this post was submitted on 11 Sep 2024
36 points (100.0% liked)

Privacy

32103 readers
760 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

A lot many individuals run TOR exit nodes, but I never hear about people running their own I2P outproxies. Is it really hard to host, or is there some other reason? I thought that if you could run a TOR exit node I'd think you'd be just fine running an I2P outproxy.

Running more outproxies will help in bridging torrents from the clearnet to I2P, which would be a very good move considering the crackdowns on torrents right now. Companies even want to involve civilians into their lawsuits in Sweden now, making the need for privacy/anonymity even more important when torrenting, which I2P provides.

top 17 comments
sorted by: hot top controversial new old
[–] sploodged@lemmy.dbzer0.com 9 points 2 months ago (3 children)

stormycloud is the biggest, there's also acetone and purokishi that are both very reliable. there's a couple others that aren't as stable right now. i2p's about inter-network services that often work without any need of the clearnet, tor is a better option if you're looking to do clearnet things.

torrents don't get bridged through the (mainly 3!) outproxies in i2p. they're bridged by random people cross-seeding torrents through clients like qbittorrent or bigly bt which work in both i2p and clearnet. Or, you can download a torrent from clearnet normally and change the trackers to i2p only trackers, then add to i2psnark. In both cases using biglybt/qbittorrent you should be able to connect to peers from i2p and clearnet through the people that do this, functioning as your own outproxy in a way.

Anyone can easily bring over clearnet torrents into i2p, and they are more than welcome to do so!

So i'm not disagreeing with you about i2p needing more outproxies, more is better, but tor does this already (and arguably does it better since there's so many exit nodes) so i don't think the demand is as big. You're right that it's pretty similar running an i2p proxy. As far as i know it's a very similar process running tor exit nodes vs i2p outproxy, i think acetone is also a tor exit node (i might be wrong on that), purokishi routes some things through tor, and stormycloud until somewhat recently mainly focused on running a fleet of tor exit nodes.

The nature of i2p means that to get faster speeds these providers may be running many i2p routers to provide lots of tunnels and load balance them, so i think that aspect is more technically challenging but i've never done it at scale myself. I think you'd need a handful of well resourced/connected i2p routers to offer a consistently good outproxy service.

[–] ReversalHatchery@beehaw.org 5 points 2 months ago (1 children)

i remember reading that tor maintainers don't like it when people use the Tor network for torrenting, because it harms the network from a performance perspective

[–] sploodged@lemmy.dbzer0.com 5 points 2 months ago* (last edited 2 months ago) (1 children)

100% right, tor is not for torrenting, tor for clearnet

i2p for torrenting, not for clearnet

[–] ReversalHatchery@beehaw.org 3 points 2 months ago* (last edited 2 months ago) (1 children)

yeah, and more generally, Tor is optimized for light services both in-network and through outproxies (because there are many of those), and I2P is more optimized for large transfers and many connections in-network, and very unsuitable for internet access because there's only a few overwhelmed outproxies, among which load is not even attempted to be distributed by the default I2P router configuration.

the reason for why I2P is more suitable for torrenting is unclear to me, though, other than the maintainers telling that. possibly because almost everyone who wants to use the network will participate actively in routing traffic, and so there is relatively a lot more routers than on Tor

[–] sploodged@lemmy.dbzer0.com 2 points 2 months ago* (last edited 2 months ago) (1 children)

Yeah, accessing the outernet was sort of an afterthought with i2p, although the proxies are handling well now...things got way better after stormy cloud came on the scene imo. you can stream clearnet videos through the 3 i mentioned. It could be better if there was outproxy switching built in like tor, i think. It was bad though before stormy cloud and often unusable, the available outproxies were very much overwhelmed. sometimes they worked but it was hit or miss.

that's the right line of thinking. vast majority of tor users don't contribute to the network which is held together by a comparatively small number of volunteers. by default if you're running i2p you're contributing (except with specific configurations). With tor, more users, same number of nodes means less bandwidth for everyone. With i2p more users means both sides go up, more nodes, more bandwidth, on average more bandwidth for everyone. Torrenting burns bandwidth but on average more users grows network capacity.

[–] ReversalHatchery@beehaw.org 3 points 2 months ago (1 children)

the available outproxies were very much overwhelmed

honestly that's still my experience. it's not rare that websites like a DDG results page does not even load, I think from time to time I even have unable to connect errors, even though as I have stormycloud as my outproxy. probably something on my end, though, it seems then

[–] sploodged@lemmy.dbzer0.com 2 points 2 months ago* (last edited 2 months ago) (1 children)

I haven't used stormycloud much but i haven't heard there being issues with them. I've preferred using outproxy.acetone.i2p and purokishi.i2p since i've found them consistently to be faster. Stormycloud is the default in vanilla i2p so they end up getting the brunt of i2p's outproxy traffic, it's possible they could get overloaded. They have a very good setup, but they're one entity.

Especially right now after mental outlaws video, more routers could be coming online and giving stormycloud a workout, maybe getting overwhelmed. I would try switching to either of those and setting inbound/outbound tunnel count to 16. hope that helps.

[–] ReversalHatchery@beehaw.org 3 points 2 months ago

I'll try this, thanks. but to fill in some missing context from my part, this is what I have been experiencing for the little more than a year I'm running an I2P router.

[–] Findmysec@infosec.pub 4 points 2 months ago (1 children)

Would you know where I can find a guide to load balance I2P routers?

[–] sploodged@lemmy.dbzer0.com 4 points 2 months ago* (last edited 1 month ago) (1 children)

You can do multihoming, might be the easiest thing to do for a service: https://geti2p.net/spec/proposals/140-invisible-multihoming

Multihoming is a pretty simple way of load balancing and i think the way it works is the last router to announce is the one that's used, so it should cycle through all routers periodically.

It's also used to place i2p routers hosting a service in multiple places so it makes correlation attacks (ex downtime at exact time of a known electric outage in an area) more difficult.

Backend setup for your service

If we have a service like an http proxy service or a website available on port 6000, and 2 i2p routers, they'd both need access to that port. An outproxy may do this with port forwarding from a clean outernet connection(s) going through their proxy setup ex privoxy/haproxy/tinyproxy dns. They're less worried about correlation attacks so the routers may be all or mostly in one area using port forwarding over lan or VM's. A website that's concerned about correlation attacks may have separate instances of the website running on each router in different areas, with the website's backend syncing with the other routers in the background through other methods such as an encrypted lease-set.

Router setup

Each router needs the same exact key for the actual .i2p address. The easy way to do this is in the java router (i2p+ is good for this, install guide/official site go to service tunnels > make new server http tunnel, enter the port 6000, give it a name like "Outproxy", private key file a name like "outproxy.dat" and make sure optimize for Multihoming is on.

Other recommended additions in your tunnel config

  • Automatically start tunnel: on
  • TOTAL of 16 tunnels in/out (maximum) across all routers: 3 hops for good anonymity, outproxies not concerned with their own anonymity could reduce this for more performance. If you have 2 routers, use 8 tunnels for each.
  • Reduce tunnels to conserve resources: idle period 15-20 minutes, reduced count: low number like 2-3. This usually works well since the tunnels can be built back in an order of ms's on a good i2p router and not wasting resources keeping them open. It could introduce a slight delay though. High traffic situations might make sense to leave that off.

Then save and start, key file is generated.

Copy key file and a tunnel config file

Locations for .config file and key (.dat):

/i2p/.i2p/outproxy.dat

/i2p/.i2p/i2ptunnel.config.d/XX-outproxy-i2ptunnel.config

Then copy the key and config files to the other i2p routers in the same locations. Shouldn't need to go through setup with the config file present. Most important is it has the same key file, so they'll all use the same address.

[–] Findmysec@infosec.pub 2 points 2 months ago

Thanks, saved

[–] Findmysec@infosec.pub 3 points 2 months ago (1 children)

Thank you, where can I read a guide on this?

Does Qbittorent support I2P natively? If so, I can probably run it on my seedbox. Never tried it before

[–] sploodged@lemmy.dbzer0.com 4 points 2 months ago* (last edited 2 months ago) (1 children)

It does, qbittorrent support is still "experimental" though. i2psnark and biglybt will outperform it.

If you can run i2p on your seedbox could do it. Simple enough on a plain vps. If i remember correctly though i thought the web interface doesn't (or didn't) support i2p stuff, only gui. Haven't used qbittorrent in a while.

I'm aware mostly of where to find this info from within i2p:

I2p wiki- filesharing

http://wiki.i2p-projekt.i2p/wiki/index.php/Filesharing_and_I2P

Filesharing forum

http://discuss.i2p

Guides:

How to correctly download torrents from Clearnet using I2PSnark.pdf

http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=66113

[TUTORIAL] How to correctly cross seed to make Clearnet torrents available for I2P Network in Postman tracker.pdf

http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=65809

[TUTORIAL] How to use I2P in qBittorrent

http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=72171

Correct BiglyBT settings for Ultra Fast I2P torrenting.pdf

http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=66500

there's irc in i2p, irc isn't everyone's favorite way to do messaging...but it's a good way to get answer to questions from people that know more than i do. i2p folks have a good amount of distrust for the clearnet so some of them stay away from it.

[–] Findmysec@infosec.pub 4 points 2 months ago (1 children)

Thank you, this is very helpful. I'll read

[–] sploodged@lemmy.dbzer0.com 2 points 2 months ago
[–] gerlen@suppo.fi 4 points 2 months ago

outproxy.acetone.i2p

[–] zer0bitz@lemmy.world 3 points 2 months ago

Just managed to setup i2pd with IRC, ip2snark for torrents and got my website running also.