i2p.www/pages/faq.html

<h3>What is I2P?</h3>
<p>
	I2P is a generic anonymous and secure peer to peer communication layer. It is
	a network that sits on top of another network (in this case, it sits on top of
	the internet). It is responsible for delivering a message anonymously and
	securely to another location.  More tech details are
	<a href="how">available</a><!-- Not sure if I got this link right (ugha) -->
</p>

<h3>What does that mean?</h3>
<p>
	It means that you can do things anonymously and host services anonymously from
	your computer. You will need to use programs that are designed to work with
	I2P, though in some cases you can use regular internet programs with I2P by
	creating something called an <a href="i2ptunnel">I2PTunnel</a>
</p>

<h3>What is the difference between I2P and the internet?</h3>
<p>
	Data transferred via I2P is anonymous and encrypted. Regular internet traffic
	is not (although it can be encrypted). If you set up a web page using I2P,
	nobody will know who you are. If you browse a web page using I2P, nobody will
	know who you are. If you transfer files using I2P, nobody will know who you
	are.
</p>

<h3>Whats an "eepsite"?</h3>
<p>
	An eepsite is a website that is hosted anonymously - you can access it by
	setting your web browser's HTTP proxy to use the web proxy (typically it
	listens on localhost port 4444), and browsing to the site.
</p>

<h3>Can I browse the web with I2P?</h3>
<p>
	Yes - the I2PTunnel eepproxy includes a hook to use an anonymously hosted
	outbound proxy (squid.i2p).  If you have your browser set to use the web
	proxy, if you type http://google.com/ your request will be routed through I2P
	to the outbound proxy.
</p>

<h3>How anonymous is I2P anyway?</h3>
<p>
	I2P is working to support militant grade anonymity, <b>but we're not there
	yet</b>.  You should not use I2P if you <i>need</i> your anonymity - there are
	likely bugs and perhaps other issues, and it has not gone through sufficient
	peer review.  However, we're confident that we'll get to the point that we can
	provide anonymity strong enough even for militantly subversive political
	action (so it should be fine for you to chat online with your friends)
</p>
<p>
	An important point to note is that I2P does <b>not</b> provide anonymity or
	security of content after it is transferred - you can still download and run a
	virus, or even submit your full name and bank account numbers on an eepsite.
	I2P only tries to provide communication security and anonymity - what you say
	or do is up to you.
</p>

<h3>How does I2P protect itself from denial of service attacks?</h3>
<p>
	For this too, there are several answers. Short summary is "the best it can".  
	Briefly, I2P attempts to defend against several forms of denial of service 
	attack, all without centralized coordination. For applications using I2P, 
	the computer they are located on is not exposed to the public, so the 
	standard denial of service attack cannot be directly mounted against them
	(ala ping floods, etc). Instead, attackers are forced to go after the 
	gateways to that application's inbound tunnels - of which there can be many
	at any given time. Each gateway also has its own limits for how many messages
	and/or bytes it agrees to send down the tunnel. The application itself 
	periodically tests these tunnels to make sure they're still reachable and 
	usable, so if one of them is taken out by an IP level attack of any kind,
	it will know and rebuild its leases, specifying new gateways.  
</p>
<p>
	To prevent individual users from consuming excessive resources (registering
	too many tunnels, sending too many messages, looking up too many entries in
	the network database, and creating too many router and destination
	identities), various messages and identities have a certificate attached to
	them.  Currently these certificates are blank, but down the line they will be
	filled with
	<a href="http://en.wikipedia.org/wiki/Hashcash">HashCash</a>
	- a computationally expensive collision based on the contents of the
	message or identity.  They can also be filled with other certificates as
	deemed necessary (e.g. a blinded certificate from an anonymous certificate
	authority, a receipt for real currency payments, etc).  It is also believed
	that through this certificate attachment system I2P will be able to overcome
	the <a href="http://citeseer.nj.nec.com/douceur02sybil.html">sybil attack</a>.
</p>
<p>
	Other denial of service attacks include creating a few thousand high quality 
	I2P routers, running them for a week, and then taking them all offline.  This 
	indeed may force the creation of islands within the network, but the
	underlying <a href="how_networkdatabase">Network Database</a> is built off of
	a modified <a href="http://citeseer.nj.nec.com/529075.html">Kademlia</a>,
	which should allow the network to recover with minimal overhead (though, of
	course, if a router has literally no other peers left after the bad ones
	leave, that router will need to 'reseed' - fetch a reference to another router
	through some other mechanism).
</p>

<!--
<hr />
<h3>I have a question!</h3>
<p>
	Great!  Please leave a comment and we'll include it here (with the answer,
	hopefully)
</p>
- People can't comment articles anymore. :) (ugha)
-->