
I2P: Invisible Internet Protocol - brudgers
https://geti2p.net/en/about/intro
======
616c
I have always found it more interesting than Tor. After learning some Java, I
read through the code, even compiled seminole Monotone DVCS(ironically
difficult, because of the recently mentioned legacy version of the Botan C++
crypto library), but it is all a little beyond me.

Perhaps one of the coolest projects I'd seen in a while was Nightweb, a
I2P-layered distributed social network, written in Clojure, flashing all the
hipster programming bling as it be.

[https://github.com/oakes/Nightweb](https://github.com/oakes/Nightweb)

I have always wondered if it gets the same level of scrutiny or interest from
researchers or nation states, as it was largely self-contained and not meant
to onion route to public Internet like Tor (judging from my reading of the
design).

Please, HNers, school me and impress me with your I2P trivia and knowledge.

~~~
petra
>> I have always wondered if it gets the same level of scrutiny or interest
from researchers or nation states

My guess is the I2P gets more scrutiny from the US government, because it's
much harder to break versus TOR(for which there we're always probably some
attacks). It might even be that TOR is a government response for the demand
for anonymizing networks - funded specifically in order for the anonymity
community to do something else than I2P and anonymous remailers, and seems
that the community mostly went with it.

~~~
616c
>> My guess is the I2P gets more scrutiny from the US government, because it's
much harder to break versus TOR

How so? Is this what is alluded to by "onion vs garlic" routing design?

[http://resources.infosecinstitute.com/anonymizing-
networks-t...](http://resources.infosecinstitute.com/anonymizing-networks-tor-
vs-i2p/)

(I can't get the I2P explanation/comparison on their official site right now;
not sure it's me or them, haha.)

Again, I read a while back. I am pleased to know it is more secure.

Personally, I liked they had easily accessible Android builds directly from
them at the time. But the Tor devs do so much good development, tech writing
on the blog, and research publication it is hard to love or hate either group
as they save the Internet from itself.

~~~
pwg
>> My guess is the I2P gets more scrutiny from the US government, because it's
much harder to break versus TOR

> How so? Is this what is alluded to by "onion vs garlic" routing design?

For one, it is a closed overlay network. There are no "exit nodes" (well, not
unless someone explicitly setup a proxy to provide "exit" functionality). So
everything that happens anywhere within I2P remains inside I2P.

So any attacks on TOR that require control of one or more exit nodes in the
TOR network to function will not directly function against I2P (no exit
nodes).

Now, that has no bearing upon whether there are other, different, exploits in
I2P that would break its hidden aspects, but you can at least know you are
immune when using I2P to any TOR exploit that requires exit nodes.

~~~
616c
I was under the impression out proxies are a thing, and thereby not so
different from exit nodes; they are the big weakness.

[https://www.reddit.com/r/i2p/comments/46yan0/are_i2p_outprox...](https://www.reddit.com/r/i2p/comments/46yan0/are_i2p_outproxies_safer_than_tors_exit_nodes/)

(Again, I am having trouble with the geti2p.net site, which I believe is an
public Internet<->I2P HTTP service bridge, which was originally the only
outside view in.)

Are they similar? Not sure. To agree with you, I believe the culture and
philsophy of Tor is looking out, with exit nodes. I2P was designed to only
look in, and the out proxies and bridges are run by select volunteers as a
convenience and not the priority.

My favorite part of I2P was there POP3 mailer service, but testing it with
friends never seemed to work great.

[https://zwadderneel.wordpress.com/2011/05/04/thunderbird-
as-...](https://zwadderneel.wordpress.com/2011/05/04/thunderbird-as-mua-
for-i2p-mail/)

~~~
synchronise
>My favorite part of I2P was there POP3 mailer service, but testing it with
friends never seemed to work great.

You should try it out with I2P-Bote instead, it also has inbuilt hooks so you
can use it through your favourite mail client.

------
hkparker
Good to see I2P get some attention here.

For those who don't know about I2P:

* Anonymity network similar to TOR in some ways, but rather than focusing on getting someone out to the internet anonymously, I2P is a low-latency mix network with no out proxies. See: [https://ritter.vg/blog-mix_and_onion_networks.html](https://ritter.vg/blog-mix_and_onion_networks.html)

* Virtually every I2P router relays traffic, unlike TOR the network is very "flat". Directory servers are replaced with a DHT called the netDB.

Recently I've been working on a Go implementation of the I2P router:
[https://github.com/hkparker/go-i2p](https://github.com/hkparker/go-i2p). It
isn't on the network yet, would be really interested in working with anyone
who wants to contribute.

~~~
daxorid
To clarify, since modernity has stripped us of patience: "low latency" here
means on the order of 1500ms, not tens of ms, as most people expect. As
opposed to tens of seconds or minutes in mix message protocols.

~~~
hkparker
Hah, yes. Mixminion is a good example of a high latency mixnet. There has been
some talk of adding a high latency option to I2P as well at some point.

~~~
daxorid
That's what bote is for.

------
robert_foss
I2P developer here, feel free to ask me any questions.

~~~
hkparker
Thanks for contributing to I2P!

Do you have any thoughts on HORNET? Could I2P benefit from a more stateless
routing mechanism as opposed to tunnels in the far future?

Are any of the devs going to defcon this year? I tried to get a small meetup
going last year in the privacy village but no turnout, would love to make
something official.

I'm working on Go implementation here:
[https://github.com/hkparker/go-i2p](https://github.com/hkparker/go-i2p).
Haven't made to irc2p to introduce myself yet but I will. Are there any devs
who might be interested in contributing?

Privacy of developers seems a priority. Without any detail of course, can you
comment on how necessary this has been. Is it irresponsible of me to work on
an implementation in the clear?

~~~
kodablah
I am quite interested in go-i2p myself. How usable is it?

As for HORNET, I saw a minor Go impl of the ideas [0] along w/ a tiny mailing
list post [1]. While it does appear to be made for backbone network devices, I
believe the concept of onion routing w/ basically multi-hop TLS can be done in
layer 7. I think the one thing missing is an implementation people can use and
depend on (definitely outside of my present abilities).

0 - [https://github.com/LightningNetwork/lightning-
onion](https://github.com/LightningNetwork/lightning-onion) 1 -
[https://lists.linuxfoundation.org/pipermail/lightning-
dev/20...](https://lists.linuxfoundation.org/pipermail/lightning-
dev/2015-December/000384.html)

~~~
hkparker
Not usable yet, still implementing and testing the data structures. Thanks for
those links, very interesting!

------
seibelj
I read through some of the high level docs, but can someone simply explain how
a user discovers other nodes in the network? I started reading the netDB docs
[0] but it was pretty dense.

[0] [https://geti2p.net/en/docs/how/network-
database](https://geti2p.net/en/docs/how/network-database)

~~~
thatcat
From the Bootstrapping section of the link you provided..

>volunteers publish their netDb directories (or a subset) on the regular
(non-i2p) network, and the URLs of these directories are hardcoded in I2P.
When the router starts up for the first time, it automatically fetches from
one of these URLs, selected at random.

~~~
seibelj
OK, so you put your IP address into several centralized DB's on the regular
internet, then when I2P starts it randomly fetches from one of those
repositories.

~~~
Natanael_L
The only not totally implausible alternative is broadcasting addresses over
amateur radio

------
PieterH
It would be really cool to have an I2P transport in ZeroMQ, and could be quite
simple as I2P's messaging maps directly to the datagram model ZeroMQ uses. Or
vice-versa.

~~~
plasticmachine
Surely this is better suited to ZMTP than 0MQ?

------
1ris
I ran a i2p router for year, mostly because I didn't mind. This is a kind of a
hen-egg-problem, I guess. There is not any content in i2p I'm aware off
besides a torrent site. And I probably don't want to know what the content is
I'm not aware of.

While I think this is in theory much cooler than tor, it's a way less
practical, i guess.

~~~
p4bl0
May I interest you in a copy of my webpage (which is not a torrent site) at
[http://p4bl0.i2p/](http://p4bl0.i2p/) ;-p.

------
p4bl0
Maybe the title should be fixed (s/Protocol/Project/)?

------
asab
Comparison to Tor:
[https://geti2p.net/en/comparison/tor](https://geti2p.net/en/comparison/tor)

------
zzzcpan
Are there JVM-less I2P implementations?

~~~
hkparker
C++, stable on the network:
[https://github.com/PurpleI2P/i2pd](https://github.com/PurpleI2P/i2pd) C++,
active development: [https://github.com/monero-
project/kovri](https://github.com/monero-project/kovri) Go, pretty new (my
project!):
[https://github.com/hkparker/go-i2p](https://github.com/hkparker/go-i2p)

------
Zhycrin
Tor vs I2P? Oh boy, all we need is a cnet battle...

~~~
robert_foss
I2P vs Tor is common topic, but the reality is that the projects are quite
different while aiming to serve many of the same goals.

I2P is decentralized and Tor offers exit nodes for example.

But both projects serve to maintain the option of free speech on the internet,
no matter how digitally repressive the country you happen to live in might be
(US/China/Iran/Syria).

