Shoalsteed
commented
2 years ago I have added the longer descriptions of the applications from : https://geti2p.net/en/docs/how/tech-intro Not sure that we keep this or not.
Open Shoalsteed opened 2 years ago
Shoalsteed
commented
2 years ago I have added the longer descriptions of the applications from : https://geti2p.net/en/docs/how/tech-intro Not sure that we keep this or not.
Shoalsteed
commented
2 years ago UPDATED COPY
SusiMail (Developed by: postman, susi23, mastiejaner)
SusiMail is a secure email client. It is primarily intended for use with Postman’s email servers inside of the I2P network . It is designed to avoid leaking information about email use to other networks. SusiMail is bridged so it can send and receive email from the internet as well. Occasionally you may see some services like Gmail classifying it as spam, which you can correct in your Internet email service providers settings. Postman’s service offers both internal and external email with POP3 and SMTP service through I2PTunnel instances accessing a series of components developed with mastiejaner. This allows people to use their preferred mail clients to send and receive mail pseudonymously. Most mail clients expose substantial identifying information, however, SusiMail has been built specifically with I2P's anonymity abilities in mind. The I2Pmail/mail.i2p service offers transparent virus filtering as well as denial of service prevention with hashcash augmented quotas. In addition, each user has control of their batching strategy prior to delivery through the mail.i2p outproxies, which are separate from the mail.i2p SMTP and POP3 servers. Both the outproxies and inproxies communicate with the mail.i2p SMTP and POP3 servers through I2P itself, so compromising those non-anonymous locations does not give access to the mail accounts or activity patterns of the user. More information can be found on the I2P Site: hq.postman.i2p.xyz.
Shoalsteed
commented
2 years ago The Address Book: Developed by: mihi, Ragnarok
This is a locally-defined list of human-readable addresses ( ie: i2p-projekt.i2p) and corresponding I2P addresses.(udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p) It works with other applications to allow you to use those human-readable addresses in place of those I2P addresses. It is more similar to a hosts file or a contact list than a network database or a DNS service. There is no recognized global namespace, you decide what any given .i2p domain maps too. The address book is a web-of-trust-driven secure, distributed, and human readable naming system. While all messages in I2P are cryptographically addressed by their destination, different people can have local address book entries for "Alice" which refer to different destinations. People can still discover new names by importing published address books of peers specified in their web of trust, by adding in the entries provided through a third party, or (if some people organize a series of published address books using a first come first serve registration system) people can choose to treat these address books as name servers, emulating traditional DNS. Note that I2P does not promote the use of DNS-like services. DNSsec itself still falls back on registrars and certificate authorities, while with I2P, requests sent to a destination cannot be intercepted or the reply spoofed, because they are encrypted to the destination's public keys, and a destination itself is just a pair of public keys and a certificate. DNS-style systems on the other hand allow any of the name servers on the lookup path to mount simple denial of service and spoofing attacks. Adding on a certificate authenticating the responses as signed by some centralized certificate authority would address many of the hostile nameserver issues but would leave open replay attacks as well as hostile certificate authority attacks.
Shoalsteed
commented
2 years ago I2PTunnel Developed by: mihi
I2PTunnel is probably I2P's most popular and versatile client application. It allows generic proxying both into and out of the I2P network. I2PTunnel can be viewed as four separate proxying applications
I2P itself is not an outproxy network. However, the I2PTunnel "httpclient" application offers a hook for outproxying if the hostname requested does not end in ".i2p." It picks a random destination from a set of outproxies and forwards the request to them. These destinations are simply I2PTunnel "server" instances run by volunteers who have explicitly chosen to run outproxies. While outproxies do have inherent weaknesses, they offer a simple proof of concept for using I2P and provide some functionality under a threat model which may be sufficient for some users.
I2PTunnel enables most applications. For example, the "httpserver" pointing at the webserver included in the software allows anyone to run their own site on the I2P network. This also allows you to mirror an existing site on the network.
https://geti2p.net/en/about/software
When you install the I2P software made available at geti2p.net, you are actually installing an I2P router and an accompanying bundle of basic applications. The I2P Java distribution is the first I2P software gateway and has been actively developed since 2003.
The applications are made available through a webUI, which listens at 127.0.0.1:7657, and the main page of which is called the “Router Console,” where you monitor the health of your connection to the network and access applications to use on the network.
What is included:
The Set Up Wizard: When you download the I2P software, a set up wizard will guide you through a few configuration steps while your router is making its first connections to the network. This happens the same way that your home router connects you to the Internet. During the set up process, you will be given the option to test your bandwidth and set your bandwidth limits in order to ensure a good connection as a network peer.
The I2P Router Console: Here is where you can see your network connections and information about your router. You will be able to see how many peers you have, and other information that will help if you need to troubleshoot. You can stop and start the router as well. You will see the applications that the software includes, as well as links to some community forums and sites on the I2P network. You will receive news when there is a a new software release, and will be able to download the latest version here as well. Additionally, you can find shortcuts to other available applications. The console is customizable and includes a default light theme with a dark theme option.
SusiMail (Developed by: postman, susi23, mastiejaner)
SusiMail is a secure email client. It is primarily intended for use with Postman’s email servers inside of the I2P network . It is designed to avoid leaking information about email use to other networks. SusiMail is bridged so it can send and receive email from the internet as well. Occasionally you may see some services like Gmail classifying it as spam, which you can correct in your Internet email service providers settings.
I2Pmail is more a service than an application - postman offers both internal and external email with POP3 and SMTP service through I2PTunnel instances accessing a series of components developed with mastiejaner, allowing people to use their preferred mail clients to send and receive mail pseudonymously. However, as most mail clients expose substantial identifying information, I2P bundles susi23's web based susimail client which has been built specifically with I2P's anonymity needs in mind. The I2Pmail/mail.i2p service offers transparent virus filtering as well as denial of service prevention with hashcash augmented quotas. In addition, each user has control of their batching strategy prior to delivery through the mail.i2p outproxies, which are separate from the mail.i2p SMTP and POP3 servers - both the outproxies and inproxies communicate with the mail.i2p SMTP and POP3 servers through I2P itself, so compromising those non-anonymous locations does not give access to the mail accounts or activity patterns of the user. At the moment the developers work on a decentralized mailsystem, called "v2mail". More information can be found on the I2P Site hq.postman.i2p.xyz.
I2PSnark: developed: jrandom, et al, ported from mjw's Snark client Snark is an I2P network only BitTorrent client. It never makes a connection to a peer over any other network.
The Address Book: Developed by: mihi, Ragnarok
This is a locally-defined list of human-readable addresses ( ie: i2p-projekt.i2p) and corresponding I2P addresses.(udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p) It integrates with other applications to allow you to use those human-readable addresses in place of those I2P addresses. It is more similar to a hosts file or a contact list than a network database or a DNS service. There is no recognized global namespace, you decide what any given .i2p domain maps to in the end.
Naming within I2P has been an oft-debated topic since the very beginning with advocates across the spectrum of possibilities. However, given I2P's inherent demand for secure communication and decentralized operation, the traditional DNS-style naming system is clearly out, as are "majority rules" voting systems. Instead, I2P ships with a generic naming library and a base implementation designed to work off a local name to destination mapping, as well as an optional add-on application called the "Address Book". The address book is a web-of-trust-driven secure, distributed, and human readable naming system, sacrificing only the call for all human readable names to be globally unique by mandating only local uniqueness. While all messages in I2P are cryptographically addressed by their destination, different people can have local address book entries for "Alice" which refer to different destinations. People can still discover new names by importing published address books of peers specified in their web of trust, by adding in the entries provided through a third party, or (if some people organize a series of published address books using a first come first serve registration system) people can choose to treat these address books as name servers, emulating traditional DNS.
I2P does not promote the use of DNS-like services though, as the damage done by hijacking a site can be tremendous - and insecure destinations have no value. DNSsec itself still falls back on registrars and certificate authorities, while with I2P, requests sent to a destination cannot be intercepted or the reply spoofed, as they are encrypted to the destination's public keys, and a destination itself is just a pair of public keys and a certificate. DNS-style systems on the other hand allow any of the name servers on the lookup path to mount simple denial of service and spoofing attacks. Adding on a certificate authenticating the responses as signed by some centralized certificate authority would address many of the hostile nameserver issues but would leave open replay attacks as well as hostile certificate authority attacks.
Voting style naming is dangerous as well, especially given the effectiveness of Sybil attacks in anonymous systems - the attacker can simply create an arbitrarily high number of peers and "vote" with each to take over a given name. Proof-of-work methods can be used to make identity non-free, but as the network grows the load required to contact everyone to conduct online voting is implausible, or if the full network is not queried, different sets of answers may be reachable.
As with the Internet however, I2P is keeping the design and operation of a naming system out of the (IP-like) communication layer. The bundled naming library includes a simple service provider interface which alternate naming systems can plug into, allowing end users to drive what sort of naming tradeoffs they prefer.
The QR Code Generator: Besides the Address Book, I2P addresses can be shared by converting them into QR codes and scanning them with a camera. This is especially useful for Android devices.
I2P Hidden Services Manager This is a general-purpose adapter for forwarding services ( ie SSH ) into I2P and proxying client requests to and from I2P. It provides a variety of “Tunnel Types” which are able to do advance filtering of traffic before it reaches I2P.
I2PTunnel Developed by: mihi
I2PTunnel is probably I2P's most popular and versatile client application, allowing generic proxying both into and out of the I2P network. I2PTunnel can be viewed as four separate proxying applications - a "client" which receives inbound TCP connections and forwards them to a given I2P destination, an "httpclient" (aka "eepproxy") which acts like an HTTP proxy and forwards the requests to the appropriate I2P destination (after querying the naming service if necessary), a "server" which receives inbound I2P streaming connections on a destination and forwards them to a given TCP host+port, and an "httpserver" which extends the "server" by parsing the HTTP request and responses to allow safer operation. There is an additional "socksclient" application, but its use is not encouraged for reasons previously mentioned.
I2P itself is not an outproxy network - the anonymity and security concerns inherent in a mix net which forwards data into and out of the mix have kept I2P's design focused on providing an anonymous network which capable of meeting the user's needs without requiring external resources. However, the I2PTunnel "httpclient" application offers a hook for outproxying - if the hostname requested doesn't end in ".i2p", it picks a random destination from a user-provided set of outproxies and forwards the request to them. These destinations are simply I2PTunnel "server" instances run by volunteers who have explicitly chosen to run outproxies - no one is an outproxy by default, and running an outproxy doesn't automatically tell other people to proxy through you. While outproxies do have inherent weaknesses, they offer a simple proof of concept for using I2P and provide some functionality under a threat model which may be sufficient for some users.
I2PTunnel enables most of the applications in use. An "httpserver" pointing at a webserver lets anyone run their own anonymous website (or "I2P Site") - a webserver is bundled with I2P for this purpose, but any webserver can be used. Anyone may run a "client" pointing at one of the anonymously hosted IRC servers, each of which are running a "server" pointing at their local IRCd and communicating between IRCds over their own "client" tunnels. End users also have "client" tunnels pointing at I2Pmail's POP3 and SMTP destinations (which in turn are simply "server" instances pointing at POP3 and SMTP servers), as well as "client" tunnels pointing at I2P's CVS server, allowing anonymous development. At times people have even run "client" proxies to access the "server" instances pointing at an NNTP server.
Applications Outside I2P to use with I2P
Mozilla Firefox: A web browser with advanced privacy and security features, this is the best browser to configure to browse I2P sites.
Chromium: A web browser developed by Google that is the Open-Source base of Google Chrome, this is sometimes used as an alternative to Firefox.
BiglyBT: A Feature-Rich bittorrent client including I2P support and the unique ability to “Bridge” regular torrents in-to I2P so people can download them anonymously.
OpenSSH: OpenSSH is a popular program used by systems administrators to remotely administer a server, or to provide “Shell” accounts for users on the server.
Git/Gitlab: Git is a source-code control tool which is distributed, and often recommends a fork-first workflow. Hosting source code on I2P is an important activity, so Gitlab-specific instructions are available for all to use.
Debian and Ubuntu GNU/Linux: It is possible to obtain packages for Debian and Ubuntu GNU/Linux over I2P using apt-transport-i2p and apt-transport-i2phttp. In the future, a bittorrent-based transport may also be developed.
Applications for Developers
The SAM API Bridge: The SAM API is a language-independent API for writing applications that are I2P-native by communicating with the local I2P router. It can provide Streaming-like capabilities, Anonymous Datagrams, or Repliable Datagrams.
The BOB API Bridge: This is a deprecated technology, BOB users should migrate to SAM if it is possible for them to do so.
The I2CP API: Not strictly an application, this is how Java applications communicate with the I2P router to set up tunnels, generate and manage keys, and communicate with other peers on the network.