them down.

With the IP address in hand, type into your URL bar: '192.168.1.1'. This should bring you to your home router's configuration page. Every router's menu is a bit different, but just look for menus that are worded similarly to the way that I word them. Look for a tab that says "port forwarding". It may be buried within a few menus, but all routers should have this option. Once you find the port forwarding page, you need to forward the port that I2P needs to run. Under 'External Port', enter the first number that you copied down, in our case it is 1793. Do the same under 'Internal Port'. Then, under 'To IP Address', type in the internal IP address that you just looked up in the command line, in our case 192.168.1.127. Make sure to Enable it, and then click to save the settings.

If all went well, I2P should now be functioning. If you're still having issues, definitely check out I2P's FAQ for some answers. There are some more guides inside the I2P network itself for setting up services such as IRCs, I2PSnark, and I2P-Bote. Definitely play around a bit, and explore this 'evil dangerous darknet' that the media warns about, because it's actually pretty fun.

Another item that I want to note is that NO anonymizing service, whether it be I2P or Tor, will protect you if you are an idiot. If you post your real email, your real IP address, or any personal information (even the weather can reveal you!), then you may no longer be anonymous. So be smart. Read this short guide on how to safely use I2P.

Lastly, if you try out I2P and end up enjoying it and want to contribute more, try setting up a dedicated I2P relay. I give a step-by-step explanation of how to do this here.