I2P Integration


Well shit. I’m able to do everything I need to do except re-brand the Tor browser with nothing but small changes to javascript in Torbutton, a static home page, and by providing a start-i2p-browser script separately to pass a different wm_class to firefox, but it appears to be impossible to change the icons and internal strings without installing a A) external plugin or B) making modifications to Torbutton that greatly complicate it and inject javascript into pages. I really, really hope I’m wrong, if anybody else knows a better way to rename Firefox it would be a lifesaver. And it gets worse. To try and create a re-branding plugin, I forked iceweasel’s branding plugin. There aren’t any fingerprintable resources in the plugin and i2p rewrites the browser UA string, so it seemed like a good place to start. I created a re-branding plugin successfully. But then I went to submit it to Mozilla. All new extensions must be webextensions(to be signed), and webextensions can’t rebrand Firefox, which obviously effects our future.

Since there’s no good way to add such a plugin to a Tor Browser after it’s built, and since when it’s webextensions all the way down the old Firefox branding approach will no longer work, I think the only way to build an i2p browser that doesn’t risk accidentally telling people it’s a Tor Browser at this point is to create a modified rbm configuration(Edit: and some make targets, more-or-less. Probably a little other stuff.) with a re-branding plugin incorporated into the build procedure. I’m re-reading through the TBB hacking document and the rbm manpages and I think this is surprisingly simple(Well, it’s extremely well documented and much easier than it was the last time I tried to compile a modern web browser from source). We won’t be reproducible against the regular TBB, but we will be reproducible(Against our new configuration), have hardening and Tor-relevant fingerprint protections, and not risk misleading labeling or documentation. (on the bright side, for me at least, it means I will get Windows and OSX builds for free. Not Whonix-relevant, just trying to be positive)

Of course this is all moot if there’s a hidden about:config or application.ini or some other option anywhere capable of doing what we need. But I couldn’t find one.


Don’t worry about major rebranding too much since changing the about:config since the other changes like the landing page you made are a best attempt effort and they clearly show users hat its not the typical TBB. Anything more is a waste of brain cycles and time. Please proceed with the rest of the plumbing for I2P.


Roger. Focused on upstreaming the Torbutton patch first. Once that’s done the browser will be able to be configured by the starter, and I’ll submit socket configuration and the changes to the starter at the same time.




Hi, I wrote the guide for putting I2P in a Qubes-ProxyVM Patrick just mentioned.

From the looks of it, the main difference with my approach is that I wanted everything to be happening in the ProxyVM, so there is no additional setup in the Workstation. However, because I couldn’t figure out how exactly the whonix iptables setup works, I based the proxyVM on plain debian. The trick was to have iptables NAT all DNS-requests to localhost and have dnsmasq started with a special rule for i2p and otherwise refer to tor:

dnsmasq --address=/.i2p/$TARGET_IP --server$TOR_DNS_PORT

I wrote the post as detailed as possible about what I did, so the post should be pretty self-explanatory. I’ll try implementing some suggestions of adrelanos and what I have found here when I find time.

P.S.: Sadly, the javascript here is driving me nuts. Is there some kind of alternative discussion platform? IRC? I’m not sure the mailing-list is appropriate for this niche discussion.


why did you choose Debian8 and not Debian 9?

Right, we need to change a few things in the WS to use the TBB with I2P

Mailing-list should be fine (@Patrick?)
there is also a Whonix’s IRC, but i’m rarely there, you could use my Bote Mail (@Goldstein Profile) if you want to message me directly.


I’m sorry for the current lack of progress and unresponsiveness, i’m traveling atm and only got flacky Internet, i’ll be back in 1-2 Weeks.



Mailing-list should be fine (@Patrick?)

Feel free to use whonix-devel. Just note that fewer users are active
there. No idea how many people who participate here are also signed up
for whonix-devel.

there is also a Whonix’s IRC, but i’m rarely there

Same for me.


I didn’t know where to upload these, so I put them on a filehost on I2P.
eepsite rulesets for HTTPS-Everywhere


development needed for Sdwdate to work properly with I2P. As i understand for current Sdwdate its only targeting onion router TCP, though in I2P we have both TCP & UDP garlic router.



Using a i2p on a workstation with privoxy.
I followed the updated guide on github (top post). It was fine, and a i2p sites where visible.
When I rebooted the i2p site where not visible anymore. I got a 502 error.
“.…has been closed before Privoxy received any data for this request”.

The error from i2p is:
Network: ERR-Client Manager I2CP Error - Check logs

[istener:7654] er.client.ClientListenerRunner: I2CP error listening to port 7654 - is another I2P instance running? Resolve conflicts and restart

Is the guide really up-to-date? Is there maybe another guide that is complete?
I see on different places guides that are not complete

Maybe a seriously stupid question, but what do you mean by:
Create a separate Gateway (TemplateVM&) ProxyVm and Workstation (TemplateVM&) AppVM Installing I2P



Hi RED29

The instructions found on https://github.com/mutedstorm/Whonix-I2P are for use with Qubes OS:


2 posts were split to a new topic: Using I2P inside Whonix-Workstation (Non-Qubes-Whonix)



First of all sorry again for the lack of progress and updates (thank the Government)

Thanks, i’ll upload them to the Repo

Why would we need that in our current setup ? We can use Tor for that, no need for I2P.

I’ve hadn’t had this issue, but i’ll try to reproduce it.

The wiki entry is old and incomplete, the Guide in the Repository is the latest one (it’s also not finished due to the missing TBB part)

Merged, going to test the other suggestion.

I’ll need some time to restore everything since i lost all of my Hardware and funds so bare with me.


I’m not sure what to do about the TBB thing. I don’t think the environment variable patch is getting much attention, I kind of see why they’d be hesitant even though it seems to me a minor change. So choices… I could package the script itself(Without the browser), or the profile(apt-get install tb-profile-i2p?) and copy select it at runtime ^with --profile, but then the reproducibility thing is still a concern. I kind of wonder how much, though. I mean hypothetically, if there was a way to pass a prefs.js at the terminal when starting tb-starter, and that prefs.js wasn’t actually added to the files used by TBB, then wouldn’t it still be reproducible in all the relevant ways?


Thanks for chiming in. OK so let’s proceed in directions that don’t depend on upstream.

Whichever direction makes the process easier as long as it doesn’t involve a TBB from outside the tb-updater. So whatever changes your profiles/scripts does to a preinstalled TBB are alright.


Yes i agree, depending on upstream isn’t something i would like to have with this

Right the easier the better, we can figure everything else out along the way…

You can remove the @Goldstein account since i can’t access it anytime soon.




gk (Georg Koppen, TBB Developer):

I think using the prefs approach is the one you should pursue right now. Shipping an own profile with customizations won’t go away in the forseeable future.


We should use I2P to fix that not Tor , as I2P is the main connection inside whonix-i2p not Tor.