Developer questions

Question 1:
If there existed a tool/application/software that could enable you to send an anonymous email without revealing sender info, when it was sent or received...would you use it?

and I would be motivated to use it especially if you...

Question 2:
How important is it to you that those emails would be able to reach receipts who aren't already using secure email channels?

Question 3
How large an attachment/file do you normally need to send via email?
Sub question
Is file sharing something that's important to you?

Create a page of linked resources and any other docs for Bitcoin and Monero community to access.

https://geti2p.net/en/download/0.9.49/clearnet/https/download.i2p2.de/i2pinstall_0.9.49.jar/download

Post-install work
After running the installer on windows, simply click on the "Start I2P" button which will bring up the router console, which has further instructions.

BUT I AM INSTALLING ON A MAC

On Unix-like systems, I2P can be started as a service using the "i2prouter" script, located in the directory you selected for I2P. Changing to that directory in a console and issuing "sh i2prouter status" should tell you the router's status. The arguments "start", "stop" and "restart" control the service. The router console can be accessed at its usual location. For users on OpenSolaris and other systems for which the wrapper (i2psvc) is not supported, start the router with "sh runplain.sh" instead.

BE SPECIFIC. " ON OSX START I2P LIKE THIS, AND SO ON. DO NOT ASSUME EVERY USER KNOWS WHAT A UNIX LIKE SYSTEM IS

When installing for the first time, please remember to adjust your NAT/firewall if you can, bearing in mind the Internet-facing ports I2P uses, described here among other ports. If you have successfully opened your port to inbound TCP, also enable inbound TCP on the configuration page.

BE SPECIFIC HERE. IF THIS DOES NOT HURT PERFORMANCE, MAKE IT A SUGGESTION. AND LETS CONSIDER THAT IF WE ARE MAKING SOFTWARE FOR EVERYONE NOT EVERYONE IS GOING TO WANT TO DO THIS OR UNDERSTAND THIS.

Also, please review and adjust the bandwidth settings on the configuration page, as the default settings of 96 KBps down / 40 KBps up are fairly slow.

HONESTLY, I FEEL LIKE AT THIS POINT WE ARE ASKING TOO MUCH OF USERS.
Consider too that the install process is upwards of 30 steps. I might feel like throwing up my hands and walking away.

If you want to reach I2P Sites via your browser, have a look on the browser proxy setup page for an easy howto.

CHANGE THIS TOO A SOLUTION THAT IS PHRASED : START BROWSING THE I2P NETWORK THIS WAY

Your web browser will need to be configured in order to browse web sites on I2P and to utilize the outproxies available within I2P. Below are walkthroughs for some of the most popular browsers.

What ports does I2P use?
The ports that are used by I2P can be divided into 2 sections:

Internet-facing ports, which are used for communication with other I2P routers
Local ports, for local connections
These are described in detail below.

Internet-facing ports
Note: Since release 0.7.8, new installs do not use port 8887; a random port between 9000 and 31000 is selected when the program is run for the first time. The selected port is shown on the router configuration page.
OUTBOUND
UDP from the random port listed on the configuration page to arbitrary remote UDP ports, allowing for replies
TCP from random high ports to arbitrary remote TCP ports
Outbound UDP on port 123, allowing for replies. This is necessary for I2P's internal time sync (via SNTP - querying a random SNTP host in pool.ntp.org or another server you specify)
INBOUND
(Optional, recommended) UDP to the port noted on the configuration page from arbitrary locations
(Optional, recommended) TCP to the port noted on configuration page from arbitrary locations
Inbound TCP can be disabled on the configuration page

Local I2P ports, listening only to local connections by default, except where noted:
( INSERT GRAPH)

How can I access the web console from my other machines or password protect it?
For security purposes, the router's admin console by default only listens for connections on the local interface. There are two methods for accessing the console remotely:

SSH Tunnel
Configuring your console to be available on a Public IP address with a username & password
These are detailed below:

SSH Tunnel
If you are running a Unix-like Operating System, this is the easiest method for remotely accessing your I2P console. (Note: SSH server software is available for systems running Windows, for example https://github.com/PowerShell/Win32-OpenSSH)
Once you have configured SSH access to your system, the '-L' flag is passed to SSH with appropriate arguments - for example:
ssh -L 7657:localhost:7657 (System_IP)

where '(System_IP)' is replaced with your System's IP address. This command forwards port 7657 (the number before the first colon) to the remote system's (as specified by the string 'localhost' between the first and second colons) port 7657 (the number after the second colon). Your remote I2P console will now be available on your local system as 'http://localhost:7657' and will be available for as long as your SSH session is active. If you would like to start an SSH session without initiating a shell on the remote system, you can add the '-N' flag:
ssh -NL 7657:localhost:7657 (System_IP)

Configuring your console to be available on a Public IP address with a username & password
Open ~/.i2p/clients.config and replace
clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/

with
clientApp.0.args=7657 ::1,127.0.0.1,(System_IP) ./webapps/

where you replace (System_IP) with your system's public IP address
Go to http://localhost:7657/configui and add a console username and password if desired - Adding a username & password is highly recommended to secure your I2P console from tampering, which could lead to de-anonymization.
Go to http://localhost:7657/index and hit "Graceful restart", which restarts the JVM and reloads the client applications
After that fires up, you should now be able to reach your console remotely. Load the router console at http://(System_IP):7657 and you will be prompted for the username and password you specified in step 2 above if your browser supports the authentication popup.
NOTE: You can specify 0.0.0.0 in the above configuration. This specifies an interface, not a network or netmask. 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP. Be careful when using this option as the console will be available on ALL addresses configured on your system.
How can I use applications from my other machines?
Please see the previous answer for instructions on using SSH Port Forwarding, and also see this page in your console: http://localhost:7657/configi2cp

Is it possible to use I2P as a SOCKS proxy?
The SOCKS proxy has been functional since release 0.7.1. SOCKS 4/4a/5 are supported. I2P does not have a SOCKS outproxy so it is limited to use within I2P only.

Many applications leak sensitive information that could identify you on the Internet and this is a risk that one should be aware of when using the I2P SOCKS proxy. I2P only filters connection data, but if the program you intend to run sends this information as content, I2P has no way to protect your anonymity. For example, some mail applications will send the IP address of the machine they are running on to a mail server. There is no way for I2P to filter this, thus using I2P to 'socksify' existing applications is possible, but extremely dangerous.

If you would like more information on the socks proxy application anyway, there are some helpful hints on the socks page.

what is the attitude towards privacy tools?
what cues are people looking for with regards to trust?
Discovery - Download journey
Mental models around "privacy"

Trying out new background color and new sections on the landing page like product pitch, constellation graphic, getting started steps

Landing Page Wireframe.pdf

add a second download workflow for the new installer to wireframe
https://eyedeekay.github.io/i2p/osx.html
instructions and some assets live here.

-Recommendation
Add ''router console" to the glossary.

Set up if the profiler goes normally:
This is a bit confusing

_It all comes down to whether we are allowed to distribute Firefox without rebranding it. What that page reflects are the licenses of the software components of the bundle which we re-distribute with the I2P Browser Profile, i.e. NoScript, HTTPS Everywhere, certain parts of the script which determines where Firefox is installed on the system come from the upstream Firefox installer source code. Unfortunately it is a legal requirement that it must be displayed.

What we could do, though, is give two text fields, one which explains the very general principles of the licenses involved, and one which displays the full text of the licenses involved. An open source for abbreviated licenses is available: https://tldrlegal.com/ for us to draw from if we want to go that route. I am also open to other options._

It looked like I2P is by default launching with Tor and that downloading a profiler installer hasn't altered this.

_This is happening on purpose and is a security-related decision, but that doesn't make it un-changeable. Let me run through what's happenedhere and we can figure out what the best course of action is.

What you have actually installed when running the second .exe you downloaded is a browser profile, which is just a folder on your hard drive, some browser extensions, which are copied into the profile, and a tiny script which tells Firefox where the profile is.

However, we run into this problem when we do that, people often have multiple versions of Firefox present on their system, and we want to make sure that we pick a "Safe" version. The profile installer considers two versions of Firefox "Safe" for launching with the script, one of which is regular Firefox as distributed by Mozilla and installed with the defaults (including automatic updates), and one of which is the Tor Browser bundle because of it's advanced integrity, update, and fingerprint protections. In a situation where Tor Browser is present, we favour it over regular Firefox.

But there's another problem, which is that in it's default configuration, when you visit a service running on the local computer in a browser, it can talk to other services running on the local computer in simple ways that might not always be visible to the person operating the browser. This can lead to unwanted information disclosure. Therefore, In Tor Browser mode, it's not possible to exempt URL's from the proxy in a granular way right now, so requests to local services, including the I2P router console, end up getting dropped. However, it provides the very best protection for browsing remote I2P services, which would generally be regarded as higher risk than the local router console. The "expectation" so to speak, if there ever was one, would be for the user to administer I2P in one browser, and to browse remote I2P services in another, and that the Profile Bundle Installer solves the latter problem and not the former.

I see two potential paths to a solution to this UX problem:

1. It is possible to extend the browser to behave in this manner, i.e.
   to only exempt the I2P Console from the proxy when using Tor Browser.
   This reduces the attack surface exposed by exempting certain
   destinations from the proxy, while also making the I2P console safe to
   configure in the same browser that you are using to browse I2P.

2. "Hide" the browser as an agent in the configuration of I2P entirely,
   i.e. change the way the installer works for the purposes of
   administering I2P so that it launches a browser which has had it's usual
   UI and configuration elements removed and then presents itself more
   simply as a desktop UI for I2P Applications. This would require the
   generation of a second browser profile for this purpose and a second
   script for this purpose, but I do know how to create both those things.

Either of these can done in a matter of a weeks with coordination with other devs about releasing a new version of
the profile bundle. The difference is basically do we want 1 browser for both browsing and configuring I2P, or do we want 1 Browser for browsing I2P and 1 browser that doesn't look like a browser, which is a new "UI Wrapper" for the I2P console._

But now i finally have this! Not sure how

Solving the issue above should either make this not the case, or make this fact less intrinsically confusing perhaps? The default homepage should also change from the URL it is to the local proxy checker homepage as well. If everything is working as it should, though, entering "http://proxy.i2p" into your URL bar right now should indicate a working I2P Proxy.

http://127.0.0.1:7657/help

Both faq and wiki links not working

Branding and style guidelines for the website, based on what it currently looks like.

Issue noted: due to the layout of this page, the instructions look like they overlap. Additionally , some screenshots should be provided if the OS looks very different so that users can visually match instructions with their screen.

The Information layout should also include visual cues ie : use logos/ familiar visual cues for browser recognition and to break up the "wall of text"

https://geti2p.net/en/about/intro

The Invisible Internet Project (I2P)
History
I2P is a project to build, deploy, and maintain a network supporting secure and anonymous communication.
The project started in October 2001 as a “desire for instant communication with other Freenet users to talk about Freenet issues, and exchange Freenet keys while still maintaining anonymity, privacy and security.” It was called IIP — the Invisible IRC Project. The Invisible IRC Project was based on the ideals behind another project called The InvisibleNet.
To quote the developer who started the project "I believe most people want this technology so they can express themselves freely. It’s a comfortable feeling when you know you can do that. At the same time we can conquer some of the problems seen within the Internet by changing the way security and privacy is viewed, as well as the extent to what it is valued."

More information about the history of the project can be found in the blog post 20 Years of Privacy: A Brief History of I2P

What is the Invisible Internet?

The Invisible Internet is a fully encrypted private network layer that has been developed with privacy and security by design in order to provide protection for your activity, location and your identity.
People using the I2P network are in control of the tradeoffs between anonymity, reliability, bandwidth usage, and latency. There is no central point in the network on which pressure can be exerted to compromise the integrity, security, or anonymity of the system. The network supports dynamic reconfiguration in response to various attacks, and has been designed to make use of additional resources as they become available.
I2P is designed to allow peers using I2P to communicate with each other anonymously. Both sender and recipient are unidentifiable to each other as well as to third parties.

The I2P network is designed for privacy and resilience to censorship
I2P hides the server from the user and the user from the server. All I2P traffic is internal to the I2P network. Traffic inside I2P does not interact with the Internet directly. It is a layer on top of the Internet. It uses encrypted unidirectional tunnels between you and your peers. No one can see where traffic is coming from, where it is going, or what the contents are. Additionally I2P offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.
An essential part of designing, developing, and testing an anonymizing network is to define the threat model. There is no such thing as "true" anonymity, just increasingly expensive costs to identify someone. I2P's intent is to allow people to communicate in environments or situations where protected communication and identity is needed, by providing good anonymity, mixed in with sufficient cover traffic provided by the activity of people who require less anonymity. This way, some users can avoid detection when a personal threat model requires it alongside others with different privacy needs. On the I2P network all of these messages are essentially indistinguishable from the others.

The I2P Software
The Invisible Internet Project provides software to download that connects you to the network. In addition to the network privacy benefits, I2P provides an application layer that allows people to use and create familiar apps for daily use. I2P provides its own unique DNS so that you can self host or mirror content on the network. You can create and own your own platform that you can add to the I2P directory or only invite your friends. The I2P network functions the same way the Internet does. When you download the I2P software, it includes everything you need to connect, share, and create content on the I2P network.

A Brief Technical Overview of the Network
I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports. I2P tunnels use transports, NTCP2 and SSU, to hide the nature of the traffic being transported over it. Connections are encrypted from router-to-router, and from client-to-client(end-to-end). Forward-secrecy is provided for all connections. Because I2P is cryptographically addressed, I2P addresses are self-authenticating and only belong to the user who generated them.
I2P is a secure and traffic protecting Internet-like layer. The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels. Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP, etc), passing messages. Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages. These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network. I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.

About Decentralization and I2P
The I2P network is almost completely decentralized, with exception to what are called "Reseed Servers," which is how you first join the network. This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem. Basically, there's not a good and reliable way to get out of running at least one permanent bootstrap node that non-network users can find to get started. Once you're connected to the network, you only discover peers by building "exploratory" tunnels, but to make your initial connection, you need to get a peer set from somewhere. The reseed servers, which you can see listed on http://127.0.0.1:7657/configreseed in the Java I2P router, provide you with those peers. You then connect to them with the I2P router until you find one who you can reach and build exploratory tunnels through. Reseed servers can tell that you bootstrapped from them, but nothing else about your traffic on the I2P network.

I2P is Peer -to Peer
You will see IP addresses of other I2P nodes in the software router console. This is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.

What I2P Does Not Do
The I2P network does not officially "Exit" traffic. It has outproxies to the Internet run by volunteers, which are centralized services. I2P is primarily a hidden service network and outproxying is not an official function, nor is it advised. The privacy benefits you get from participating in the the I2P network come from remaining in the network and not accessing the internet. I2P recommends that you use Tor Browser or a trusted VPN when you want to browse the Internet privately.

I2P is Free Open Source

The entire system is open source. The router and most of the SDK (software development kit) are public domain with some BSD and Cryptix licensed code. Some applications like I2PTunnel and I2PSnark are GPL. Almost everything is written in Java (1.5+), though some third party applications are being written in Python and other languages. The code works on Sun Java SE and other Java Virtual Machines.

Visit the project on Gitlab.

For more in-depth information about the network, its protocols and encryption methods, please see the I2P Technical Docs.

Creating a space to put some of our goals/milestones and a rough timeline of when we'd like to hit each one.

I2P Router Help
What systems will I2P run on?
I2P is written in the Java programming language. It has been tested on Windows, Linux, FreeBSD and OSX. An Android port is also available.

In terms of memory usage, I2P is configured to use 128 MB of RAM by default. This is sufficient for browsing and IRC usage. However, other activities may require greater memory allocation. For example, if one wishes to run a high-bandwidth router, participate in I2P torrents or serve high-traffic hidden services, a higher amount of memory is required.

In terms of CPU usage, I2P has been tested to run on modest systems such as the Raspberry Pi range of single-board computers. As I2P makes heavy use of cryptographic techniques, a stronger CPU will be better suited to handle the workload generated by I2P as well as tasks related to the rest of the system (i.e. Operating System, GUI, Other processes e.g. Web Browsing).

A comparison of some of the available Java Runtime Environments (JRE) is available here: https://trac.i2p2.de/wiki/java. Using Sun/Oracle Java or OpenJDK is recommended.

Is installing Java required to use I2P?
While the main I2P client implementation requires Java, there are several alternative clients which don't require Java.

How do I configure my browser?
The proxy config for different browsers is on a separate page with screenshots. More advanced configs with external tools, such as the browser plug-in FoxyProxy or the proxy server Privoxy, are possible but could introduce leaks in your setup.

How do I connect to IRC within I2P?
A tunnel to the main IRC server within I2P, Irc2P, is created when I2P is installed (see the I2PTunnel configuration page), and is automatically started when the I2P router starts. To connect to it, tell your IRC client to connect to localhost 6668. HexChat-like client users can create a new network with the server localhost/6668 (remember to tick "Bypass proxy server" if you have a proxy server configured). Weechat users can use the following command to add a new network:

/server add irc2p localhost/6668

How do I set up my own I2P Site?
The I2P software provides its own anonymous I2P webserver (traditionally referred to as an eepsite). To serve your own content, simply edit the files in the webserver's root directory and the site will be public once you follow the instructions found on the Web Server page http://127.0.0.1:7658/help/.

What is an "I2P Site?"
Formerly called an eepSite, an I2P Site is a website that is hosted anonymously, a hidden service which is accessible through your web browser. It can be accessed by setting your web browser's HTTP proxy to use the I2P web proxy (typically it listens on localhost port 4444), and browsing to the site. Detailed instructions for configuring your browse can be found on the browser configuration page.

How Does I2P find ".i2p" websites?
The I2P Address Book application maps human-readable names to long-term destinations, associated with services, making it more like a hosts file or a contact list than a network database or a DNS service. It's also local-first there is no recognized global namespace, you decide what any given .i2p domain maps to in the end. The middle-ground is something called a "Jump Service" which provides a human-readable name by redirecting you to a page where you will be asked "Do you give the I2P router permission to call $SITE_CRYPTO_KEY the name $SITE_NAME.i2p" or something to that effect. Once it's in your address book, you can generate your own jump URL's to help share the site with others.

How do I add addresses to the Address Book?
You cannot add an address without knowing at least the base32 or base64 of the site you want to visit. The "hostname" which is human-readable is only an alias for the cryptographic address, which corresponds to the base32 or base64. Without the cryptographic address, there is no way to access an I2P Site, this is by design. Distributing the address to people who do not know it yet is usually the responsibility of the Jump service provider. Visiting an I2P Site which is unknown will trigger the use of a Jump service. stats.i2p is the most reliable Jump service.

If you're hosting a site via i2ptunnel, then it won't have a registration with a jump service yet. To give it a URL locally, then visit the configuration page and click the button that says "Add to Local Address Book." Then go to http://127.0.0.1:7657/dns to look up the addresshelper URL and share it.

What do the Active x/y numbers mean in the router console?
x is the number of peers you've sent or received a message from successfully in the last minute, y is the number of peers seen in the last hour or so. Try hovering your cursor over the other lines of information for a brief description.

In wrapper.log I see an error that states "Protocol family unavailable" when loading the Router Console
Often this error will occur with any network enabled java software on some systems that are configured to use IPv6 by default. There are a few ways to solve this:

On Linux based systems, you can echo 0 > /proc/sys/net/ipv6/bindv6only
Look for the following lines in wrapper.config.
#wrapper.java.additional.5=-Djava.net.preferIPv4Stack=true
#wrapper.java.additional.6=-Djava.net.preferIPv6Addresses=false

If the lines are there, uncomment them by removing the "#"s. If the lines are not there, add them without the "#"s.
Another option would be to remove the ::1 from ~/.i2p/clients.config
WARNING: For any changes to wrapper.config to take effect, you must completely stop the router and the wrapper. Clicking Restart on your router console will NOT reread this file! You must click Shutdown, wait 11 minutes, then start I2P.

Most of the I2P Sites within I2P are down?
If you consider every I2P Site that has ever been created, yes, most of them are down. People and I2P Sites come and go. A good way to get started in I2P is check out a list of I2P Sites that are currently up. http://identiguy.i2p.xyz tracks active I2P Sites.

Why is I2P listening on port 32000?
The Tanuki java service wrapper that we use opens this port —bound to localhost— in order to communicate with software running inside the JVM. When the JVM is launched it is given a key so it can connect to the wrapper. After the JVM establishes its connection to the wrapper, the wrapper refuses any additional connections.

More information can be found in the wrapper documentation.

How do I access IRC, BitTorrent, or other services on the regular Internet?
Unless an outproxy has been specifically set up for the service you want to connect to, this cannot be done. There are only three types of outproxies running right now: HTTP, HTTPS, and email. Note that there is no SOCKS outproxy. If this type of service is required, we recommend that you use Tor. Please be aware that the Tor project recommends against using BitTorrent over Tor, as there are serious anonymity-related issues associated with doing so.

• Landing page has lots of info, but still hard to find what I wanted ( windows download)
• could we have a search button?
• having "Download" option in 2 places is confusing
  

-This was helpful

• the Windows install guide was really helpful.
  -I felt like there was a lot of software that was "making changes" on my laptop.
• there needs to be an uninstall guide added to FAQ or Help that is clear and easy to find.

• the colours in the logo could be used somehow / more across the site in some way to guide the user.

-The set up wizard is welcoming.

• for bandwidth config/ and measurement: is there a way to know if using I2P will affect performance for people who have bandwidth limits? To decide on the default is maybe questionable in some cases if there is not better idea of how running I2P may interact with performance of other apps, activities.

Since I2P requires the I2P software, Java, and a browser ( Firefox) that needs to be configured, it is different workflow for most people. This is a good opportunity to figure out a fun way to present this like privacy lego =)

In the Java reference router/application suite project we're building up a sort of wishlist of things which we think are important to roadmap for a version 1.0.0 release of I2P.
One major priority will be migration from our current installer structure, which uses a tool called 'izpack5' to build a purely java-based installer for all platforms, to a newer tool called 'jpackage' which builds installers which speak the language of the platform's packaging tool, so for Windows this would be the .msi installer format, for MacOSX, the .dmg image format. One of the most important practical outcomes of this is that we will no longer need java to be present to run the installer itself, and can thus use the installer itself to install the subset of Java packages required to run I2P. The outcome of this is that we can finally build an installer which does not require the additional step of installing Java on Windows and OSX. That should remove about 6 "clicks" from the install process overall, basically all the Java clicks. This might be something we can manage for the 0.9.50 release, that would be a major benefit for all of us.

/home

This is the landing page of the I2P router console. It is comprised of a sidebar, news, and quick links to I2P applications, a selection of I2P sites, services, help and configuration.

Sidebar
The sidebar will display:
-what version of I2P you are running
-how long it has been running
-your router connection status
-tunnel build status
-alerts when a new version of I2P is available for download
-reseed if required
-options to stop, restart your router

News
The news section will display highlights from a new release, and alerts when there is a need to do an update to any plugins, or extensions or the I2P router software itself. This section can be displayed or hidden based on your preference.

Applications
The I2P router includes : I2P Addressbook , Email, Hidden Services Manager, Torrents, and a Web Server. This section provides links to each.

I2P Community Sites
This is a collection of sites and services that the I2P team hosts, with exception of the Tin Hat. They are are all internal to the I2P network.
They include links to zzz' dev forum, the community forum, the project Gitlab, and more. If you want to check if your browser is configured properly and if you are connected to the I2P network, click on one of these options to find out!

Configuration and Help
In this section you can access your bandwidth sharing options, help and FAQ , and add plugins to your router, or customize the look of your router console as part of the configuration options available.

Network and Developer Information
Links in this section include access to I2P technical docs, the project Bugtracker, Trac Wiki, and metrics options for people who are interested in I2P network statistics. Logs for your router can be accessed here as well.

There are many things that can be done within the I2P router console to both create and connect to services, and also to connect to servers and mirror content on the network.

How to offer your existing Web Site as an I2P eepSite
https://geti2p.net/en/blog/post/2019/06/02/mirroring-guide

How to set up an ssh server behind I2P for personal access
https://geti2p.net/en/blog/post/2019/06/15/i2p-i2pd-ssh-config

Basic I2P Tunnels Tutorial with Pictures ( Webserver)
https://geti2p.net/en/blog/post/2019/06/02/basic-tunnel-tutorial

NEXTCLOUD OVER I2P, THE REALLY REALLY EASY WAY
https://eyedeekay.github.io/Nextcloud-over-I2P-on-Docker/

Level up your I2P Skills with Encrypted LeaseSets
https://geti2p.net/en/blog/post/2021/09/07/Level-Up-Encrypted-Leasesets

Setting up Gitlab with I2P: accessing Gitlab using I2O Tunnel
https://geti2p.net/en/docs/applications/git

Gitlab over I2P Setup: Hosting Gitlab o I2P
https://geti2p.net/en/docs/applications/gitlab

https://github.com/eyedeekay/defcon

https://geti2p.net/en/blog/post/2019/06/23/sam-library-basics

btc.txt (https://geti2p.net/en/blog/post/2021/09/18/i2p-bitcoin)

Device details
Win 10
Chrome browser
VPN (private)

User details
-Likes building things:-)
-Has gone through a revolution which inspired digital rights activism

Where she lives and works

"Middle East, SW Asia and NE Africa c1955" by davecito is licensed under CC BY 2.0

Community

updating copy for download & Install process

Google sheets link for a list of changes to prioritize for the Installation process. Feel free to add stuff, edit, comment:

https://docs.google.com/spreadsheets/d/1f_qtNvKPjOVeQH1lb8PEXxnhhmo8q1RBB4ugkBd95z0/edit?usp=sharing

FAQ
Considerations for improved information flow and improved accessibility

The I2P Ecosystem
What is I2P?
Why should I use I2P?
What does it do?
What does I2P not do?
How is it different from the Internet?
How does I2P compare with other private internets like Tor or Freenet? (Can link to those comparison pages that already exist)
What do you mean by Invisible or Private?
What is an I2P site?
What does Peer to Peer mean?
What can I do with the software?
What does reseed mean?
What is outproxy? (Can have that outproxy disclaimer that's on the post-install page)
Bandwidth Sharing

Review and test usability of applications for users.

Research Plan
Research and Interview Questions
Goals of Research
Users/People we want to target
Existing Research

### Sidebar Messages

While I2P will work fine behind most firewalls, your speeds and network integration will generally improve if the I2P port is forwarded for both UDP and TCP. If you think you have opened up your firewall and I2P still thinks you are firewalled, remember that you may have multiple firewalls, for example both software packages and external hardware routers. If there is an error, the logs may also help diagnose the problem.

**OK**: Your UDP port does not appear to be firewalled.

**Firewalled**: Your UDP port appears to be firewalled.  As the firewall detection methods are not 100% reliable, this may occasionally be displayed in error.  However, if it appears consistently, you should check whether both your external and internal firewalls are open for your port.  _I2P will work fine when firewalled, there is no reason for concern_. When firewalled, the router uses "introducers" to relay inbound connections.  However, you will get more participating traffic and help the network if you open your firewall.  If you think you have already done so, remember that you may have both a hardware and a software firewall, or be behind an additional, institutional firewall you cannot control.  Also, some routers cannot correctly forward both TCP and UDP on a single port, or may have other limitations or bugs that prevent them from passing traffic through to I2P.

**Testing**: The router is currently testing whether your UDP port is firewalled.

**Hidden**: The router is not configured to publish its address, therefore it does not expect incoming connections.  Hidden mode is automatically enabled for added protection in certain countries. Too see the countries that are on this list refer to the Strict Countries List.

WARN - Firewalled and Fast: You have configured I2P to share more than 128KBps of bandwidth, but you are firewalled. While I2P will work fine in this configuration, if you really have over 128KBps of bandwidth to share, it will be much more helpful to the network if you open your firewall.

**WARN - Firewalled and Floodfill**: You have configured I2P to be a floodfill router, but you are firewalled.  For best participation as a floodfill router, you should open your firewall.

**WARN - Firewalled with Inbound TCP Enabled**: You have configured inbound TCP, however your UDP port is firewalled, and therefore it is likely that your TCP port is firewalled as well. If your TCP port is firewalled with inbound TCP enabled, routers will not be able to contact you via TCP, which will hurt the network. Please open your firewall or disable inbound TCP above.

**WARN - Firewalled with UDP Disabled**: You have configured inbound TCP, however you have disabled UDP.  You appear to be firewalled on TCP, therefore your router cannot accept inbound connections.  Please open your firewall or enable UDP.

**ERR - Clock Skew**: Your system's clock is skewed, which will make it difficult to participate in the network.  Correct your clock setting if this error persists.

**ERR - Private TCP Address:** You must never advertise an unroutable IP address such as 127.0.0.1 or 192.168.1.1 as your external address. Correct the address or disable inbound TCP on the Network Configuration page.

**ERR - SymmetricNAT**: I2P detected that you are firewalled by a Symmetric NAT. I2P does not work well behind this type of firewall. You will probably not be able to accept inbound connections, which will limit your participation in the network.

**ERR - UDP Port In Use** - Set i2np.udp.internalPort=xxxx in advanced config and restart: I2P was unable to bind to the configured port noted on the advanced network configuration page .  Check to see if another program is using the configured port. If so, stop that program or configure I2P to use a different port.  This may be a transient error, if the other program is no longer using the port.  However, a restart is always required after this error.

**ERR - UDP Disabled and Inbound TCP host/port not set**: You have not configured inbound TCP with an address and port on the Network Configuration page, however you have disabled UDP.  Therefore your router cannot accept inbound 

connections. Please configure a TCP host and port on the Network Configuration page or enable UDP.

**ERR - Client Manager I2CP Error** - check logs: This is usually due to a port 7654 conflict. Check the logs to verify.  Do you have another I2P instance running? Stop the conflicting program and restart I2P.

#29

What do the active numbers of peers mean in the router console?

This is the number of peers you've sent or received a message from successfully in the last minute, and the number of peers seen in the last hour or so. Try hovering your cursor over the other lines of information for a brief description.

In wrapper.log I see an error that states "Protocol family unavailable" when loading the Router Console
Often this error will occur with any network enabled java software on some systems that are configured to use IPv6 by default. There are a few ways to solve this:

On Linux based systems, you can echo 0 > /proc/sys/net/ipv6/bindv6only
Look for the following lines in wrapper.config.
#wrapper.java.additional.5=-Djava.net.preferIPv4Stack=true
#wrapper.java.additional.6=-Djava.net.preferIPv6Addresses=false

If the lines are there, uncomment them by removing the "#"s. If the lines are not there, add them without the "#"s.
Another option would be to remove the ::1 from ~/.i2p/clients.config
WARNING: For any changes to wrapper.config to take effect, you must completely stop the router and the wrapper. Clicking Restart on your router console will NOT reread this file! You must click Shutdown, wait 11 minutes, then start I2P.

Most of the I2P Sites within I2P are down?
Sites on the I2P network are mostly self-hosted, so availability is at the discretion of the site operator. A good way to get started in I2P is check out a list of I2P Sites that are currently up. http://identiguy.i2p.xyz tracks active I2P Sites.

Why is I2P listening on port 32000?
The Tanuki java service wrapper that we use opens this port —bound to localhost— in order to communicate with software running inside the JVM. When the JVM is launched it is given a key so it can connect to the wrapper. After the JVM establishes its connection to the wrapper, the wrapper refuses any additional connections.

More information can be found in the wrapper documentation.

### Configuration

How do I configure my browser?
The proxy config for different browsers is on a separate page with screenshots. More advanced configs with external tools, such as the browser plug-in FoxyProxy or the proxy server Privoxy, are possible but could introduce leaks in your setup.

How do I connect to IRC within I2P?
A tunnel to the main IRC server within I2P, Irc2P, is created when I2P is installed (see the I2PTunnel configuration page), and is automatically started when the I2P router starts. To connect to it, tell your IRC client to connect to localhost 6668. HexChat-like client users can create a new network with the server localhost/6668 (remember to tick "Bypass proxy server" if you have a proxy server configured). Weechat users can use the following command to add a new network:

/server add irc2p localhost/6668

How do I set up my own I2P Site?
The I2P software provides its own anonymous I2P webserver (traditionally referred to as an eepsite). To serve your own content, simply edit the files in the webserver's root directory and the site will be public once you follow the instructions found on the Web Server page http://127.0.0.1:7658/help/.

If I host a website at I2P at home, containing only HTML and CSS, is it dangerous?
If you're hosting a personal blog or doing something otherwise non-sensitive, then you are obviously in little danger. If you have privacy needs that are basically non-specific, you are in little danger. If you are hosting something sensitive, then your services will go down at the same time that your router goes down. Someone who observes your downtime and correlates it to real-world events could probably de-anonymize you with enough effort. I2P has defenses available against this like multihoming or Tahoe-LAFS, but they require additional set up and are only appropriate for some threat models. There is no magic solution, protecting yourself from a real threat will take real consideration in any case.

How Does I2P find ".i2p" websites?
The I2P Address Book application maps human-readable names to long-term destinations, associated with services, making it more like a hosts file or a contact list than a network database or a DNS service. It's also local-first there is no recognized global namespace, you decide what any given .i2p domain maps to in the end. The middle-ground is something called a "Jump Service" which provides a human-readable name by redirecting you to a page where you will be asked "Do you give the I2P router permission to call $SITE_CRYPTO_KEY the name $SITE_NAME.i2p" or something to that effect. Once it's in your address book, you can generate your own jump URL's to help share the site with others.

How do I add addresses to the Address Book?
You cannot add an address without knowing at least the base32 or base64 of the site you want to visit. The "hostname" which is human-readable is only an alias for the cryptographic address, which corresponds to the base32 or base64. Without the cryptographic address, there is no way to access an I2P Site, this is by design. Distributing the address to people who do not know it yet is usually the responsibility of the Jump service provider. Visiting an I2P Site which is unknown will trigger the use of a Jump service. stats.i2p is the most reliable Jump service.

If you're hosting a site via i2ptunnel, then it won't have a registration with a jump service yet. To give it a URL locally, then visit the configuration page and click the button that says "Add to Local Address Book." Then go to http://127.0.0.1:7657/dns to look up the addresshelper URL and share it.

I'm missing lots of hosts in my address book. What are some good subscription links?
This question can be answered in 3 parts:

My router often displays a message saying "Website Not Found In Address Book", why do I see this message?
Human-readable addresses such as http://website.i2p are references to a long, random string known as a destination. These references are registered and stored at address book services such as stats.i2p, which is run by zzz. You will often encounter a "b32" address. A "b32" is a hash (specifically, a SHA256 hash) of the destination. This hash is appended with ".b32.i2p" and serves as a convenient way to link to your hidden service, without requiring any registration on an address book service.

It is possible to add subscriptions to your router's configuration which may reduce the frequency of these messages.

What is an address book subscription?

This is a list of files hosted on various I2P websites each of which contain a list of I2P hosts and their associated destinations.

The address book is located at http://localhost:7657/dns where further information can be found.

What are some good address book subscription links?
You may try the following:

http://stats.i2p/cgi-bin/newhosts.txt
http://identiguy.i2p/hosts.txt

How can I access the web console from my other machines or password protect it?
For security purposes, the router's admin console by default only listens for connections on the local interface. There are two methods for accessing the console remotely:

SSH Tunnel
Configuring your console to be available on a Public IP address with a username & password
These are detailed below:

SSH Tunnel
If you are running a Unix-like Operating System, this is the easiest method for remotely accessing your I2P console. (Note: SSH server software is available for systems running Windows, for example https://github.com/PowerShell/Win32-OpenSSH)
Once you have configured SSH access to your system, the '-L' flag is passed to SSH with appropriate arguments - for example:
ssh -L 7657:localhost:7657 (System_IP)

where '(System_IP)' is replaced with your System's IP address. This command forwards port 7657 (the number before the first colon) to the remote system's (as specified by the string 'localhost' between the first and second colons) port 7657 (the number after the second colon). Your remote I2P console will now be available on your local system as 'http://localhost:7657' and will be available for as long as your SSH session is active. If you would like to start an SSH session without initiating a shell on the remote system, you can add the '-N' flag:
ssh -NL 7657:localhost:7657 (System_IP)

Configuring your console to be available on a Public IP address with a username & password
Open ~/.i2p/clients.config and replace
clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/

with
clientApp.0.args=7657 ::1,127.0.0.1,(System_IP) ./webapps/

where you replace (System_IP) with your system's public IP address
Go to http://localhost:7657/configui and add a console username and password if desired - Adding a username & password is highly recommended to secure your I2P console from tampering, which could lead to de-anonymization.
Go to http://localhost:7657/index and hit "Graceful restart", which restarts the JVM and reloads the client applications
After that fires up, you should now be able to reach your console remotely. Load the router console at http://(System_IP):7657 and you will be prompted for the username and password you specified in step 2 above if your browser supports the authentication popup.
NOTE: You can specify 0.0.0.0 in the above configuration. This specifies an interface, not a network or netmask. 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP. Be careful when using this option as the console will be available on ALL addresses configured on your system.

How do I access IRC, BitTorrent, or other services on the regular Internet?

Unless an outproxy has been specifically set up for the service you want to connect to, this cannot be done. There are only three types of outproxies running right now: HTTP, HTTPS, and email. Note that there is no SOCKS outproxy. If this type of service is required, we recommend that you use Tor. Please be aware that the Tor project recommends against using BitTorrent over Tor, as there are serious anonymity-related issues associated with doing so.

CONNECTION ISSUES

My router has been up for several minutes and has zero or very few connections
New installations of I2P carry out the reseeding process automatically, as well as when the number of known peers falls to a drastically low value. If you need to carry out a reseed of your router, please see the reseed instructions.

How do I reseed manually?
An I2P router only needs to be seeded once, to join the network for the first time. Reseeding involves fetching multiple "RouterInfo" files (bundled into a signed zip-file) from at least two predefined server URLs picked from a volunteer-run group of non-private internet HTTPS servers.

A typical symptom of a failed reseed is the "Known" indicator (on the left sidebar of the router console) displaying a very small value (often less than 5) which does not increase. This can occur, among other things, if your local firewall limits outbound traffic or if the reseed request is blocked entirely.

If you are stuck behind an ISP firewall or filter, you can use the following manual method (non-automated technical solution) to join the I2P network.

As of release 0.9.33, you may also configure your router to reseed through a proxy. Go to http://localhost:7657/configreseed and configure the proxy type, hostname, and port.

Joining the I2P Network using a reseed file
Please contact a known trustworthy friend who has a running I2P router, and ask them for help with reseeding your I2P router. Request that they send you a reseed file exported from their running I2P router. It is vital that the file is exchanged over a secure channel, e.g. encrypted to avoid external tampering (PGP Sign, Encrypt and Verified with a trusted public key). The file itself is unsigned, so please accept files only from known trusted friends. Never import a reseed file if you can not verify its source.

To import the received i2preseed.zip file into your local I2P router:

Go to http://localhost:7657/configreseed
Under "Manual Reseed from File" click "Browse..."
Select the i2preseed.zip file
Click "Reseed from File"
Check the log for the following message:
Reseed got 100 router infos from file with 0 errors

Sharing a reseed file
For trusted friends you can use your local I2P router to give them a jump start:

Go to http://localhost:7657/configreseed
Under "Create Reseed File" click "Create reseed file"
Securely send the i2preseed.zip file to your friend
Do not reveal this file in any case to unknown users, since it contains sensitive private data (100 RouterInfo) from your own I2P router! In order to protect your anonymity: you may wait a few random hours/days before you share the file with your trusted friend. It is also advisable to use this procedure sparingly (< 2 per week).

General guidelines for manual reseeding of I2P
Do not publicly publish the reseed file or share these files with a friend of a friend!
This file should be used only for a very limited number of friends (< 3)!
The file is valid only a few days (< 20)!

### Internet Access/Performance

I can't access regular Internet sites through I2P.
I2P is primarily not intended, nor designed, to be used as a proxy to the regular internet. With that said, there are services which are provided by volunteers that act as proxies to non-private internet based content - these are referred to as "outproxies" on the I2P network. There is an outproxy configured by default in I2P's HTTP client tunnel - false.i2p. While this service does currently exist, there is no guarantee that it will always be there as it is not an official service provided by the I2P project. If your main requirement from an anonymous network is the ability to access non-private internet resources, we would recommend using Tor.

I can't access https:// or ftp:// sites through I2P.
HTTPS
Within I2P, there is no requirement to use HTTPS. All traffic is encrypted end-to-end, any further encryption, e.g. with the use of HTTPS, doesn't create any further anonymity-related benefits. However, if one would like to use HTTPS or has a requirement to do so, the existing default I2P HTTP Proxy has support for HTTPS traffic. Any hidden service operator would have to specifically set up and enable HTTPS access.
FTP
FTP is not supported for technical reasons. There are no FTP "outproxies" to the Internet—it may not even be possible to set up one. Any other kind of outproxy may work if it's set up with a standard tunnel. If you would like to set up some type of outproxy, carefully research the potential risks. The I2P community may or may not be able to help with the technical aspects, feel free to ask. As explained several times above, any existing outproxy isn't a core part of the network. They are services run by individuals and they may or may not be operational at any given time.
My router is using a large amount of CPU, what can I do about this?
There are many possible causes of high CPU usage. Here is a checklist:

Java Runtime Environment
Try to use either OpenJDK or Sun/Oracle Java if it's available for your system. You can check which version of java you have installed by typing java -version at a command/shell prompt. Performance tends to suffer with other implementations of java.
File sharing applications, e.g. BitTorrent
Are you running a BitTorrent client over I2P? Try reducing the number of torrents, the bandwidth limits, or try turning it off completely to see if that helps.
High bandwidth settings
Are your bandwidth limits set too high? It is possible that too much traffic is going through your I2P router and it is overloaded. Try reducing the setting for share bandwidth percentage on the configuration page.
I2P Version
Make sure that you're running the latest version of I2P to get the benefits of increased performance and bug fixes.
Memory allocation
Has enough memory been set aside for use by I2P? Look at the memory graph on the graphs page to see if the memory usage is "pegged"—the JVM is spending most of its time in garbage collection. Increase the setting wrapper.java.maxmemory in the file wrapper.config.
Bursts of high-usage vs. constant 100% usage
Is the CPU usage simply higher than you would like, or is it pegged at 100% for a long time? If it is pegged, this could be a bug. Look in the logs for clues.
Java-related
You may be using the Java-based BigInteger library instead of the native version, especially if you are running on a new or unusual OS or hardware (OpenSolaris, mipsel, etc.). See the jbigi page for instructions on diagnosing, building, and testing methods.
Participating tunnels
If your native jbigi library is working fine, the biggest user of CPU may be routing traffic for participating tunnels. This uses CPU because at each hop a layer of encryption must be decoded. You can limit participating traffic in two ways - by reducing the share bandwidth on the confignet page, or by setting router.maxParticipatingTunnels=nnn on the configadvanced page.

My router has very few active peers, is this OK?

If your router has 10 or more active peers, everything is fine. The router should maintain connections to a few peers at all times. The best way to stay "better-connected" to the network is to share more bandwidth. The amount of bandwidth that is shared by the router can be changed on the configuration page: http://localhost:7657/config

My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong?

No, there isn't anything wrong. This is normal behavior. All routers adjust dynamically to changing network conditions and demands. Routers come online and go offline depending on whether the system it is installed on is operational or not, as well as whether there is an available network connection. Your router is constantly updating its local Network Database. Tunnels which your router is participating in expire every 10 minutes and may or may not be rebuilt through your router.

What makes downloads, torrents, web browsing, and everything else slower on I2P as compared to the regular internet?
The encryption and routing within the I2P network adds a substantial amount of overhead and limits bandwidth. We can try to clarify this with the aid of a diagram:

In this diagram, the path that some I2P traffic takes as it travels through the network is traced. A user's I2P router is denoted by the box labeled 'A' and an I2P Hidden Service (for example, the http://stats.i2p website) is labelled as 'B'. Both the client and the server are using 3-hop tunnels, these hops are represented by the boxes labelled 'P', 'Q', 'R', 'X', 'Y', 'Z', 'P_1', 'Q_1', 'R'_1, 'X_1', 'Y_1' and 'Z_1'.

The boxes labelled 'P', 'Q' and 'R' represent an outbound tunnel for A while the boxes labelled 'X_1', 'Y_1', 'Z_1' represent an outbound tunnel for 'B'. Similarly, the boxes labelled 'X', 'Y' and 'Z' represent and inbound tunnel for 'B' while the boxes labelled 'P_1', 'Q_1' and 'R_1' represent an inbound tunnel for 'A'. The arrows in between the boxes show the direction of traffic. The text above and below the arrows detail some example bandwidth between a pair of hops as well as example latencies.

When both client and server are using 3-hop tunnels throughout, a total of 12 other I2P routers are involved in relaying traffic. 6 peers relay traffic from the client to the server which is split into a 3-hop outbound tunnel from 'A' ('P', 'Q', 'R') and a 3-hop inbound tunnel to 'B' ('X', 'Y', 'Z'). Similarly, 6 peers relay traffic from the server to back to the client.

First, we can consider latency - the time that it takes for a request from a client to traverse the I2P network, reach the the server and traverse back to the client. Adding up all latencies we see that:

  40 + 100 + 20 + 60 + 80 + 10 + 30 ms        (client to server)
+ 60 + 40 + 80 + 60 + 100 + 20 + 40 ms        (server to client) 
-----------------------------------
TOTAL:                          740 ms

The total round-trip time in our example adds up to 740 ms - certainly much higher than what one would normally see while browsing regular internet websites.

Second, we can consider available bandwidth. This is determined through the slowest link between hops from the client and server as well as when traffic is being transmitted by the server to the client. For traffic going from the client to the server, we see that the available bandwidth in our example between hops 'R' & 'X' as well as hops 'X' & 'Y' is 32 KB/s. Despite higher available bandwidth between the other hops, these hops will act as a bottleneck and will limit the maximum available bandwidth for traffic from 'A' to 'B' at 32 KB/s. Similarly, tracing the path from server to client shows that there is maximum bandwidth of 64 KB/s - between hops 'Z_1' & 'Y_1, 'Y_1' & 'X_1' and 'Q_1' & 'P_1'.

It is recommended to increase your bandwidth limits. This helps the network by increasing the amount of available bandwidth which will in turn improve your I2P experience. Bandwidth settings are located on the http://localhost:7657/config page. Please be aware of your internet connection's limits as determined by your ISP, and adjust your settings accordingly.

Additionally, setting a sufficient amount of shared bandwidth - this allows for participating tunnels to be routed through your I2P router. Allowing participating traffic keeps your router well-integrated in the network and improves your transfer speeds.

Improvements and fixes are being implemented constantly. Running the latest release will help your performance, and help keep you and the rest of the network safe.

https://geti2p.net/en/docs

Docs.pdf

Notes on the pages within the About section

Tone: we are building together

-What does security mean to a developer ?
-What does security mean to a user?
-What are the touch points for familiarity with security ?
-What makes you trust ?
-The importance of good design and product development?
-How do we decide what is secure?
-What are the the security/ safe communication tools you use and why ?
-If you do not use a specific all or software, how do you establish trust or safety online? Ask in a way that puts the person answering it in a place of expertise not judgement! ie - It is sometimes makes sense to not use so many tools! Show me your OPSEC!

Questions that I had while installing and getting familiar with I2P

https://geti2p.net/en/about/glossary

Definition of Different Networks and their components ***
These terms and the definitions provided are taken from Decentralization Off The Shelf: 7 Maxims by Simply Secure
https://decentpatterns.xyz/report/#key-terms (used with permission).

Decentralization
Network architecture that avoids reliance on a single party. Encompasses peer-to-peer, blockchain, federated, and distributed technologies that involve many individual users.

Peer-to-Peer (p2p)
Peers make a portion of their resources, such as processing power, disk storage or network bandwidth, directly available to other network participants, without the need for central coordination by servers or stable hosts. Popularized by BitTorrent, Napster, and Bitcoin.[1]

Federated
Federation allows separate deployments of a service to communicate with each other through a common protocol, for instance a mail server run by Google federates with a mail server run by Microsoft when you send an email from @gmail.com to @hotmail.com.[2] Each deployment may host multiple users.

Blockchain
A distributed ledger that can record transactions between multiple parties efficiently and in a verifiable and permanent way.[3]

Distributed systems
Academic topic within the discipline of Computer Science which is concerned with the design of computer systems that consist of many individual computers connected over a network. Peer-to-peer networks and blockchains are examples of distributed systems architectures.

WebRTC
A protocol standard for establishing connections in a web browser where data passes directly between users.

TCP/UDP
The two foundational transport protocols used on the Internet. Common protocols used to send data between two computers.

DHT
Distributed hash table, used in some projects to connect peers to each other by storing information in the form of key-value pairs in a distributed manner.

IP address
A number of a computer or network which is unique and thus can be used to address it.

Hash
A number, usually displayed as a string of letters and numbers. It can serve as a ‘fingerprint’ uniquely identifying data.

UX
User experience, the overall experience of a person using a product or a service, especially in terms of how easy it is to use.

Terminology Relating to I2P and cryptography.

.
Router: The core I2P software, which routes encrypted packets on the I2P network. All routers by default participate in the network, which both helps the network and provides cover traffic for any clients or servers connecting to the I2P network through the router.

RouterIdentity: A collection of information required to communicate directly with a router, such as its IP address and listening port, public signing and encryption keys etc.

Tunnel: An anonymous communication pathway between a client or server and the I2P network. Tunnels are unidirectional, so any one client or server must have at least two Tunnels - one for inbound traffic and one for outbound traffic.

Destination: The cryptographic identity of a tunnel. These are the identities of clients and servers within the I2P network, and are analogous to the IP:port of a computer on the normal internet.

LeaseSet: A collection of information required to communicate with a client or server at a particular Destination, such as the gateways of the inbound Tunnels for that Destination.

https://geti2p.net/en/about/intro
change:

Is that why I see IP addresses of other I2P nodes in the router console? Does that mean my IP address is visible by others?

Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.

Change the priority to join tx https://www.transifex.com/otf/I2P/

• how many people use the old way?
• if we keep those instructions, need to update them for gitlab.
• "Come to #i2p-dev on irc and talk to people" & "Yes, we know it is somewhat of a hurdle to get started. It's really the only possible way we can do it. Give it a try, it really isn't that hard." - these are not welcoming or encouraging ways to get people involved. It is making people come to the project and telling it is not that hard, and that can be a bit off-putting in tone.

https://geti2p.net/en/about/software

The I2P Software (I2P)

When you download the I2P software, a set up wizard will guide you through a few configuration steps while your router is making its first connections to the network. This happens the same way that your home router connects you to the Internet. During the set up process, you will be given the option to test your bandwidth and set your bandwidth limits in order to ensure a good connection as a network peer.

The I2P software is what allows you to connect to the I2P network. It also includes an admin panel (router console) where you can access a handful of applications, monitor your network connection, as well as other helpful options for setting up your own connection preferences.

Applications are made available through a webUI, which listens at 127.0.0.1:7657.

Applications.

The I2P Router Console: Here is where you can see your network connections and information about your router. You will be able to see how many peers you have, and other information that will help if you need to troubleshoot. You can stop and start the router as well. You will see the applications that the software includes, as well as links to some community forums and sites on the I2P network. You will receive news when there is a a new software release, and will be able to download the latest version here as well. Additionally, you can find shortcuts to other available applications. The console is customizable and includes a default light theme with a dark theme option.

SusiMail: SusiMail is a secure email client. It is primarily intended for use within the I2P network . It is designed to avoid leaking information about email use to other networks. SusiMail is bridged so it can send and receive email from the internet as well. Occasionally you may see some services like Gmail classifying it as spam, which you can correct in your Internet email service providers settings.

I2PSnark: Snark is an I2P network only BitTorrent client. It never makes a connection to a peer over any other network.

The Address Book: This is a locally-defined list of human-readable addresses ( ie: i2p-projekt.i2p) and corresponding I2P addresses.(udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p) It integrates with other applications to allow you to use those human-readable addresses in place of those I2P addresses. It is more similar to a hosts file or a contact list than a network database or a DNS service. There is no recognized global namespace, you decide what any given .i2p domain maps to in the end.

The QR Code Generator: Besides the Address Book, I2P addresses can be shared by converting them into QR codes and scanning them with a camera. This is especially useful for Android devices.

I2P Hidden Services Manager This is a general-purpose adapter for forwarding services ( ie SSH ) into I2P and proxying client requests to and from I2P. It provides a variety of “Tunnel Types” which are able to do advance filtering of traffic before it reaches I2P.

Static Site Template: A template that you can modify to set up your own self-hosted I2P site is included.

Include all docs on Reseeds
https://geti2p.net/en/docs/reseed
https://geti2p.net/en/get-involved/guides/reseed
https://geti2p.net/en/blog/post/2020/06/07/file-based-reseed
https://i2pgit.org/idk/reseed-tools
Add Phong's reseed research here as well.
https://homepage.np-tokumei.net/post/notes-censorship-resistant-i2p-reseeding/
https://homepage.np-tokumei.net/post/notes-i2p-reseed-over-cloudflare/

Developer Resources section

https://geti2p.net/en/get-involved/develop/applications
Change Why to How
review : this page was last updated in 2013.

https://geti2p.net/en/get-involved/develop/licenses
change to:
The software developed to support the anonymous communication network I2P is freely available, open source, and user modifiable. To meet these criteria, the project makes use of a variety of legal and software engineering techniques to remove as many barriers to entry as possible for people considering making use of the network , software or contributing to the I2P effort. ( NEW COPY WRITTEN, WAITING FOR REVIEW AND SITE UPDATE)

https://geti2p.net/en/get-involved/guides/dev-guidelines
trac needs to be replaced with Git issues, go through and make sure that any new or missing ways for how to contribute using Git is available and updated. ( NEW COPY WRITTEN, WAITING FOR REVIEW AND SITE UPDATE)

https://geti2p.net/en/get-involved/roadmap
The format of this needs to be fixed. ( FIXED )

My experience installing I2P on Mac.

I think that the set up wizard could use a touch up for the next release.

Create an extra slide in set up wizard to explain NAT/ Firewall

For most platforms and systems, getting I2P installed and running will consist of up to three steps.

1: Install Java
The I2P software is written in Java and requires that Java be installed to run. In addition to the I2P download, you need to install Java if you do not have it already installed. I2P requires Java Runtime Version 7 or higher. (Oracle, OpenJDK, or IcedTea Java Version 7 or 8 recommended, except Raspberry Pi: OpenJDK 9 for ARM, PowerPC: IBM Java SE 7 or 8)
Determine your installed Java version here or type java -version at your command prompt.

Only two platforms do not require Java to be installed before I2P is installed, those platforms are:

Android: Android comes with a Java virtual machine as part of the platform, which I2P for Android uses. Therefore it is not necessary to install Java to use I2P for Android.
Debian and Ubuntu: On Debian and Ubuntu when using a .deb package to install, the system will automatically install and configure a Java environment for you.

**Windows: Java 8 is recommended. Java 9 or higher may not work.

2: Download and Install I2P
Once you have Java installed, you can install I2P. This step applies to all systems. If you have forgot to install Java, there will be an error message to remind you to do that.

3: *Install/Configure a Browser You will need to configure your preferred browser to access the I2P network so that you can browse the network and make use of the applications that are included in the software. Detailed instructions are available on the Web Browser Configuration page.

Release Notes
Change Log
Debian Change Log
Android Change Log

The I2P software includes all of the introductory applications that you need to connect and start participating in the I2P network and community. These include email, bittorrent, and a basic I2P Site for you to personalize and share. Additionally, you can keep track of your network health and connections easily with the status data in the sidebar of the console.

For first time installations, a set up wizard will help you configure a few important things like how much bandwidth you would like to share while your router begins to make connections to the network. After the set up wizard is complete, you will be directed to the console home page where you can access the rest of the applications or configure, monitor, or troubleshoot your I2P connections.

User experience testing for I2PIPB

Review of Home page
https://geti2p.net/en/

Review of About page
https://geti2p.net/en/about/intro

Download arrow: font library icon collection
Java logo: https://www.svgrepo.com/svg/75601/java-logo
Windows logo:https://www.svgrepo.com/svg/30407/windows
Apple logo: https://www.svgrepo.com/svg/69341/apple-logo
Ubuntu logo: https://design.ubuntu.com/downloads/
Debian logo: https://www.debian.org/logos/
Linux logo: https://www.svgrepo.com/svg/3968/linux
Android logo: https://icons8.com/icons/set/android-logo
Docker logo: https://icons8.com/icons/set/docker-logo
Computer image for Mac
Computer image for Windows
Computer image for Linux
Mobile image for Android

Licenses:
https://www.svgrepo.com/page/licensing
https://icons8.com/license

Comparison Tor Freenet.pdf

There are two pages in the PDF. First page is the original copy from https://geti2p.net/en/comparison/tor and https://geti2p.net/en/comparison/freenet

The second page is the "Similar Systems" section pulled from Tech Intro https://geti2p.net/en/docs/how/tech-intro

The two pages need to be consolidated and simplified or one of the pages removed.

Network Connection Safety

Is my router an "exit node" to the regular Internet? I don't want it to be.
No. Unlike Tor, "exit nodes" - or "outproxies" as they are referred to on the I2P network - are not an inherent part of the network. Only volunteers who specifically set up and run separate applications will relay traffic to the regular Internet. There are very, very few of these. By default, I2P's HTTP Proxy (configured to run on port 4444) includes a single outproxy: false.i2p. This is run on a voluntary basis by Meeh. There is an outproxy guide available on our forums, if you would like to learn more about running an outproxy.

I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them?
I2P is an anonymous network - it is designed to withstand attempts at blocking or censoring of content, thus providing a means for communication that anyone can use. I2P traffic that transits through your router is encrypted with several layers of encryption. Except in the case of a serious security vulnerability (of which none are currently known), it is not possible to know what the contents of the traffic are and thus not possible to distinguish between traffic which one is opposed to or not opposed to. We consider the 3 parts of the question:

Distribution
All traffic on I2P is encrypted in multiple layers. You don't know a message's contents, source, or destination. All traffic you route is internal to the I2P network, you are not an exit node (referred to as an outproxy in our documentation). Your only alternative is to refuse to route any traffic, by setting your share bandwidth or maximum participating tunnels to 0 (see above). It would be nice if you didn't do this, you should help the network by routing traffic for others. Over 95% of users route traffic for others.
Storage
I2P does not do distributed storage of content, this has to be specifically installed and configured by the user (with Tahoe-LAFS, for example). That is a feature of a different anonymous network, Freenet. By running I2P, you are not storing content for anyone.
Access
If there are hidden services which you dislike, you may refrain from visiting them. Your router will not request any content without your specific instruction to do so.

Is using the I2P software safe?

Before you use I2P, use Basic Computer Hygiene Always! Apply your OS vendor provided software updates in a prompt manner. Be aware of the state of your firewall and anti-virus status if you use one. Always get your software from authentic sources.

I2P strives to be safe in its default configuration for all users.

It may be dangerous to use I2P in what the project calls "Strict Countries" where the law may not be clear on anonymizing software and where risks are judged to be fairly high. Most I2P peers are not in those strict countries and the ones that are, are placed in "Hidden Mode" where they interact with the rest of the network in more limited ways, so that they are less visible to network observers.

In any communication that happens on the internet or any other network like I2P, always ensure that you take care when interacting with links, downloads and how you manage your identity.

If I host a website at I2P at home, containing only HTML and CSS, is it dangerous?
If you're hosting a personal blog or doing something otherwise non-sensitive, then you are obviously in little danger. If you have privacy needs that are basically non-specific, you are in little danger. If you are hosting something sensitive, then your services will go down at the same time that your router goes down. Someone who observes your downtime and correlates it to real-world events could probably de-anonymize you with enough effort. I2P has defenses available against this like multihoming or Tahoe-LAFS, but they require additional set up and are only appropriate for some threat models. There is no magic solution, protecting yourself from a real threat will take real consideration in any case.

I see IP addresses of all other I2P nodes in the router console. Does that mean my IP address is visible by others?
Yes, and this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections.

While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.

Is it possible to block I2P?
Yes, by far the easiest and most common way is by blocking bootstrap, or "Reseed" servers. Completely blocking all obfuscated traffic would work as well (although it would break many, many other things that are not I2P and most are not willing to go this far). In the case of reseed blocking, there is a reseed bundle on Github, blocking it will also block Github. You can reseed over a proxy (many can be found on Internet if you do not want to use Tor) or share reseed bundles on a friend-to-friend basis offline.

Is it easy to detect the use of I2P by analyzing network traffic?
It can be deduced that somebody is using the I2P network with some reliability, but it is a little difficult to know for sure. The most reliable way to know for sure would be to have a computer with a fairly stable IP address that you suspect is an I2P user, and a bunch of computers you control on different networks all running I2P. When one of them connects to your suspected computer, you will be able to see their I2P router in the netDB. This might take time, and it might never happen. You could also try blocking all obfuscated traffic on a particular network until you're sure every I2P router on that network has lost all of it's peers. At that point, they'll reach out to reseed servers to get more peers, which a network administrator can probably observe.

Is using an outproxy safe?
I2P does not encrypt the Internet, neither does Tor - for example, through Transport Layer Security (TLS). I2P and Tor both aim to transport your traffic as-is securely and anonymously over the corresponding network, to its destination. Any unencrypted traffic generated at your system will arrive at the outproxy (on I2P) or the exit node (on Tor) as unencrypted traffic. This means that you are vulnerable to snooping by the outproxy operators. One way to protect your outproxy traffic against this is to ensure that any traffic that will be handled by the outproxy is encrypted with TLS.

For more information, you may read the Tor FAQ's answer to this question: https://www.torproject.org/docs/faq#CanExitNodesEavesdrop

In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels ("shared clients"). There is additional discussion about this on zzz.i2p. This discussion has been mirrored on our forums as well.

Ultimately, this is a question that only you can answer because the correct answer depends on your browsing behaviour, your threat model, and how much you choose to trust the outproxy operator.

What about "De-Anonymizing" attacks?
Reducing anonymity is typically done by A) identifying characteristics that are consistent across anonymous identities or B) identifying ephemeral characteristics of repeated connections. We say "reducing" anonymity because many of these characteristics are shared by many of our users, making these anonymity "sets," the smaller the anonymity set and the more small sets you belong to, the more brittle your anonymity.

Attacks on I2P in the past have relied on correlating NetDB storage and verification, by randomizing the delay between storage and verification, we reduce the consistency with which that verification can be linked to I2P activity, thereby limiting the utility of that data point.

Attacks on software configured to work with I2P are out of scope for I2P to solve. When browsing I2P or hosting I2P services, it's is the responsibility of the user to consider their threat model. Browsers are particularly problematic due to fingerprinting attacks, and the wide variety of information that can be gleaned from them. Using a standardized browsing profile is thought to help mitigate the impact of fingerprinting.

Bugtracker: https://trac.i2p2.de/ on clearnet - change? Results in 502

Verify Process:
https://geti2p.net/en/get-involved/develop/signed-keys
https://geti2p.net/en/get-involved/develop/developers-keys

still referencing Monotone.
Can the Verify I2P process be consolidated?

Developers Resources
https://geti2p.net/en/docs

Proposals link broken.
Bugtracker: Should this be renamed Report an Issue?
References to Monotone - remove

Contributor Guides

• Website mirroring page missing on site?

Licence Page
https://geti2p.net/en/get-involved/develop/licenses
Update