I2P Tweaks and Suggestions

nurmagoz · February 7, 2020, 4:01pm

hmm i would agree, but Rust Python Go are actually memory safe languages Java like in the middle. But actually i was referring to the performance not the security which is really slow/resources consumption comparing to others.

yes I2P connected over clearnet, but in our case I2P over Tor and isnt that will cause the same load damage as if Torrent over Tor directly?

Updater is disabled but I2P news updates is not disabled unless refresh frequently disabled.

Well thats not good idea specially with I2P , the debian package maintainer/s are not always available and no stable maintainer that for surely will always showing up. So better to upgrade I2Pj in similar way to electrum. unless I2Pj developers or stable maintainer doing the job. (mahatta not stable maintainer, and its preferable to consider doing that once I2Pj becoming just as a router and remove the rest of su3 garbage plugins).

I agree, but this GUI needs real love maintaining its impacts one of the flaws it uses JS and its not security built/focus at all which needs many hardening to be considered safe like for e.g:

I2P JS attack

Though JS not yet removed from I2Pconsole and ticket closed as wont fix #2537

I2Pconsole increases the surface attacks: (I2Pj router not yet isolated)

#2132

Currently it missed the following hardening configurations:

http://zzz.i2p/topics/2831-harden-i2pconsole

This is why better at the moment to keep using I2Pj from I2P developers/repo not debian repo.

Thinkablemellow · February 7, 2020, 4:03pm

The ones i posted in the Quote above, at the moment not much other than a single click i2p solution, when they merge the Addon its going to be more useful and as i see it its going to be more user friendly in the long run than the router.

I2P Browser in the whonix repo had(has?) a custom landing, but i agree a nicer one like the TBB one would be nice, but what links to add?

nurmagoz · February 7, 2020, 4:05pm

Its recommended against to lower ram more than this , as it will show not friendly router logs something like this:

 Router Logs

    ERROR [uterWatchdog] 2p.router.tasks.RouterWatchdog?: Memory: 38.03MB / 114.00MB
    ERROR [uterWatchdog] 2p.router.tasks.RouterWatchdog?: Outbound send rate: 776Bps
    ERROR [uterWatchdog] 2p.router.tasks.RouterWatchdog?: 1 minute send processing time: 243ms
    ERROR [uterWatchdog] 2p.router.tasks.RouterWatchdog?: Participating tunnel count: 2
    ERROR [uterWatchdog] 2p.router.tasks.RouterWatchdog?: Job lag: 0
    ERROR [uterWatchdog] 2p.router.tasks.RouterWatchdog?: Ready and waiting jobs: 0
    ERROR [uterWatchdog] client.ClientManagerFacadeImpl?: Client 8nwlmr has a leaseSet that expired 38m ago
    ERROR [uterWatchdog] 2p.router.tasks.RouterWatchdog?: Memory: 49.92MB / 114.00MB
    ERROR [uterWatchdog] 2p.router.tasks.RouterWatchdog?: Outbound send rate: 776Bps
    ERROR [uterWatchdog] 2p.router.tasks.RouterWatchdog?: 1 minute send processing time:

But since I2Pj will not run by default , then i think user should understand why memory consumption accruing when he want to run it.

Thinkablemellow · February 7, 2020, 4:10pm

no I2Ps Torrents cant be compared to Clearnet ones, the most i get is usually 50-150kB’s which wouldnt “hurt” Tor more than music streaming or youtube.

The whole argument against torrent over Tor because it hurts it is quite nonsensical to me (not talking about the OPSEC risk)

Yeah thats no good, adding the I2P repo would solve that, or using I2PBrowser(once its able to update )

We could (should?) disable or lock it with a password to prevent that ?
What reason does a User have to open it anyway?

Thinkablemellow · February 7, 2020, 4:17pm

Right thats why i brought up the low RAM specs of whonix, i know its quite unrealistic to lower the RAM for I2P or even when you run 2 TBB’s the RAM needs to increase anyway and the Specs dont reflect modern day hardware. Anyone who is serious about Security (most Whonix Users?) own or buy hardware for these kind of things, but those People probably also dont use Virtualbox…

@Patrick
Are there any Stats/Download numbers for Virtualbox,KVM and Qubes-Whonix Users ?

nurmagoz · February 7, 2020, 4:20pm

Good point! , i missed that actually. Then yeah wont be harmful to be used over Tor in this case.

Well I2Pconsole it has this feature (if im not mistaken), not bad idea (and we add public username/password for users to unlock it and if they want to change it). Reason is to make more configurations that will suit the end user if the default settings not enough or not good for him like playing with tunnels or adding more services/plugins…etc.

Thinkablemellow · February 7, 2020, 4:24pm

Most stuff could be done trough the I2P Control Plugin and the Config file, i could write a short bash script for custom config stuff, after all is the Terminal as “pretty” as the Router Console and way more useful

nurmagoz · February 7, 2020, 4:39pm

If you mean I2PBrowser from I2P devs, its nice great idea but its very alpha and very unmaintained currently e.g:

I2Pbrowser not signed #2530
NoScript just on the plugin level/effect not browser level #2536
Its not catching up with firefox/TB updates thus it has all major security vulns not fixed e.g #2570
NoScript default allowed websites not removed #2559
I2Pbrowser now includes I2Pj within it , mean I2Pj installed in the OS wont effect I2Pbrowser thus useless to our case.

and on top of that meeh/mikalv the maintainer of I2Pbrowser is not really active (at the moment missing since months).

Thinkablemellow · February 7, 2020, 4:51pm

Yes,i know i wasnt talking short Term, I2P takes ages compared to Tor but thats understandable given the Manpower and funding difference.
There are People actively working on it and as was stated in my Post they are on a good way merging everything TBB does and keeping it up to date.
Given the short time frame I2PB is a great leap forward in a I2P Perspective.

Life (sometimes the Government) gets in the way of these less important Projects, i can attest to that.
Rome wasnt build in one day…

Thinkablemellow · February 13, 2020, 8:08pm

https://github.com/Whonix/anon-apps-config/compare/master...Thinkablemell0w:master

I added a small change so we enforce .i2p and .bit.
@HulaHoop do you know any reason not to add them ? (since you left them out)
If not i’ll make a pull request

HulaHoop · February 13, 2020, 8:11pm

Too much complexity. Would require enabling trustfile support in main config. I don’t see the advantage over just leaving everything as is. “if it ain’t broke don’t fix it” mantra.

Thinkablemellow · February 13, 2020, 8:12pm

@nurmagoz i made a small list of things a user might want to change in this setup for a script, if you know anything else to add feel free to tell me.

  	Bandwidth settings
  		-Upload
  		-Download
  	Tunnel settings
  		-Length of In-Out Tunnels
  		-Quantity 
  		-Backups
  	I2Psnark settings
  		-Length of In-Out Tunnels
  		-Quantity 
  		-autostart	
  	Router Console settings
  		-Password
  		-Graphs
  		-Logs
  		-Advanced Console
  		-summaryBar
  		-search engine (if one works again)
  	Webapps settings
  		-i2psnark
  		-susimail
  	RAM settings
  		-set RAM
  	Privoxy settings
  		-trustfile
  		-tlds
  		-blocks

@HulaHoop 10-4 (10-4 Meaning & Origin | Slang by Dictionary.com)

HulaHoop · February 13, 2020, 8:15pm

?

nurmagoz · February 14, 2020, 9:43am

@HulaHoop I2P gonna be included from its main devs repo or debian repo?

Thinkablemellow · February 14, 2020, 1:17pm

@nurmagoz Debian AFAIK

nurmagoz · February 16, 2020, 8:04pm

I see, As im living in I2P community since years now so i know very well this wont go well if its going to be installed from debian repos.

not worth it to have old I2P installed by default.