One of the more interesting aspects to the Internet, is the area of anonymity and hidden services. While many people are familiar with the Tor network, there is another "network" that is gaining rapidly in popularity. The I2P Anonymous Network is a peer-to-peer network in which all traffic is encrypted end-to-end. I became interested in I2P after seeing a tweet by @OpBritain where I2P was mentioned.
From the I2P website, "I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. I2P is designed to allow peers using I2P to communicate with each other anonymously — both sender and recipient are unidentifiable to each other as well as to third parties."
Unlike Tor where a "directory" of the network is maintained, I2P maintains its network database via peer profiling and router info. The I2P network selects its peers by a profiling process that continually ranks performance and updates the "I2P netDb", which is contains constantly updated information on router contact information called "RouterInfos" and the destination contact information, called "LeaseSets". This netDB is distributed via a technique called "floodfill", where a smaller subset of I2P routers, known as the "floodfill routers", will maintain this distributed database.
I2P uses virtual, unidirectional tunnels that pass through a series of routers, and are typically 2 to 3 hops. Each round trip message and reply will require four tunnels. One each for the sender and recipient's inbound and outbound traffic. Tunnels are created using what is known as "Garlic Routing" (a shot at Tor's Onion routiing??) A Tunnel build message is sent via Garlic routing to an I2P router requesting that it participate in the tunnel.
One of the primary uses of I2P is via an I2PTunnel application which allows for familiar TCP/IP applications to be run through the I2P network.
I2P has been around since 2003 and has a Java client, where it will run on Windows, Linux, and MacOS. After installation, you are presented with a very comprehensive control and informational page.
There are many anonymous and encrypted services that can be utilized via the I2P tunnels including:
- Browsing to websites within the I2P network (called eepsites) as well as anonymous browsing to public sites. A custom build of Firefox called I2PFox that is hardened and built specifically for I2P is also available.
- Hosting of your own eepsite. You can make your eepsite exclusive to I2P, or also available to a public browser.
- Search. You can search for I2P content and sites via http://eepsites.com. You can also use Google to find http://xxxx.i2P.to websites accessible without I2P proxy.
- Susimail/2IpMail. Anonymous email to/from public Internet. More on this below.
- I2P-Bote accessible via http://i2pbote.i2p
- FILE SHARING
- IRC AND INSTANT MESSENGER
- IRC. Anonymous chat via a local IRC tunnel that directs to one of two I2P IRC servers. There is also an I2P Instant Messenger and the ability to run your own anonymous chat servers. More on this below.
- I2P-Messenger encrypted, serverless instant messenger.
- Jabber via i2pjabber.i2p
- DATA STORAGE
- Tahoe-LAFS. You can use it from within the I2P network.
- FORUMS AND BLOGGING
- Syndie. System for distributed anonymous forums.
Addressing and Naming Services
I2P utilizes a 516 byte crypto identifier key to refer to routers and any end point services. All destinations in I2P are referenced by this key. Three local host files are used to map destination names to their crypto key, similar to traditional DNS. I2P users can discover new destinations by subscribing to other published "addressbooks" via a configured "web of trust". I2P uses an "addressbook" application to merge these external host lists with the local host files. A "SusiDNS" application is also provided to facilitate the user's management of their host lists and addressbook configuration. The Subscriptions page allows to add additional public subscription sites in addition to the default http://www.i2p2.i2p/hosts.txt, such as
|Basic Naming Services Architecture|
An "eepsite" is simply a website that is hosted anoymously within the I2P network and accessed via HTTP tunneled back via I2P. This is similar to Tor "hidden services".
An I2P user would access these sites by setting their web browser's HTTP proxy to localhost:4444, and localhost:4445 for HTTPS. An I2P eepsite will have a URL with .i2p as its top level domain, such as http://sempersecurus.i2p. By use of an "outproxy", an I2P user will also have access to external HTTP, HTTPS, and email services. The I2P "httpclient" application allows for this outproxying. If the requested hostname does not end in .i2p, a random outproxy will be selected from a user provided list, and the request will be sent there. These outproxies are basically I2P servers that are voluntarily run specifically as an outproxy. No I2P router instance is an outproxy by default.
Some eepsite operators will make their sites publicly available outside the I2P network. Those sites can be accessed by appending a ".to" to the I2P domain, such as http://sempersecurus.i2p.to
There are a wide variety of eepsites running in the I2P network. Just reading through the addressbook listings is interesting and reflects the scope of material you can find in I2P.
|Homepages of various eepsites.|
The internal I2P web landscape reminds one of the public Internet from the mid 90's. Searching is rudimentary, some sites work great while others are barely usable and are functional only for a few hours a day. However, availability is not the objective with eepsites, anonymity is.
It's very easy to setup your own eepsite within the I2P network. Comprehensive instructions are found within the local help files, as well as from the resources listed below. In a nutshell, a site is created as follows:
- A site name is selected that won't collide with the name of another eepsite currently listed in the I2P addressbook. Add your new site name to the eepsite I2P tunnel configuration page.
- Content is placed in a 'docroot' folder which is created at installation.
- Start the eepsite from your router control panel.
- Highlight the full destination crypto key that was created for your site.
- Enter the eepsite name and the crypto key into your master address book. Additionally, you should now register your .i2p domain in one of the I2P address books. The I2P routers periodically pull address book updates from these sites, so eventually your site will be listed across the I2P network.
The images below show a test eepsite I setup within minutes. There is also a pcap of the browsing session, but note that the traffic is via an encrypted tunnel
EMAIL- SusiMail basics
A java email client called Susimail can be accessed directly from the I2P router console window at http://localhost:7657/susimail/susimail. SusiMail allows you to send and retrieve I2P mail and was designed specifically for strong I2P privacy and anonymity. Creating an email account is takes minutes via a Postman HQ site, and chances are good that you can get your coveted address, the one you could never get on Gmail :) Oddly, I2P email only accepts letters and numbers for the password. The interface is spartan, but it works quite well most of the time.
How I2P email works
The following illustrations indicate the mail flow between the I2P network and the public Internet. They are based on the text explanations kindly provided by the Postman at http://hq.postman.i2p
|I2P mail to the Internet|
|Internet mail back to I2P|
I2P Message headers
According to HQ Postman, the I2P MTA (Mail Transfer Agent) provides the following sanitizing of message headers:
"All User-Agent: and X-Mailer: header lines are automatically removed and replaced by the line X-Mailer: smtp.postman.i2p Official I2P Mailer.The following chart shows comparative email headers after testing sending emails between I2P and Gmail.
- All X- header lines are completely removed
- All message IDs are replaced by server-side generated message-IDs
- All Date: tags are removed and replaced by server-side generated Dates in UTC
- All Received: tags are removed (apart from the very last one)"
Measures to prevent abuse
There are several good resources online pertaining to the basics of I2P mail, I just want to address a concern often expressed about anonymous mail services - abuse and its potential usage for spam and malware distribution.
To prevent abuse, I2P mail sets a quota for outgoing mail to 20 recipients per day. Every day at 0:00 UTC the quota is reset . You can “buy” up to 80 recipients a day by paying in hashcash tokens / CPU cycles. You cannot “hoard” your recipient quota, the number is reset to 20 every day. Additionally, there are limits on how much mail you can store and for how long. Old mail gets deleted after 180 days, but you can easily download it via POP3.
Relay and spoofing
You can use only your own address as the return path and the auth login name has to match the sender. The sender is able to forge the "From" address but the return path is added by the MTA and will match the actual sender.
I2P maintains anonymous IRC servers that can easily be accessed via an IRC client such as mIRC or xchat. After establishing with I2P, pointing the IRC client to 127.0.0.1, port 6668 will get you connected. There are many channels available on the I2P server, and users can create their own.
|Various channels on the I2P IRC server|
An I2P user can also establish their own IRC server and allow other I2P users to access it. The server is established similar to how an eepsite is built where a hostname and crypto key are generated for the particular destination. In order to connect to another I2P user's private IRC server, it was required to modify your subscription list to add the crypto keys of the destination. Next, you would create a tunnel to the destination and add that to your router address book while selecting a connection port (ie. 6669). At that point, pointing your IRC client to localhost, port 6669 would get you connected.
Since June, 2010, I2P now supports a SOCKS IRC tunnel for clients supporting SOCKS5. By configuring your IRC client to uses SOCKS5 at localhost, port 9052, you can connect to any i2p IRC server through your client, without setting up separate tunnels for each.
I2P Stats, Additional Information, and Resources
Stats NETDB - http://stats.i2p.to
I2P is a much smaller network, compared to some better known networks like Tor but it has seen continuous growth over the past year. The best source of the current infomation about the total number of routers, the network health, and other data collected over the years about I2P is located at http://stats.i2p.to. As you can see below, at the time of the screenshot, there were 4665 routers available online, roughly twice as many as it were available a year ago. The number is constantly changing, please see the site for the most current information.
Official I2Psite - http://www.i2p2.de
The Official site is the best place to start as it has the most comprehensive information about available services, installation, and resources.
Papers, Presentations, and Videos about I2P - Site maintained on the primary I2P Website. Updated regularly.
ZZZ -http://zzz.i2p (Accessible via I2P proxy only)
Once you are on I2P, this is the best source of information for the patches, updates, tips and help.
Forum - http://forum.i2p2.de
A very active I2P user forum. Ask questions, read answers. Full of news, announcements, and discussions.
Irongeek - http://irongeek.com
Adrian Crenshaw's Irongeek.com site is an excellent resource for how-to videos, presentations, and security research related I2P. Check out his Black Hat presentation Identifying the true IP/network identity of I2P service hosts
Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P - Master's thesis by Michael Herrmann -Technische Universität München
I want to particularly thank Mila Parkour of Contagio for her excellent assistance, research, and illustrations.