Which is the preferred method? In case of I2P it’s various sorts of usability vs various sorts of security.
inproxies: no extra code involved (same attack surface) but the inproxy could deliver incomplete, false or even malicious content [we have to assume malicious content anyhow - the I2P site could be malicious]; more usable when just web browsing since very quickly to set up
client inside the workstation: same connection security as I2P (better than inproxies) but more code (I2P client) in use, higher attack surface; more features, not just web browsing
But it’s not getting any less trustworthy to begin with - unless the user has a reason to trust the host of the i2p site.
I didn’t know that’s possible since from the perspective of the eepsites such a an inproxy is E2E encrypted. The only difference with inproxy is that it forwards whatever it fetched to someone else, the inproxy user.
I have no strong opinion about which should be the preferred method. For me it’s like picking from two flavors I both like. Please go for it.