Whonix's shift on TOR+I2P

We have a thread on the topic. Some headway was made, but unfortunately the main guy is MIA and their repo (concept not code) was deleted:

Here is an archived version:

We are at a point where some things need to be automated/scripted. I think concentrating on including I2P by default in the Workstation is the easier and higher yield route.

EDIT:

  • Main task would be to optimize and create a second TBB capable of connecting to localhost daemons. This would be useful for zeronet and Freenet and potentially many other uses. May also be relevant to out Tor Browser without Tor version for Hardened Debian.

  • Adding I2P repos by default and fetching binary from there during build time. We may need to make this part an optional build time parameter according to what @Patrick thinks is best.

3 Likes

This seems like it would be easy to do. Can’t you just disable Tor in the Tor Browser and configure it to use I2P?

How would it connect to I2P? Would it be via Tor or just straight to I2P? I think it would be best to connect straight to I2P to prevent users from sticking out from other I2P users.

1 Like

Needs to be done in prefs in a consistent way that guarntees it carries over across updates. Privoxy needs to be configured to filter access and so on.

Via its localhost interface.

Since on the WS it will go thru Tor.

I2P comes with applications that are not easy/possible to separate from the node itself at the moment. Also tunneling thru Tor gives more protection in case the nodes are rogue or they are installed on spyware friendly systems like Windows.

2 Likes

There is I2P-Browser (looks like alpha stage) you can test it:

https://geti2p.net/en/download/lab

  • It will be extremely difficult to keep I2P as useful as connecting to directly to the interent , changing of circuits will disconnect I2P and continuation of re-connection (Though I2P in its normal state connecting to the clearnet is always in disconnecting/reconnecting state, adding it over Tor just real torture)

  • Tor discourage some I2P features like Torrenting. So when doing that over Tor (since the connection will go over Tor anyway) the state of anonymity&usability is unknown (unless there is good study which i didnt hear of).

  • Tor lacks IPv6 support (or few nodes support it) , so as the control of upnp (for users who are interested into using it)

So i think its better to keep I2P in parallel with Tor in GW. Not as one over another one.

True and zzz aware of it:

Very true statement , but sadly even Tor nodes itself we cant be sure its nodes not installed over spyware OSs like Windows or Ubuntu or Secure OS but configured to be spyware… and even if we make sure then we cant help it.

1 Like

Patches welcome.
(Don’t worry about build parameter. That is the easy part I can add later on.)

Custom TBB profile for localhost access + Privoxy
https://phabricator.whonix.org/T770

Customized welcome page and bookmarks for I2P / Alt TBB (keyword: homepage)
https://phabricator.whonix.org/T795

Do you know if it is based on Tor Browser? Can you ask on their forum?

Not in my experience if the I2P settings are adjusted, you can be connected seamlessly. You don’t need full circuit protection in a tunneled setup.‘’

The download rate would be so slow that no one would even bother when they can just torrent with a VPN over Tor. Also we don;t have a huge userbase or see this as getting bug adoption to be a problem anyway.

IPv6 still hasn’t really picked up anywhere and is nt a good argument to shelf WS I2P.

Not really possible with the current I2P design with bundled apps as explained above. It would violate the VM separation design and push users to do actions on the GW. I2P’s main functionality is related to its bundled apps. Until this is resolved upstream WS support will do.

1 Like

No need , i tested that and yes it is.

2 Likes

Tested in Whonix Workstation? Does it connect to an I2P instance also installed on WS?

2 Likes

Yes it did. whonix 15 + i2p 0.9.38 from debian repo.

(but be sure there are alot of issues more than i have mentioned to run I2P connection over Tor you can test that and see yourself)

3 Likes

I thought this was Windows only. The Linux version must have come out recently. There is even a docker image that can be used for extra isolation.

1 Like

The work is on this is by eyedeekay who has regularly chimed in on the main I2P support thread.

2 Likes

I never knew eyedeekay did official projects for I2P. I’ve talked with him before and seen some of his projects.

The guy’s an absolute powerhouse. Check his repos. He just released an apt-transport-i2p plugin.

Also TBB related code:

2 Likes

Yeah, I’ve looked at some of those. They look really interesting.

1 Like
1 Like

The .sqlite file can easily be read with something like sqlitebrowser.

search.json.mozlz4 can also be read but I could never get it to work.

The extensions can probably be verified with a checksum.

2 Likes

search.json.mozlz4 I’ve got a script for it somewhere, IIRC there’s some kind of magic number thing involved. I’ll dig it up so I can just include search.json. The extensions being included in the repo is resolved in the upstream monotone repository, I will fix that as soon as possible.

My involvement with the main i2p project is actually fairly recent, but it’s been a great experience. As for the new Tor Browser fork, I don’t want to take credit, the work has been done almost entirely by Meeh, and if I’m a powerhouse that dude’s a damn nuclear reactor or something. These are the important repositories to follow for our development of the TBB fork, i2pbutton i2p-browser-build-scripts test-i2p-browser, and this is the trac page. I’ll try and be around the Whonix forum more in the future to help our projects communicate.

4 Likes

Hopefully integrated I2P comes out on Whonix soon. With the recent hidden services DDOS issues and no real fix in sight people would be more willing to try out I2P.

Dont expect much on solving DDOS within I2P , Tor at least has Tor balance mitigation for old versions and working to get it into version 3.x+ (still long way to have it). But I2P doesnt has any of that yet.