I2P Explained

The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a mix network) that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user’s traffic (by using end-to-end encryption), and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an “I2P router”, and a computer running I2P is called an “I2P node”. I2P is free and open sourced, and is published under multiple licenses.

The Inner Workings

The network is strictly message-based, like IP, but a library is available to allow reliable streaming communication on top of it (similar to Non-blocking IO-based TCP, although from version 0.6, a new Secure Semi-reliable UDP transport is used). All communication is end-to-end encrypted (in total, four layers of encryption are used when sending a message) through garlic routing, and even the end points (“destinations”) are cryptographic identifiers (essentially a pair of public keys), so that neither senders nor recipients of messages need to reveal their IP address to the other side or to third-party observers.

Although many developers had been a part of the Invisible IRC Project (IIP)and Freenet communities, significant differences exist between their designs and concepts. IIP was an anonymous centralized IRC server. Freenet is a censorship-resistant distributed data store. I2P is an anonymous peer-to-peer distributed communication layer designed to run any traditional internet service (e.g. Usenet, email, IRC, file sharing, Web hosting and HTTP, or Telnet), as well as more traditional distributed applications (e.g. a distributed data store, a web proxy network using Squid, or DNS).

Many developers of I2P are known only under pseudonyms. While the previous main developer, jrandom, is currently on hiatus, others, such as zzz, killyourtv, and Complication have continued to lead development efforts, and are assisted by numerous contributors.

Networking

• I2PTunnel is an application embedded into I2P that allows arbitrary TCP/IP applications to communicate over I2P by setting up “tunnels” which can be accessed by connecting to pre-determined ports on localhost.
• SAM (Simple Anonymous Messaging) is a protocol which allows a client application written in any programming language to communicate over I2P, by using a socket-based interface to the I2P router.
• BOB (Basic Open Bridge) is a less complex app to router protocol similar to “SAM”
• Orchid Outproxy Tor plugin

Routers

• I2PBerry is a Linux distribution which can be used as a router to encrypt and route network traffic through the I2P network.
• i2pd is a light-weight I2P router written in C++, stripping the excessive applications such as e-mail, torrents, and others that can be regarded as bloat.
• Kovri is an I2P router written in C++. It was forked from i2pd following developer disagreements.Kovri’s primary purpose is to integrate with the cryptocurrency Monero to send new transaction information over I2P, making it much more difficult to find which node is the origin of a transaction request. Those using the Kovri router will be running full I2P routers that contribute to the I2P network the same way the current Java router does. This project is expected to benefit both the Monero and I2P communities, since it will allow for greater privacy in Monero, and it should increase the number of nodes on the I2P network.

Vulnerabilities

Denial of service attacks are possible against websites hosted on the network, though a site operator may secure their site against certain versions of this type of attack to some extent.

A zero-day vulnerability was discovered for I2P in 2014, and was exploited to de-anonymize at least 30,000 users. This included users of the operating system Tails. This vulnerability was later patched.

A 2017 study examining how forensic investigators might exploit vulnerabilities in I2P software to gather useful evidence indicated that a seized machine which had been running I2P router software may hold unencrypted local data that could be useful to law enforcement. Records of which eepsites a user of a later-seized machine was interested in may also be inferred. The study identified a “trusted” I2P domain registrar (“NO.i2p”) which appeared to have been abandoned by its administrator, and which the study identified as a potential target for law enforcement takeover. It alternatively suggested waiting for NO.i2p’s server to fail, only to social engineer the I2P community into moving to a phony replacement. Another suggestion the study proposed was to register a mirror version of a target website under an identical domain.

Summary

In conclusion, I2P serves as an essential tool for private browsing, dark web access, and anonymous communication, offering a decentralized and peer-to-peer internet experience with a strong focus on privacy and security.