Which is the preferred method? In case of I2P it’s various sorts of usability vs various sorts of security.
inproxies: no extra code involved (same attack surface) but the inproxy could deliver incomplete, false or even malicious content [we have to assume malicious content anyhow - the I2P site could be malicious]; more usable when just web browsing since very quickly to set up
client inside the workstation: same connection security as I2P (better than inproxies) but more code (I2P client) in use, higher attack surface; more features, not just web browsing
Which is the preferred method? In case of I2P it’s various sorts of usability vs various sorts of security.
WS Client.
Ignoring the attack surface argument since:
The attack surface of I2P is decidedly much smaller than TBB being exposed to a payload by a malicious inproxy or anything else in between (they are all http only)
The benefit of running anything that has known security holes will never set off its harm. I2P is written in a memory safe language and I am not aware of it having any security problems so far.
Another problem with inproxies besides mitming an otherwise secure connection, is a degraded browsng experience since many eepsites simply block access if its not E2E encrypted.
But it’s not getting any less trustworthy to begin with - unless the user has a reason to trust the host of the i2p site.
I didn’t know that’s possible since from the perspective of the eepsites such a an inproxy is E2E encrypted. The only difference with inproxy is that it forwards whatever it fetched to someone else, the inproxy user.
I have no strong opinion about which should be the preferred method. For me it’s like picking from two flavors I both like. Please go for it.