I2P/ Firefox Set Up: Windows

[Shoalsteed]

-Recommendation Add ''router console" to the glossary.

Set up if the profiler goes normally: This is a bit confusing

_It all comes down to whether we are allowed to distribute Firefox without rebranding it. What that page reflects are the licenses of the software components of the bundle which we re-distribute with the I2P Browser Profile, i.e. NoScript, HTTPS Everywhere, certain parts of the script which determines where Firefox is installed on the system come from the upstream Firefox installer source code. Unfortunately it is a legal requirement that it must be displayed.

What we could do, though, is give two text fields, one which explains the very general principles of the licenses involved, and one which displays the full text of the licenses involved. An open source for abbreviated licenses is available: https://tldrlegal.com/ for us to draw from if we want to go that route. I am also open to other options._

It looked like I2P is by default launching with Tor and that downloading a profiler installer hasn't altered this.

_This is happening on purpose and is a security-related decision, but that doesn't make it un-changeable. Let me run through what's happenedhere and we can figure out what the best course of action is.

What you have actually installed when running the second .exe you downloaded is a browser profile, which is just a folder on your hard drive, some browser extensions, which are copied into the profile, and a tiny script which tells Firefox where the profile is.

However, we run into this problem when we do that, people often have multiple versions of Firefox present on their system, and we want to make sure that we pick a "Safe" version. The profile installer considers two versions of Firefox "Safe" for launching with the script, one of which is regular Firefox as distributed by Mozilla and installed with the defaults (including automatic updates), and one of which is the Tor Browser bundle because of it's advanced integrity, update, and fingerprint protections. In a situation where Tor Browser is present, we favour it over regular Firefox.

But there's another problem, which is that in it's default configuration, when you visit a service running on the local computer in a browser, it can talk to other services running on the local computer in simple ways that might not always be visible to the person operating the browser. This can lead to unwanted information disclosure. Therefore, In Tor Browser mode, it's not possible to exempt URL's from the proxy in a granular way right now, so requests to local services, including the I2P router console, end up getting dropped. However, it provides the very best protection for browsing remote I2P services, which would generally be regarded as higher risk than the local router console. The "expectation" so to speak, if there ever was one, would be for the user to administer I2P in one browser, and to browse remote I2P services in another, and that the Profile Bundle Installer solves the latter problem and not the former.

I see two potential paths to a solution to this UX problem:

1) It is possible to extend the browser to behave in this manner, i.e. to only exempt the I2P Console from the proxy when using Tor Browser. This reduces the attack surface exposed by exempting certain destinations from the proxy, while also making the I2P console safe to configure in the same browser that you are using to browse I2P.

2) "Hide" the browser as an agent in the configuration of I2P entirely, i.e. change the way the installer works for the purposes of administering I2P so that it launches a browser which has had it's usual UI and configuration elements removed and then presents itself more simply as a desktop UI for I2P Applications. This would require the generation of a second browser profile for this purpose and a second script for this purpose, but I do know how to create both those things.

_Either of these can done in a matter of a weeks with coordination with other devs about releasing a new version of the profile bundle. The difference is basically do we want 1 browser for both browsing and configuring I2P, or do we want 1 Browser for browsing I2P and 1 browser that doesn't look like a browser, which is a new "UI Wrapper" for the I2P console.__

But now i finally have this! Not sure how

Solving the issue above should either make this not the case, or make this fact less intrinsically confusing perhaps? The default homepage should also change from the URL it is to the local proxy checker homepage as well. If everything is working as it should, though, entering "http://proxy.i2p" into your URL bar right now should indicate a working I2P Proxy.

[HN-ux]

What if I cannot adjust, how does this affect my I2P experience?

[eyedeekay]

Oh gosh it's been a long time since I looked at that, that whole explanation needs a lot of work.

@HN-ux To answer your question specifically, slightly diminished performance and probably the inability to contribute back to the network. Where I2P is a peer-to-peer network everyone who safely can be is potentially selected to help another user connect to a destination. There are some scenarios where a firewall or NAT would prevent this from happening. Otherwise, the experience is pretty much exactly the same.

[Shoalsteed]

@eyedeekay - how many users are probably going to be having issues with firewall or NAT ?

Would it make sense as part of this description to say " in many cases people see this message - this is normal and does not affect your experience when using I2P. However, NAT and Firewall ports can be adjusted"

[eyedeekay]

A very small number, less than 3%

[Shoalsteed]

Interesting. I wonder if that 3% is due to people knowing how to deal with ports.

[Shoalsteed]

This has been solved, wireframes waiting on implementation.