Additions and amendments to the site FAQ.

ABCs of i2p

duck: section for the curious but unknowing potential users. shouldnt be too technical, just the first X questions that get asked by those not having used I2P before. I hate the title newbie though, too derogative

• What is I2P about? What does it do? Why am I reading this? Are you trying to sell me a carpet?

• I'm afraid of the dark, should I be afraid of darknets too?

• Why do I need I2P?
  • Privacy, a central tenet of human rights, is seeing a rapid erosion around the world as governments, in league with big media, seek to infringe privacy in the interests of suppressing copyright infringement. The Hadopi Law in France, the Digital Economies Act in the UK and the proposed firewall in Australia are but 3 examples of increasingly repressive legislation that undermines vital freedoms. In addition, repressive governments that seek to censor the internet and punish those that attempt to express themselves politically are also looking to gain even more control over the internet, and their citizens by extension.
  • If you're a whistleblower or political dissident, the case for I2P is clear. If you're an "average Joe", the freedoms you take for granted today may well be lost tomorrow. Be in no doubt, free flow of information requires your active participation, and by running I2P you're not only helping yourself but also others who may have their freedom threatened. If you want to preserve the notion of online privacy, running I2P should be a no-brainer!

• I've heard of Tor. What's different about I2P? Should I use both?
  • I2P and Tor are both anonymizing tools that run on a variety of platforms, and serve the interests of similar users. Where Tor sees its primary role as a platform for circumventing censorship on the net at large and providing the tools to evade direct monitoring by governments, ISPs etc, I2P takes a slightly different approach. Where Tor creates a two-tier system of clients and relay nodes, I2P by default puts every user in the role of both client and relay.
  • However, unlike Tor, by running I2P there is no risk of takedown notices or worse, since I2P keeps all the traffic hidden and encrypted end-to-end. Tor facilitates access to the net at large, and therefore exposes itself, and its users, to some risk of monitoring and legal intervention. Since everything in I2P happens within I2P, there is no risk of external monitoring by ISP's or governments. In this sense, Tor is more a conventional proxy onto the net at large, whereas I2P is a darknet implementation.
  • In short, we recommend you use I2P for the darknet it provides, and Tor as a privacy tool to facilitate access to the net at large. They're great companion tools for anyone interested in online privacy.

• What is the difference between I2P and Freenet, TOR, JonDoe?.
  • duck: do people still know Freenet? couple years ago it was the privacy thing that everybody was aware of. any other (regional) candidates?
  • Let's turn this question on its head and ask what do all of the above have in common? They all support online privacy and anonymity to some degree, though implementation and scope of use vary wildly.
  • I2P and Freenet share roughly the same goals insofar as their _primary_ purpose is to implement a darknet environment where all communications between users of the system are off-the-radar. Tor and JonDoe? (aka Jap) are primarily concerned with anonymized access to the internet at large. Of course, there's overlap in what these software packages provide..
  • I2P's eepsites (and .i2p domains) are roughly analogous to Tor's .onion sites; I2P provides a basic "outproxy" to browse content on the net, as does Tor, though I2P's implementation is bested by Tor's given the different project goals.
  • As for Freenet and I2P, both implement darknets and offer similar features, though Freenet's distributed filesystem that conscripts users drives into a shared datapool is different to I2P's conscription of users (I2P routers) to relay packets. * more clarification needed - dr|z3d *

• Whats an "eepsite"? Who is "Itoopie"? What is a darknet?
  • Needs Glossary page. ​http://trac.i2p2.i2p/wiki/glossary

• Is it safe? Has the code been audited?
  • I2P is an open source project, and as such the source code is transparent and available for review. This of itself prevents back doors being slipped into the code, since anything suspicious would be subject to the review of the developers who would be quick to notice discrepancies. Furthermore, permission to commit source code to our repository is conditional upon permission from our repository manager; there are only a handful of developers with such permission, which means the likelihood of "rogue" code is minimal.
  • Given the nature of the project (protecting privacy online), security is at the forefront of the design, and is in a state of constant revision and improvement. We have yet to undergo a 3rd party review of the code, largely because no one has come forward to offer to audit it. In the event we secure significant funding, an independent audit of the code would be something we'd be interested to commission. If you're a java coder with a particular interest in cryptography, we'd welcome any code reviews and resultant suggestions to improve our security model.
  • We cannot absolutely guarantee the saftey of the software; that we use it everyday ourselves here at I2P HQ should indicate a level of confidence.
  • duck: splendid stuff, suggest rephrasing to atleast mention privacy / anonymity. safe is too generic.

• Is my router an "exit node" to the regular Internet? I don't want it to be.
  • No! You're confusing Tor and I2P! By default an I2P installation will only ever route traffic within the network for others, rendering it unmonitorable by your ISP or government. Your ISP may notice that you're connecting over encrypted channels to other machines on the network, but the nature of those communications will be entirely undiscoverable. In I2P teminology, an "exit node" is what we call an "outproxy", or connection to the wider net. It's possible to function as an outproxy in I2P, similar to how exit nodes operate in Tor-land, but that requires manual configuration on the part of the I2P user.
  • By default, everyone on the network participates in the network to help route traffic for other I2P users. We do not configure any user to be an "outproxy" on a default installation, though by default there is an http web proxy to the normal internet (false.i2p), so the only traffic a default I2P installation will route will be for other I2P routers (nodes) within the network, encrypted and anonymous by design.

• What is syndie and is it still active?
  • Syndie is a distributed, decentralized forum and blogging platform specifically written for I2P. Development is ongoing, but currently the only way to install Syndie is through compiling it yourself from the mtn database. More information can be found at ​http://syndie.i2p2.de/

• I have a question!

Dig In - Technical Aspect

duck: section for those who have tried I2P, and are interested in the internals / limits, etc.

powerusers but NOT developers.

• What crypto is used?
  • For an overview of I2P's use of cryptography, please refer to: ​http://www.i2p2.i2p/how_cryptography.html

• How does I2P bootstrap?

• how do the I2Prouters find each other? In public routing there are HELLO packets like in OSPF - but i don't know how it works in a virtual net… read something about garlic routing, but there is no explanation about " how the router find eachother in detail" there must be a central instance which is the first point of contact, or ?
  • RN: this question popped up in #-2p-help, and the person asking did not wait long enough for an answer, it expands the question above, and is probably too long but I put it here to illustrate what new i2people want to know… and I'll answer it as best I can..
  • RN: When a new i2p router first starts up, it contacts sites that distribute some initial 'seeds' These are information about other routers and are stored in your netDB. They expire after a while, so that's why i2p does not ship with default seeds installed. Once your router has been running a while, it gets information about other routers that it connects to (through the ones it already knows) and stores those as well, this is why your Known-Peers number displayed in the console goes up over time; and why, if your internet connection goes down, the number goes down since it gets no response from each router it tries to contact.

• How safe is this 'bootstrap' process?
  • Each router on the network has a unique cryptographic fingerprint. When a new router intializes, it will make requests to one of several servers on the nomral internet to provide an initial "seed" of the network, or a partial list of other I2P routers. The remote server, over a normal ​http:// connection, will provide a list of identities of routers which allows our newly initialized router to talk to these routers on the I2P network and find new router, or peers, to talk to. Each indetity is a cryptographic fingerprint, so forging these is to all intents and purposes impossible. There is some discussion of further securing this initial handshake via a forced ​https:// connection.

• What is a floodfill?
  • Needs Glossary page. ​http://trac.i2p2.i2p/wiki/glossary
  • duck: how will they know about floodfill? can we rephrase it elsewhere to make this floodfill clear at the first point of introduction.

• Will I2P be able to cope with a huge influx of new users? (Does it scale?)

• What ports does I2P use?
  • For connecting your I2P router to the I2P network, and for receiving and sending traffic, I2P allocates a random port (tcp/udp)on first startup which you can see on ​http://127.0.0.1:7657/config.jsp. If you don't like that port you can change it on the same page. It's only this externally visible port that most people need to worry about.. if you can open that nominated port on your modem and port forward to your I2P Router, you'll see better performance, but I2P will work regardless.

• I'm behind an http proxy on an academic campus. Will I2P work here?
  • Not currently, no. We're keen to see I2P bypass as many aritifical restrictions to use as possible, so if you're a coder and think you can help facilitate access for people behind proxies, come and introduce yourself on I2P's Developer Channel on IRC.

• What happened to *.i2p.net? What happened to jrandom? Is I2P dead?
  • jrandom, the original developer of I2P, had to disappear for reasons unknown. Since the original i2p.net domain was registered by him, and he never left a forwarding address, it was impossible to take control of the domain, and so i2p2.de was born. I2P is far from dead; we're seeing much growth on the network, and huge strides being made in the development. I2P is definitely here to stay!

• What do you mean by "no trusted parties"?
  • No trusted parties is an expression used in cryptography/privacy circles to indicate the nature of a network. It means, in essence, that there is no centralized infrastructure that needs to be relied on (and trusted) for I2P to function correctly, and furthermore, the design of I2P is explicitly such that centralized servers that assume critical roles withhin the network are not used. To compare and contrast, Tor uses trusted parties for its "directory servers" to map the relay network topology.

• Do I need to mess with my router to get I2P to work? Do I need to port forward to participate?
  • I2P works behind firewalls and NAT without any user intervention, through a technnique similar to that used by Skype (see SSU). I2P will work fine this way, but for enhanced network performance you should, where possible, arrange for I2P's default (randomized) communication port (indicated on ​http://127.0.0.1:7657/config.jsp) to be forwarded from your router or modem to your local machine on the network. For assistance, have a look at ​http://portforward.com/.

Dig in - Non Technical Aspect

Paranoid

• How can I be sure I'm not being spied on?
  • Buy a tin foil hat, sit in your closet, and turn the computer off now. Don't waste a second, and be sure to clear your cookies!

• Do they know I will be running I2P? Is running I2P illegal?

• Is using an outproxy safe? (What are these inproxies and outproxies?)
  • Inproxies are services which allow users from the regular internet to have a look into the anonymous network of I2P. So … the opposite of this is an outproxy. An Outproxy allows you to visit websites of the regular internet through the anonymous network of I2P.
  • Is it safe? It depends on what you are doing with it. Never use an insecure connection (http w/out "s") to send private data like passwords. The operator of an outproxy could log your information if he wanted to. You don't know what happens with your information which leaves the I2P net through an outproxy. In I2P your connections are safe with encryption of your data. At the outproxy your information will be decrypted and sent out unencrypted to the regular internet.

• Will I2P ever have a backdoor?
  • No. Putting a backdoor into I2P would be the kiss of death to the project. And given its open source nature, putting a backdoor into I2P would not go unnoticed, and would likely inspire the project to be forked.

• Steganography rants
  • We love setganography. So do Russian spies recent news indicates. No one's yet stepped up to the challenge of writing a steganography cyphertool plugin for I2P, but we're ever hopeful somebody will. Soon. There's already a plugin framework for I2P that allows any programming language to be used. So if you're interested in populating your Pamela Anderson shots with covert cryptodata, you have a good handle on encryption and coding, java specifically, we look forward to meeting you. Come join us on I2P IRC.

Political / Ethical / Philosphical

• Isn't I2P encouraging copyright infringement?
  • I2P is a network. We provide a framework for encrypted, anonymous communication. How our users choose to use these freedoms is entirely their call. Some people may feel more comfortable engaging in practices that may put them in some risk in the "wider world", such as filesharing, over I2P, but we don't explicitly take a view on this. Note that, to date in most regimes, copyright infringement is a civil law, or "tort", and not a criminal infraction. As a "no trusted parties" anonymizing network, there is no mechanism within the I2P software to "turn off" sites that don't meet certain criteria. There are mechanisms built into the service to mitgate against abuse, however, and the operators of these services have their own policies for handling abuse. Please contact the relevant service provider in the event that network abuse is suspected.

• Criminal Activity (snuff/bestiality/cp/terrorism etc)
  • Through the provision of a DNS overlay that allows I2P users to map b32 public encryption keys to a memorable .i2p domains, users can have easy to remember domains on I2P for their webservers etc, though it's entirely optional. If a service is made available this way and is seen to contain questionable material, removing the service's .i2p domain from published lists is likely to happen, though each service operator is free to determine their own rules. There is no official I2P DNS overlay, though we now (will soon) have 2 i2p dns registrars providing free .i2p domains. The very decentralized, no trusted parties nature of I2P means that it's virtually impossible to censor a website, only make it slightly more difficult to discover for new users.

• If a service operator chooses not to make his service visible this way, then it's much harder to discover the service, and more or less impossible to shut it down. Similarly, the main torrent tracker on I2P, ​http://tracker2.postman.i2p also implements some fundamental requirements with regard to content that prohibits certain nefarious types of content including, snuff, gore and child pornography.

• I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them?
  • Although I2P and Freenet share some characteristics, in I2P you are never obligated to store encrypted files for other users on the network; this is a Freenet feature. In terms of accesssing dubious content, the same rules apply as on the net at large: proceed with caution! (This answer needs rephrasing to fit the question.)

In Operation

FAQ of FAQ

• I'm missing lots of hosts in my addressbook. What are some good subscription links?
  • If you try to access an .i2p site only to be told that the address isn't in your addressbook, further investigate that error page! There are links to subscriptions and other useful tidbits of information intended to make your experience on I2P more enjoyable. Please read and digest these messages!
    • darrob: while this is true the official FAQ should offer a real answer nonetheless.

• My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong?
  • Normal behavior. The number of known peers will often show high variations in number. This is perfectly normal in situations where you may go offline due to outage, the nature of your connection etc. When Peers are no longer visible, they're expired. And the longer you stay online, the more peers you're likely to know. It's a social thing, I2P!

• My router is using too much CPU?!?
  • What are you running there cowboy? For optimal I2P performance, a Pentium 3 class or above processor is recommended, with at least 256M onboard ram. The faster your declared speed, the more likely you'll be selected to route tunnels for others, so on a fast connection we recommend a P4 class processor or above, ideally multi-core with at least 512MB system ram. It is possible to run I2P on slower kit, some users have reported success on Pentium 1 class hardware with 128MB ram.
  • Also note that when I2P starts up, it has to do a lot of work to build tunnels for you local destinations (I2P-based Services), so the first minute or two may be cpu intensive, after which I2P shouldn't be noticable on modern hardware, and it quite modest in use on Pentium 3 class hardware. YMMV.

• My router has very few active peers, is this OK?

• I can't access regular Internet sites through I2P.

• merge these
  • I2P is running, but I can't get to my gmail (or other regular websites) .. (​https://)
    • I2P out of the box provides a web proxy (what we call an outproxy in I2P terminology) to the web at large. Intended for casual, occasional use, this proxy only supports unencrypted traffic, so any website such as gmail that requires an ​https:// connection will fail. If your proxying needs are more than occasional, we recommend you use Tor in conjunction with I2P to facilitate better access to the web.
  • I can't access ​https:// or ​ftp:// sites through I2P.
    • I2P by default provisions an http or web proxy. Access to other protocols such as ​ftp:// or ​https:// is not possible with the default proxy (false.i2p), but may be possible through other user-run services in the network. For a practical solution to this issue, we recommend Tor which is quite happy to route both ftp and https traffic.

• How do I connect to IRC within I2P?
  • I2P comes pre-configured with an IRC tunnel ready to go. You don't need to configure a proxy in your IRC client; simply connect to server 127.0.0.1 port 6668 with I2P running and you'll gain access to I2P's IRC server network. Note that both OFTC and Freenode also host I2P channels, but access via these servers do not offer anonymized access.
    • darrob: The above explains the old IRC tunnel. Should we change the instructions to the more useful SOCKS5 IRC tunnel?

• How do I access IRC, BitTorrent, or other services on the regular Internet?
  • In short, use something like Tor to access IRC and web services on the regular net. I2P has its own bittorrent trackers only accessible through I2P, and the traffic generated provides a useful service stressing the network and helping improve the software and network reobustness as a result. For normal bittorrent trafic on the regular net, users should look at ​http://animos.net. This is not an endorsement, simply a recommendation to "have a look".

I2P does not provide a gateway to IRC or bittorrent services on the regular net, although it may be possible to access external services through a custom proxy service provided by a network member. The default I2P web proxy (false.i2p) is only rigged for unencrypted web (​http://) traffic.

• Most of the eepsites within I2P are down?
  • Have a look at one of the eepsite tracking sites, for example ​http://perv.i2p. This site gives a good idea of active eepsites. Bare in mind that many of the websites hosted on I2P are run on desktops or laptops that may not be up 24/7.

• How do I set up my own eepsite?
  • Most of the work is done in that respect. We provide a separate Jetty webserver instance (the I2P Router also runs on Jetty) that is already running locally by default on a new installation, though isn't yet visible to the I2P community. Browse to ​http://127.0.0.1:7658 and you'll instructions for configuring your webserver which is also your homepage, in effect. Once you start the webserver in the I2P Tunnel Manager, you'll then have a key which you can register for an .i2p domain, or share with others to facilitate access to your new anonymized online presence!

• Why is I2P so slow?
  • There are several reasons for this, not least the overheads placed on network communication by end-to-end encryption. That said, the main reason that I2P is perceived to be slow is the nature of the network itself..
  • Since I2P relies on your upload speeds, or upstream in order to provide service to other users on the network, and the majority of users are running from domestic adsl/cable connections, the speed of service is limited this way. For example, a user with an 8Mbit connection to the network may well only have 256Kb/s upstream; it is the upstream value that determines the speed a given user can offer to the network.

• What do the Active x/y numbers mean in the router console?
  • x is the number of peers you've sent or received a message from successfully in the last minute, y is the number of peers seen in the last hour or so.

• Is it possible to use I2P as a SOCKS proxy?

• How do I reseed manually?
  • An I2P router only needs to reseed once, to join the network for the first time. Reseeding is nothing more than sending plain HTTP GET requests to fetch a directory listing and download multiple "routerInfo" files from a predefined reseed URL.
  • A typical symptom of a failed reseed is the "Known" indicator (on the left sidebar of the router console) displaying a very small value (often less than 5) which does not increase. This can occur, among other things, if your firewall limits outbound traffic, and blocked the reseed request.
  • To reseed an I2P router manually, do the following:
    1. Stop your I2P router
    2. Open ​http://i2pdb.tin0.de/netDb/ or ​http://netdb.i2p2.de/ using a web browser
    3. Save a dozen "routerInfo" files to your I2P "netDb" directory (ignore the "leaseSet" files)
    4. Alternate method (easier): Download ​http://i2pdb.tin0.de/latest.zip and unzip it into your I2P "netDb" directory.
    5. Start your I2P router

• I think I found a bug, where can I report it?
  • Visit this site here ​http://trac.i2p2.i2p/newticket and open a new ticket.

Configuration

• How can I access the web console from my other machines or password protect it?
  • Listen address: For security purposes, the router's admin console by default only listens for connections on the local interface. However, with a little hacking, you can make it reachable remotely:
    1. Open up clients.config and replace clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/ with clientApp.0.args=7657 0.0.0.0 ./webapps/.
    2. Go to ​http://localhost:7657/configadvanced.jsp and add a new option: consolePassword=foo (or whatever password you want).
    3. Go to ​http://localhost:7657/index.jsp and hit "Graceful restart", which restarts the JVM and reloads the client applications.
    4. After that fires up, you should now be able to reach your console remotely. You will be prompted for a username and password though - the username is "admin" and the password is whatever you specified in step 2 above.
    • Note: the 0.0.0.0 above specifies an interface, not a network or netmask. 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP.
  • SSH tunnels: You can access the router console by tunneling port 4444 through an SSH connection. You can also tunnel any other port you need, for example 7657 to access eepsites. To create such an SSH tunnel either run ssh -L7657:127.0.0.1:7657 -L4444:127.0.0.1:4444 $USER@$SERVER' or set the appropriate LocalForwards in your ~/.ssh/config file.

• How can I use applications from my other machines?

• How do I startup I2P automatically on boot time?
  • Ideally I2P should be run as a system service which makes I2P available even before you login to your system. On Windows, we provide a .bat script in the I2P directory to install I2P as a service, and this is the preferable method on Windows of running I2P. Once the .bat file is run, I2P will automatically run at next boot. In the event you do this, there is no need to manually launch I2P. [Info on installing I2P under Linux/OS X as a service needed, please]

• What bandwidth settings do you recommend for my internet connection?

I2Apps

duck: I dont think these should be part of the I2P core FAQ. radiant: I think they should. Without apps, I2P is empty and useless. They're the soul, i2p is the body, brain, and heart.

• Bittorrent / I2PSnark / I2P Plugin Questions?

• imule / ed2k / Kad Questions (fully decentralized, distributed, uncensored P2P search/tracking/transfer)

• WTF is all this noise about Seedless?

• I've heard a rumor of something called I2FS. What is it?

• IRC (Internet Relay Chat) is weird! What is a changate? Who is Fox? Who is CIA?