Getting From Zero To Hero With I2P and Tor Browser on Debian/Ubuntu: A How To

This post is released under the GNU Free Documentation License Version 1.3

Usually this blog is about social issues, activism, politics, and so forth. But this post is a little different.

You may be asking yourself, “What is I2P? Why is Red Liberty (a political blog) suddenly giving tech tutorials?” Well, I will explain what I2P is in a minute, but in my spare time I, a computer nerd, like to contribute to the I2P project. Now, my interest in the I2P project is not entirely apolitical, but unlike most of the posts on this blog the politics of it are not necessarily left-wing, and they are not necessarily right-wing either. If anything they are merely anti-authoritarian. It’s something for everyone regardless of political views, with the exception of those who hold the totalitarian view that such technologies should not exist at all. If anything, it is pro-freedom, something I hope everyone can agree with regardless of their own opinions on my own political activities over the past few years.

At the very bottom of this post is a condensed “no explanations, humor, or chit-chat” version of this guide for the I2P installer in a hurry.

Now what is I2P? You may be asking. According to the project website, “The I2P network provides strong privacy protections for communication over the Internet. Many activities that would risk your privacy on the public Internet can be conducted anonymously inside I2P.” I2P is a lot like Tor, where Tor is better for anonymizing ordinary (clearnet) internet connections and I2P is better for location hidden services, but both networks do a bit of both. Now what is Tor? Tor’s website says “Browse Privately. Explore Freely. Defend yourself against tracking and surveillance. Circumvent censorship.” I hope you are starting to get the idea. I2P is like the internet, but it’s privacy respecting and anonymous by default. You can access websites on the I2P network (called eepsites) and you don’t know where geographically the eepsite (location hidden service) is located, and the website doesn’t know who you are or where you are (unless you tell them). Outside observers likewise don’t know what you are doing on the network, all they know is you are running I2P. Naturally I advise looking into the I2P threat model for more info as to what a powerful adversary can see, but generally it’s just encrypted traffic. Unlike with Tor, pretty much every I2P user routes traffic for other users in order to make tracing the whole path of a communication extremely difficult, which in my opinion is how the internet should be.

In the United States and Europe people might call this a “darknet”, and they aren’t wrong. But in my view I2P and Tor, darknets though they are, get an unnecessarily bad rep. A darknet is like a hammer, it’s a tool. You can use a hammer to build your neighbor a house or to bash their brains in. The tool is not good or bad on its own, it depends on how it is used. Though I would argue the tool in question must exist for free society as such, to exist. In authoritarian countries the “darknet” isn’t given a bad rep at all, it’s a place where people can think and speak and read freely without the government knowing who they are or what they are doing. To whistleblowers, even to law enforcement and the intelligence community, to journalists, dissidents, activists, students, oppressed minorities (like LGBT+ youths and religious minorities), and ordinary people the world over, these tools are vital in protecting their privacy, anonymity, and personal safety. I have written previously on my own views, how I believe that privacy in the digital age is one of the only real prerequisites to the very existence of civil liberty in our era because as Rosa Luxemburg once said, “freedom is always the freedom of the dissenters, of the one who thinks differently”, and one cannot possibly be free if they are being observed and recorded by the powers that be at all times (looking at you NSA). Freedom depends on privacy, and without privacy, we are lost. Tools like I2P I consider to be a safe-guard to the preservation of the fourth amendment in practice, and the rights it embodies in the digital age. Regardless of the reasons, ideological or otherwise, a diverse group of people use these technologies and I personally prefer I2P.

If you like privacy, you’ll like I2P. I don’t have time to deconstruct the bullshit arguments of “I have nothing to hide so I have nothing to fear” (actually from Mussolini’s famous quote “if you have nothing you hide you have nothing to fear”) or the other arguments against privacy. You should check I2P out even if you are skeptical of my arguments, even if you don’t think you have any use for it. Even if you are using Windows or a Mac (though not fully applicable to this tutorial) you should still check it out. Activists especially (who read my blog more than the previously mentioned groups) would benefit from I2P. I have used all the “darknets” that are often used today and I2P is by far my favorite.

BEFORE WE BEGIN

It’s recently occurred to me, as a contributor to the Invisible Internet Project (I2P), that getting from zero to hero in I2P isn’t as easy for others as it was for me. See, I read the technical documents before installing I2P, for the average person installing I2P and setting it up to work flawlessly may seem a bit like solving a rubix cube. I2P has great documentation, but not everyone takes the time to read this documentation. But fear not! Installing and configuring I2P is actually quite simple and straightforward. That is why I decided to write this guide for installing and configuring I2P on Debian based GNU/Linux distributions (that includes Ubuntu and Whonix). This should work on other GNU/Linux distributions as well, though keep in mind ‘apt’ is not the default package manager on many non-Debian based GNU/Linux distributions and packages may have different names.

Naturally we are going to be using Tor Browser with I2P for this guide as it is a hardened version of Firefox already configured to address numerous security vulnerabilities capable of compromising your anonymity (something important when we are using an anonymous network). This tutorial does work with Whonix-workstation (see https://www.whonix.org/wiki/I2P) however more hops does not necessarily mean greater anonymity/ security and I2P will be very slow, not to mention the fact that you will be leeching off of the network which is generally bad. If you really do want to use I2P over Tor because you are THAT paranoid, check out the above link as the following steps are applicable to most Debian based GNU/Linux distributions, but not to Whonix specifically.

Prerequisites

This guide assumes:

-You are running Linux (not Windows or macOS)

-You have the latest version of Java installed

(You can get this from Oracle’s website or you can get an older but still supported version of Java with ‘apt-get install default-jdk’ as root)

-You have Tor Browser Bundle installed or existing as an executable in a directory

(You can get this from https://torproject.org, Whonix-workstation comes with Tor Browser installed)

INITIAL INSTALL

There are two ways to install I2P in Debian, the first is to use the Java executable file (found here: https://geti2p.org/en/download) available on the website which should work for all Linux distributions (not just Debian based ones), the second is to add the I2P repository to sources.list.d automatically by following the on-site instructions (found here: https://geti2p.net/en/download/debian) and to install it that way. This will work for Debian and Ubuntu and their derivative distributions (including Whonix-workstation). It really doesn’t matter HOW you install them but for the sake of simplicity we are going to be using the regular .jar installer in this tutorial.

You can download the necessary .jar file for I2P from https://geti2p.org/en/download Be sure to verify the checksum. The latest version of I2P as of writing is 0.9.40 and the file is i2pinstall_0.9.40.jar with a SHA256 of: b5dac73d1683ebfa9b58475c2dddc6ffc40efa6622278d133688af73db428381. You can check the checksum by typing into terminal:

sha256sum /path/to/i2pinstall_0.9.40.jar

and pressing enter (after you have downloaded the file, of course). The string of letters and numbers should be identical to the string posted above (the same one on the I2P website). For the insanely paranoid you should also grab the signing key for zzz (found under the Help menu under Verify I2P here: https://geti2p.net/_static/zzz.key.asc) from another source (like a different computer/connection) to ensure your copy of I2P is genuine with a tin-foil hat on. All versions are signed with this key. You can also freely examine the source code for I2P, which is always reassuring.

If you opt for a straight Debian/Ubuntu package follow the instructions here (https://geti2p.net/en/download/debian) otherwise we will continue with the Java install (once I2P is installed it really doesn’t matter which method was used unless you plan on running I2P as a daemon in which case the Debian/Ubuntu package is preferable).

To run the .jar file all you have to do is open up a terminal and type:

java -jar /path/to/i2pinstall_0.9.40.jar

and it should take you through a graphical installer. Remember where you installed it as we will use this later. Do not do this as root unless you know what you are doing as I2P doesn’t require escalated privileges to run.

CONFIGURING TOR BROWSER

To get I2P to run inside Tor Browser a number of default browser plugins have to be disabled. There is a way to get Tor Browser to run over both I2P and the Tor network interchangeably using FoxyProxy however since installing additional add-ons to Tor Browser alters the browser fingerprint this is inadvisable as it makes you stand out. I personally haven’t used FoxyProxy so I cannot vouch for it. The I2P Laboratory (https://geti2p.net/en/download/lab) also boasts an experimental “I2P Browser” based on Tor Browser however this is still “proof-of-concept” alpha software and likewise inadvisable for use where security is critical. This is why we are tweaking classic Tor Browser for this tutorial, we are assuming your threat model is higher than that of the average consumer.

With Tor fired up head over to the browser configuration guide on the I2P website which you can find here (https://geti2p.net/en/about/browser-config). The initial changes we will be making to Tor Browser’s proxy settings are identical to the changes mentioned in the documentation for Firefox’s proxy settings (since Tor Browser is based on Firefox), so follow the guide and change those settings!

Next we need to disable several add-ons that come default in Tor Browser, so head over to Add-ons Manager (reached by clicking the 3 bars on the top right of the Browser window and going to Add-ons or going to: about:addons) and disable HTTPS Everywhere, Torbutton, and TorLauncher. Obviously we don’t need to connect to the Tor network as we are connecting to I2P instead. NoScript actually has valid security applications while browsing I2P so we will keep it enabled, and we will enable ‘Safest’ security settings by clicking the shield icon in the browser menu, though we will be relying on NoScript and disabling JavaScript at the browser level. Most eepsites (the term used to describe I2P hidden services) do not use HTTPS even though such a feature is optionally configurable by eepsite admins such as myself. Like with Onions (the term used to describe Tor hidden services), HTTPS is not really necessary as the network provides end-to-end encryption by default. The browser will ask to restart after disabling add-ons, so go ahead and restart the browser.

Note: The one caveat of this setup is Tor Browser updates. Updating the browser is possible, but requires resetting the proxy settings to their defaults and re-enabling the disabled plugins. Naturally updating is highly advisable as this minimizes the possibility of browser exploits being executed on your machine. It is, nonetheless, quite annoying, a necessary trade-off of convenience for security. The same is true on Whonix however the ‘Tor Browser Downloader’ application should mitigate some of this annoyance, it will however reset what browser modifications you have made replacing your tweaked Tor Browser with a fresh one.

FIRING IT UP AND GETTING I2P READY TO GO

If you opted to install I2P through the Debian/Ubuntu package, all you have to do is run ‘i2prouter start’ in a terminal. Though please do not run this as root! Otherwise head over to where your I2P folder is and look for a file called ‘i2prouter’. Okay now this is really complicated, you ready? Drag that file into a terminal window or paste it’s path and type ‘ start’ after it, press enter. Usually it looks something like this:

/home/username/i2p/i2prouter start

This is high tech hacker stuff, I know. I2P should start and open up in your default browser which USUALLY isn’t Tor Browser, and that’s okay! Copy the address it opened, by default that’s 127.0.0.1:7657/home into Tor Browser and hit enter. Now you can browse the Invisible Internet. But wait, we’re not done yet!

Do you really want to copy and paste that EVERY TIME you start I2P? I didn’t think so. Copy that address and press those 3 little bars again, this time go into preferences (or type about:preferences into the address bar). The default Home page is usually set to about:tor (BORING!) so paste that address into that text box and hit enter. Now the I2P router console is your home page! Congrats!

Recommended: If security is your goal, as it probably is if you are reading this guide, then setting the security level to safest is good (by clicking the shield icon and going into Advanced Security Settings), but sometimes a really hard fail-safe is better. Type about:config into the address bar and hit enter. Accept the risks of the scary warning and just start tinkering with stuff you don’t understand (KIDDING!), but seriously, type ‘javascript.enabled’ and hit enter into the search bar. By default that’s set to true, double click it and it will become false. Now Javascript is disabled at the browser level, this may break some eepsites but if you are extremely paranoid this is advisable.

BROWSING EEPSITES

“So that’s it then? I can just go to thesiteineed.i2p and that’s that?”

No! Similar to the clearnet (normal internet), I2P uses DNS (domain name services) to associate IP addresses (essentially public keys in I2P, not IP addresses so don’t worry) with human readable .i2p domain names. But if all those fancynames.i2p were centralized all an attacker would have to do is take over that part of the network and the whole thing would be in shambles! That’s why I2P DNS services are decentralized! The bad news is you have to “subscribe” to DNS service providers, the good news is this is pretty straight-forward. I have provided here a list of popular I2P DNS providers. This is straight from my personal list that I have added to over the years so enjoy. You can get to the “add subscriptions” part of the I2P router console by going to 127.0.0.1:7657/susidns/subscriptions or you can do what I like to do and type some random giberish294ieiefjeifj.i2p and then click “add some subscriptions” and go over to “subscriptions” to get to the list (a quick hack to get to this page).

By default you should have:

http://i2p-projekt.i2p/hosts.txt

Now, we want to add to that list so we can get ALL the eepsites and not just a hand-picked few. Just copy and paste what I have down here into that box and hit “save”.

Add these:

http://identiguy.i2p/hosts.txt
http://inr.i2p/export/alive-hosts.txt
http://no.i2p/export/alive-hosts.txt
http://stats.i2p/cgi-bin/newhosts.txt
http://reg.rus.i2p/public/a-hosts.txt
http://skank.i2p/static/hosts.txt

Now the first 4 are the standard “you really want these to work” providers, the latter 2 are optional. Once you have that your fancyname.i2p (obviously not a real eepsite) address should work. Now the hostnames.i2p are one way to access a site, but base32 (B32) addresses (longrandomstrings.b32.i2p) also work. There are also address helper links (ADH) that you can click to associate a B32 address with a readable_name.i2p for your addressbook (personal DNS accumulated through various DNS providers or super secret groups you are a part of) and those are helpful, and there are also “jump services” offered by identiguy.i2p and inr.i2p among others, basically a “I know the name of a website.i2p but don’t have it in my addressbook so please help me find it”. Let’s say you want to find totallynotdrugs.i2p (these aren’t real eepsites) but you don’t have it in your addressbook and you want to get to the website associated publicly with that domain name. inr.i2p offers such a service, and you can go to inr.i2p to use it or just type inr.i2p/?q=totallynotdrugs.i2p and hit enter to find it. The same is true of identiguy.i2p where you can go to the site to use the service or just type identiguy.i2p/cgi-bin/query?hostname=totallynotdrugs.i2p and hit enter.

Now I joke with totallynotdrugs.i2p but really I2P is a remarkably clean darknet, and I should know. If you access my personal eepsite at red.i2p you will see some of my research on the matter. A few months ago I actually visited every known eepsite personally and documented what was there. (Note I did this first with images disabled in the browser, similar to how we disabled javascript at the browser level since it really is a true unknown when exploring such things, but even on my second go with images/ javascript enabled my results were the same).

Unlike Tor, Freenet, or ZeroNet, I2P is a pretty safe place content-wise (in my experience). Like the normal internet it is possible to stumble upon bad stuff, but generally I’d say it’s about as prevalent on I2P as it is in the normal internet, and this is not something I can say about Tor hidden services, Freenet’s Freesites, or ZeroNet’s Zite’s. There is only one active drug market to date on I2P called Libertas (I will not give the link here for legal reasons) and from what I have seen of it, it’s actually a pretty ethical darknet market with a good Terms of Service. Actually I think it looks like what I hope your local head shop should/ hopefully will look like in 20 years, offering (actually) regulated substances from reliable sellers to consenting adults and– whoa hey! I’m getting into politics now and contrary to most posts on my blog here, this isn’t an explicitly political post. Libertas might be bringing a little more people to the network than usual as of late, but that’s actually probably not why you are using I2P anyways. I2P has a whole bunch of uses not pertaining to that one eepsite, and I should know as I’ve been using it for several years now and the shiny new drug market is quite recent! Now that we’re back on track, what else do you need to do?

CONFIGURING BANDWIDTH

By default I2P seems to assume you are using dial-up in Alaska, so it’s important to adjust your bandwidth settings to match the speed of your actual internet connection. This is actually pretty easy to do. Usually on the first run it automatically tests your bandwidth for you and configures it automatically. If not, there are plenty of free online internet speed test sites you can use to get a feel for your speed, and configuring it inside I2P is pretty easy. (Note: the privacy policy of speedtest.net says it collects what may be considered private data, so always run such tests in a private window.)

To adjust bandwidth settings just clicking ‘BANDWIDTH IN/OUT” under the I2P logo in the top-left of the router console and adjusting your bandwidth settings accordingly.

WHAT ELSE CAN I DO WITH I2P?

Anything, literally! If you’re a developer I2P has a ton of options. “But what if I’m a normal person and not a developer?” That too!

Do you like Torrents? I2P has a ton of good torrent trackers I can’t post here for the same legal reasons I can’t give you the link to The Pirate Bay. But fear not law abiding citizen! Plenty of torrent files are perfectly legal! Latest Debian release anyone? I2P comes with I2PSnark, an in-browser BitTorrent application which you can find under ‘torrents’ in the home page. The only thing better than a good torrent file is one that is anonymous by default, am I right? When downloading copyright-questionable torrents in I2P, you don’t even need a VPN for privacy (though don’t hold me accountable for your own actions)! That will save you a few bucks on a good VPN service if you don’t mind waiting a bit longer than usual for a file to download.

Do you like email? You can get your own email@mail.i2p, which can also be an email@i2pmail.org for I2P-to-Clearnet_emailing. How’s that for next-level privacy? There is also an I2P Plugin called I2P-bote which you can get from bote.i2p that is similar to regular email but is end-to-end encrypted by default. IRC? Sure, just fire up HexChat or your favorite IRC chat application and follow the directions documented on the official I2P website that I am too lazy to post here. You will meet a lot of cool people on Irc2P and it’s a great place to go for questions/ support. Fun fact: I2P actually started out as an IRC only project! You can even access an I2P XMPP server offered by Crypthost at xmpp.crypthost.i2p, throw on an OTR like end-to-end encrypted XMPP client add-on and have truly private conversations!

There are plenty of pastebin services and even a “Deep Web Radio” available over I2P. Someone even managed to configure a RDP server to run over I2P for truly private remote desktop access. Encrypted file sharing? Sure, that too provided your files aren’t too big. Social networking? I thought you’d never ask. There is Visibility.i2p, among others (I’ll let you find the rest on your own) and a few experimental not-yet-working Mastadon and Diaspora instances. Applications such as RetroShare also work with I2P, and in my mind this has serious practical applications for activists. Remember LimeWire? A developer named zab recently released a piece of software called MuWire that’s a sort of similar to LimeWire but made for I2P, and keep in mind P2P applications have plenty of legitimate uses outside of copyright infringement! This blog? A full mirror of the 400GB+ Marxists Internet Archive? Okay, those my eepsites, but yes it’s up there! Marxists.org took me literally over a month to fully mirror so I hope you guys enjoy that.

Zero knowledge pastebins? Yep, just don’t paste the things the owner says not to paste even though they cannot check you didn’t paste the things they said not to paste because it is a zero knowledge pastebin, but seriously don’t. Whisteblowers could definitely use such services.

What else? Cryptocurrencies? Absolutely. GOSTcoin is an I2P-centered cryptocurrency with an I2P mining pool, exchange, and a while bunch of other tools and Monero also is working with I2P to increase it’s own privacy (see Korvi). GOSTcoin is based on Russian Federation standard cryptography, and oh yeah, I2P has a HUGE Russian community as well so you’re in luck if you speak Russian. There’s also eepsites for anoncoin and zcash. Host your own site? That’s really easy too as I2P comes configured with a hardened Jetty webserver ready to roll. If you have a good idea for a website and a computer that’s on 24/7 consider installing I2P on it and running a hidden service on it!

Read the news? io.i2p has (copyright questionable I’ll admit) news from The Guardian, The Intercept, BBC, etc. all safely ported onto I2P for your anonymous viewing pleasure. This has valid applications for those living in places where uncensored news is hard to come by. For more info on all the cool stuff you can do check out the I2P wiki linked by default in the I2P router console. The possibilities are endless!

BEING A GOOD ITOOPIETIAN

Proper shutdowns and Routing traffic

So you’re done with I2P, time to just immediately shut down I2P right? Wrong! On the I2P router console home page when you “power off” it sometimes asks you to wait for routing commitments to expire, with an option to “shutdown immediately”. Those “routing commitments” are actually encrypted tunnels between a computer, your computer, and another computer. You are essentially routing encrypted traffic for other people when it says that (that’s how garlic routing works). So what happens if you shutdown immediately? They get disconnected. It’s a crappy thing to do, so don’t do it unless it’s an actual emergency. If you’re literally the next Edward Snowden and you’re about to get rendered by the CIA I think those other people would understand, otherwise don’t do it. You can choose to share 0% of bandwidth with the network but this is essentially leeching and this is something that actually harms your own anonymity. You might have a good reason and that’s okay but otherwise please don’t do it.

Contributing good content to the Network

I2P is a pretty clean network and we generally like to keep it that way. You can do what you want, sure, but if you want your own domain name the DNS providers have to be willing to agree to give you one, and many of the decentralized DNS providers rightfully reject blatantly immoral websites and thus (in my view) actively discourage really bad people from using the network. This is one of the reasons I prefer I2P to other anonymous networks. I agree with the hacker philosophy that “information should be free” but the architecture through which information is distributed should be organized, not blatantly assuming that all content is the same even if for the sake of the preservation of a free society, anonymous networks have to assume this to a certain extent. I think I2P has struck the right balance here, but that is another discussion entirely.

Now, does anyone REALLY care about copyright laws/ the occasional drug market? I don’t really think so. There is breaking the written law and there is breaking the law of morality and my personal philosophy is “information should be free” and “consenting adults want what they want”. The world can be a cruel, sick, twisted place and sometimes really bad people abuse networks such as I2P, Tor, Freenet or ZeroNet in order to hide their own immorality behind them, and this actually makes everybody’s civil liberties weaker. Now, this is much less so (if at all) with I2P, but I still wanted to say it. Ever heard of the Four Horsemen of the Infocalypse? The old Cypherpunks Mailing list contains a snippet of the demented logic used by the enemies of liberty against tools such as I2P. We’ll assume the “thing” here is I2P:

“How to get what you want in 4 easy stages:

1. Have a target “thing” you wish to stop, yet lack any moral, or practical reasons for doing so?

2. Pick a fear common to lots of people, something that will evoke a gut reaction: terrorists, pedophiles, serial killers.

3. Scream loudly to the media that “thing” is being used by perpetrators. (Don’t worry if this is true, or common to all other things, or less common with “thing” than with other long established systemspayphones, paper mail, private hotel rooms, lack of bugs in all houses etc.)

4. Say that the only way to stop perpetrators is to close down “thing”, or to regulate it to death, or to have laws forcing en masse tapability of all private communications on “thing”. Don’t worry if communicating on “thing” is a constitutionally protected right, if you have done a good job in choosing and publicising the horsemen in 2, no one will notice, they will be too busy clamouring for you to save them from the supposed evils.

The four supposed threats may be used all at once or individually, depending on the circumstances: aj”

Now when the “thing” isn’t being used by the bad guys, it can still be used by the enemies of liberty to their advantage, but especially when it is true, even doubly so. On top of being immoral, the bad guys on the network, though there aren’t a lot of them (comparable in my view to the normal internet, though stigma assumes more hence this section), give people who are afraid of tools like I2P a good enough excuse to cause a moral panic and scare people into giving up their civil liberties. In most countries this is unthinkable, but don’t forget the European Police Congress just recently called for the banning of Tor! Now, you want to share a pirated movie or buy/sell some drugs? You’re not who I’m talking about here. In my humble opinion the really bad guys, the Nazi-pedo-terrorists of the world, should take their filth elsewhere. Let the haters hate, my stand on the issue is clear and in my view, just. Though I speak for myself and no one else.

If you think I2P is cool, bring good content to the network! Have a cool website and a computer that’s always on? Mirror it over I2P! Have some cool files you want to share? Put them on a popular torrent tracker and seed them or put them onto MuWire! See someone struggling to install I2P on Linux? You know how now, so show them! Have a nerdy friend? Show them I2P! In an activist organization? Have your activist friends look into I2P! RetroShare over I2P is far better for privacy/security than Slack for organizing protests, just saying!

Read the docs

I2P can be a great tool, but it helps if you actually understand what it is and how it works. What is the threat model of the network? Can I use it in China? What vulnerabilities exist? How does I2P compare with Tor? These are all good things to know. I2P is not Tor, it’s threat model and safety profile is not that of Tor’s. I personally wouldn’t use I2P on its own in China, but I think technologies designed to help people circumvent state-level censorship are on the agenda for future discussion and possible integration (but don’t take my word on that). Read the technical documents. Understand, evaluate, decide. Is I2P for you? I hope the answer you come to is yes. For most people reading this, it will be yes.

If your freedom is actually really at risk, obviously combine digital privacy/security with physical privacy/security. This is true of Tor as well. Always have more than one fail-safe if you’re literally Edward Snowden. This should be a no-brainer. I2P sadly is no longer a part of Tails (though you can change that if you know how/ have the time) but the above directions can still be applied to an encrypted Debian install or a virtual machine stored only on an encrypted disk. You could connect to I2P using only public Wi-Fi. You could install I2P onto a remote server you paid for with Monero and access it through Tor using SSH. The possibilities are endless. I do not mean to alarm you though, I2P is generally pretty safe. The above warnings are only for those whose lives are literally on the line.

Contributing to the Project

Now I’m just a normal person, barely even a developer, maybe a bit of an idealist (not in the Marxian sense of the term so relax all you dialectical materialists). In my spare time I have contributed to the I2P project by improving documentation, posting guides (like this one), doing research, teaching other people the ropes, testing new software, and promoting the network to my friends. You can do that too! If you’re an actual developer you can really help out the network, but get to know it first! An I2P maintainer in Tails is highly desired by people in both communities, which often overlap. If you can actually do this, please do it. It’s above my head, but perhaps those greater skilled than myself will look at this issue with the same interest I have.

Donating

Take a look at the Dev Forum for I2P to see what some of the actual developers are doing. You have people like zzz working their asses off to make this network the best it can be and for what? Did you pay to use I2P? Is their an I2P Foundation? I’d argue there should be, but no. Not to guilt you, but I2P relies on donations. Sometimes they don’t accept donations, but a lot of times they do. Look around and explore, if you like what you see consider donating to the I2P project, if you donate with PayPal you can even get stickers if you ask for them, and that’s pretty damned cool!

CONDENSED VERSION (TL;DR)

If you’re in a hurry, this is the condensed version of the above tutorial. We’ll do everything we did up there a little faster (no chit-chat) and start our I2P router before configuring Tor Browser to get it integrated into the network so it’ll be ready to run once everything is configured (this should be as safe as starting it after configuring Tor Browser insofar as you don’t start doing stuff immediately in your default browser and just let it sit there).

Prerequisites: Have the latest version of Java installed. This can be found on Oracle’s website or you can grab the default supported Debian version by running:

apt-get install default-jdk

as root.

You should also grab a copy of Tor Browser Bundle from https://torproject.org/.

We are going to be using the .jar file to install I2P. You can also follow the instructions on the I2P website to install it via a custom Debian/Ubuntu package available here: https://geti2p.net/en/download/debian. This is good if you want to run I2P as a daemon but otherwise isn’t necessary. The configuration steps for Tor Browser and initial settings in the I2P router console still apply if you want to go this route.

Download the Linux .jar file from https://geti2p.org/en/download. The latest version of I2P as of writing is 0.9.40.

With the file downloaded type into terminal and execute:

sha256 /path/to/i2pinstall_0.9.40.jar

The output for 0.9.40 should be b5dac73d1683ebfa9b58475c2dddc6ffc40efa6622278d133688af73db428381.

Optional: Grab zzz’s public key (found here: https://geti2p.net/_static/zzz.key.asc) preferably from a different computer/ connection and use it to further verify your I2P install with GPG. You can also freely examine the source code for I2P, which is always reassuring.

Start up the I2P Java installer by executing:

java -jar /path/to/i2pinstall_0.9.40.jar

in a terminal. Generally you should not run this as root! Run through the GUI as usual and install somewhere you’ll remember. I recommend your home folder.

Once that is done go into the i2p folder the installer created and find a file named i2prouter. Either drag that file into terminal or copy/paste it’s file path into terminal and type ‘start’ after it. Once again we are not running as root:

/home/username/i2p/i2prouter start

This should open the default I2P router console page (your future Home Page) up in your default browser, which usually isn’t Tor Browser. Not to worry! Just leave that window alone for now or copy the address and close it out while your I2P router starts up as it takes a few minutes to get going.

Open Tor Browser and go into add-ons (about:addons). Disable HTTPS everywhere, Torbutton, and Torlauncher. Go ahead and restart the browser.

For the security focused, click the shield icon in the menu bar and go into Advanced Security Settings. Set it to safest. I also recommend disabling JavaScript at the browser level. This can be done by going to about:config, accepting the risk, and typing ‘javascript.enabled’ into the bar. Click enter. Double click the javascript.enabled row and the boolean value should change from true to false. Now JavaScript is disabled at the browser level. This may break some eepsites (I2P hidden services) but is recommended for the paranoid.

Next go to Preferences (about:preferences#general) and scroll down to Network Proxy. Click settings. Now you want the proxy settings to be identical to those used for Firefox in the I2P documentation (found here: https://geti2p.net/en/about/browser-config). So go ahead and do that.

Remember the default browser that opened when you ran the command to start I2P? Copy the address it opened and paste it into Tor Browser. You should see the I2P router console. Go into Preferences again (about:preferences#general) and set that address you just pasted to your Home Page.

Hit enter. Now the I2P router console is your home page.

Go to 127.0.0.1:7657/susidns/subscriptions and paste the following (do not remove the default entry):

http://identiguy.i2p/hosts.txt
http://inr.i2p/export/alive-hosts.txt
http://no.i2p/export/alive-hosts.txt
http://stats.i2p/cgi-bin/newhosts.txt

You can also optionally add these too:

http://reg.rus.i2p/public/a-hosts.txt
http://skank.i2p/static/hosts.txt

These are DNS (domain name service) providers that associate base32 string addresses with human readable .i2p domain names. Their ‘addressbooks’ are added to your ‘addressbook’, or your private list of .i2p domain names. Click save.

I2P takes a bit of time to start up, so it may be slow at first (this is why we started I2P before configuring Tor Browser). But this may not be the only reason for a really slow connection. Default bandwidth settings are very low, to adjust bandwidth settings just clicking ‘BANDWIDTH IN/OUT” under the I2P logo in the top-left of the router console (your Home Page) and adjusting your bandwidth settings accordingly. It should test your connection automatically on first install, if not open an online internet speed test in a private window. and adjust your bandwidth settings to match those of your internet connection.

That’s it! Welcome to I2P!

Final Thoughts:

-To update Tor Browser you need to reset proxy settings and re-enable the disabled add-ons, this is a necessary evil to stay safe so keep up to date on the latest Tor Browser updates.

-When shutting down your router wait for routing complements to expire, shutting down immediately means someone else gets disconnected.

-Sharing bandwidth is actually good for your anonymity, plus it’s good not to leech off the network.

-Don’t forget to check out all the cool stuff you can do with I2P!

-It’s best to keep your router running, and if you’re computer is on 24/7 consider running a hidden service to add good content to the network! I2P comes bundled with a hardened Jetty webserver to make setting up your own personal eepsite simple and fast.

FINAL THOUGHTS: CONCLUSION AND FURTHER SUPPORT

Now, you can jailbreak an IOS device, root an android, homebrew a Nintendo Device, and J-tag an Xbox 360. Hacking stuff is fun. What about I2P? Well, there is a community maintained, “enhanced” version of I2P you can check out called I2P+. I won’t cover how to install it here but I’ll give you the link if you want to check it out. The I2P link is: skank.i2p/static/i2p+.html. Now, for security I recommend using just the default I2P install, but for the adventurous you can check out I2P+. I’ve used it in the past and I can vouch for it, it is pretty cool.

Now that your I2P installation is properly setup let me be the first to welcome you to our Darknet! I2P for me has been a little “home away from home” in the world of cyberspace and I hope it can be yours as well. It’s where I go when I’m tired of the normal internet and want to talk to cool people from around the world anonymously, see cool new stuff, help people troubleshoot problems, and do something that I think is good for humanity. If you have more questions or concerns, I2P has it’s own user forum inside and outside of the network, and it’s own subreddit at https://reddit.com/r/I2P. Right now my Reddit username is /u/removable_muon so be sure to say hi. So have fun, be safe, and be a good Itoopietian! See you on the other side!

Copyright (C)  2019  red, red liberty
    Permission is granted to copy, distribute and/or modify this document
    under the terms of the GNU Free Documentation License, Version 1.3
    or any later version published by the Free Software Foundation;
    with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
    A copy of the license is included in the section entitled "GNU
    Free Documentation License".

 

One thought on “Getting From Zero To Hero With I2P and Tor Browser on Debian/Ubuntu: A How To

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s