i2p general thread - general thread about the i2p network

  • ⚙️ Performance issue identified and being addressed.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
P R O X Y said:
Anyone had luck getting a service up and running?
Click to expand...
Yes, also with one of those custom domains. In a nutshell, it's this:
Bash: 
# Assuming you already have a server with Debian and a webserver installed
# Install i2pd with your package manager
sudo apt install i2pd

# Then add this to your /var/lib/i2pd/tunnels.conf (with cat or a text editor)
# Mind the double greater-than-sign, not a singular one
cat <<EOF >> /var/lib/i2pd/tunnels.conf
[websitename]
type = http
host = 127.0.0.1
port = 80
keys = websitename.dat
EOF

# Restart i2pd with your init system of choice
sudo systemctl restart i2pd

# Visit on that machine this url, use any text browser for convenience sake
# http://127.0.0.1:7070
# Go to Tunnels -> Server Tunnels
# The very long hash ending with .b32.i2p is your address

I assume you meant with "the same machine you're browsing from" that you have to use a text-only browser. This is only for getting the address, otherwise you can connect with your browser on choice. For registering an actual .i2p domain, you can use i2pd-tools https://github.com/PurpleI2P/i2pd-tools. Look at the "regaddr" section, use that tool to generate an auth string, that you can use to register the domain at sites like reg.i2p.

(I just realized that the guy asking this did so almost a year ago, but maybe this reply is helpful to somebody else interested in I2P.)
 
I would like to use i2p to access a service on my PC remotely. It's a simple HTML control menu so I'm not worried about bandwidth, however I am very worried about security.
Is there a way in I2P+ to make a server tunnel that requires a password to access?
 
I am wondering if anyone has used I2P to host software package mirrors or other infrastructure related to OS maintenance.
This might be a good idea for community-maintained operating systems that don't want to comply with the growing number of age verification laws.
 
Jotch said:
I would like to use i2p to access a service on my PC remotely. It's a simple HTML control menu so I'm not worried about bandwidth, however I am very worried about security.
Is there a way in I2P+ to make a server tunnel that requires a password to access?
Click to expand...
You are likely looking for an encrypted LeaseSet functionality with whatever protocol you are using if you just want to connect to it like a regular eepsite without a regular b32 being potentially sniffed. Basically a server tunnel that posts an address like any other, except the floodfill routers cannot see anything apart and do anything with it other than forwarding it to any requesters, who then need to decrypt it with their own special keys. The username and password fields visible in the creation and editing parts are for SSH connections IIRC. I've only used Java I2P before, and the specs say that clients don't need to decide on if the user is prompted for the key or if an automatic transaction is just supposed to happen with the keys you have automatically, so you might need to tinker a little to get it working on both ends, more likely if the implementations of I2P are different between your two devices.
 
Last edited:
Have any of you used i2pmail (or whatever its called)? Is it good? i2pmail seems like it would be the best option of an anonymous mailing system. Just haven't heard too many people talk about it.
 
jeanblunt said:
Have any of you used i2pmail (or whatever its called)? Is it good? i2pmail seems like it would be the best option of an anonymous mailing system. Just haven't heard too many people talk about it.
Click to expand...
It works well, it's very private and end to end encrypted. I don't see many people using it though. It it also completely isolated from the email on the Internet like everything else on I2P.
 
Jotch said:
It works well, it's very private and end to end encrypted. I don't see many people using it though. It it also completely isolated from the email on the Internet like everything else on I2P.
Click to expand...
Can you use a plugin to surface it to like tor or yggdrasil?
 
jeanblunt said:
Can you use a plugin to surface it to like tor or yggdrasil?
Click to expand...
Assuming that we are talking about one of the default providers for I2PMail like Postman rather than SMTP itself on I2P or the GUI interface, then any clearnet email domain name you can sign up with is compatible with the outside world. You should be able to view instructions on how to get one on the sign-up page that Postman (biggest one last time I checked) owns, it's in the default address-book. In general, if the domain you selected from the provider ends in .i2p, its I2P only.

Note that with any email provider, unless you encrypt your messages yourself, he can see anything you send. Metadata will still be visible no matter what.
 
daoke said:
Note that with any email provider, unless you encrypt your messages yourself, he can see anything you send. Metadata will still be visible no matter what.
Click to expand...
Oh really? I thought susimail did end to end
 
Jotch said:
Oh really? I thought susimail did end to end
Click to expand...
Only internal I2P communications are end-to-end. To me it's unclear if that's a feature that is done automatically on your end with some sort of trick on your end and the recipient/sender end or if the service provider like Postman does it automatically with your messages like how Proton does it. Clearnet is undoubtedly not end-to-end. I haven't used I2P mail in a while, but if you see anything in the interface regarding pre-generated PGP keys or anything else on their end, then there is technically nothing stopping them from decrypting your messages arbitrarily (especially if you are not prompted in some way to decrypt them, suggesting that they could also have your private key). As always, a Jia Tang: Electric Boogaloo incident or an accidental vulnerability could also occur, which is why I never really trusted mail clients to begin with with that sort of thing.

Technical docs imply that it is probably safe for I2P-I2P messaging, but if you are really paranoid then regular PGP or something like age would not hurt. It's true that x-headers and the user-agent are anonymized, but AFAIK there is no magic stopping Postman from knowing that communications are occuring and the directionality of them (the To: and From: fields, potentially the subject as well).
 
daoke said:
Only internal I2P communications are end-to-end. To me it's unclear if that's a feature that is done automatically on your end with some sort of trick on your end and the recipient/sender end or if the service provider like Postman does it automatically with your messages like how Proton does it. Clearnet is undoubtedly not end-to-end. I haven't used I2P mail in a while, but if you see anything in the interface regarding pre-generated PGP keys or anything else on their end, then there is technically nothing stopping them from decrypting your messages arbitrarily (especially if you are not prompted in some way to decrypt them, suggesting that they could also have your private key). As always, a Jia Tang: Electric Boogaloo incident or an accidental vulnerability could also occur, which is why I never really trusted mail clients to begin with with that sort of thing.

Technical docs imply that it is probably safe for I2P-I2P messaging, but if you are really paranoid then regular PGP or something like age would not hurt. It's true that x-headers and the user-agent are anonymized, but AFAIK there is no magic stopping Postman from knowing that communications are occuring and the directionality of them (the To: and From: fields, potentially the subject as well).
Click to expand...
Yeah sussymail internal i2p mail was what I was thinking about, i didn't know they offered external, neat! Yeah I'd use PGP for that.
 
daoke said:
Assuming that we are talking about one of the default providers for I2PMail like Postman rather than SMTP itself on I2P or the GUI interface, then any clearnet email domain name you can sign up with is compatible with the outside world. You should be able to view instructions on how to get one on the sign-up page that Postman (biggest one last time I checked) owns, it's in the default address-book. In general, if the domain you selected from the provider ends in .i2p, its I2P only.

Note that with any email provider, unless you encrypt your messages yourself, he can see anything you send. Metadata will still be visible no matter what.
Click to expand...
Thanks also the profile picture is awesome. I'm a bit new to email security and privacy. When you say any email provider even those that are EE2E like Tuta or Proton? Or do you mean when you send it to a non EE2E provider such as Gmail or Yahoo?
 
jeanblunt said:
Thanks also the profile picture is awesome. I'm a bit new to email security and privacy. When you say any email provider even those that are EE2E like Tuta or Proton? Or do you mean when you send it to a non EE2E provider such as Gmail or Yahoo?
Click to expand...
The keys that Tuta and Proton automatically generate are stored on their side for convenience. Regardless of if they are actually being truthful when they say that they use your password to encrypt them, they ultimately control how your keys are generated, how they are stored, and how they may be used. That's only if your sending something to another Proton account btw, everything else is exposed if you are being sent something from another mail provider or the other way around.

If you don't trust them or are afraid that laws will be passed that will force them to hand over keys in the future or potentially get legally fucked otherwise, then you can encrypt your own mail. They can also obviously see who you are talking to regardless, that isn't encrypted because otherwise, how are they going to send your message if they don't even know who it's for or from? If you have no problem with the metadata and long term forensics parts of email, then encrypting the actual content is fine.
 
You must log in or register to reply here.
Back
Top Bottom