i2p.www/www.i2p2/pages/socks.html

{% extends "_layout.html" %}
{% block title %}Socks{% endblock %}
{% block content %}
<h2>Socks and socks proxies</h2>
<p>
As it says on the
<a href="faq.html#socks">FAQ</a>:
<p>
    While it would be technically feasible, many applications leak sensitive
    information that could identify you on the internet. I2P only filters
    connection data, but if the program you intend to run sends this
    information as content, I2P has no way to protect your anonymity.  For
    example, some mail applications will send the IP address of the machine
    they are running on to a mail server. There is no way for I2P to filter
    this, thus using I2P to 'socksify' existing applications is possible, but
    extremely dangerous.
</p><p>
However, there is code in I2P that hasn't been used in many years, if it all.
It apparently was written by "human".
Nobody currently working on I2P has tested it.
</p><p>
And quoting from a 2005 email:
</p><p>
... there is a reason why human and
others have both built and abandonded the SOCKS proxies.  Forwarding
arbitrary traffic is just plain unsafe, and it behooves us as
developers of anonymity and security software to have the safety of
our end users foremost in our minds.

Hoping that we can simply strap an arbitrary client on top of I2P
without auditing both its behavior and its exposed protocols for
security and anonymity is naive.  Pretty much *every* application
and protocol violates anonymity, unless it was designed for it
specifically, and even then, most of those do too.  Thats the
reality.  End users are better served with systems designed for
anonymity and security.  Modifying existing systems to work in
anonymous environments is no small feat, orders of magnitude more
work that simply using the existing I2P APIs.

</p><p>
Still Interested?
Here's brief and vague guide to the code.
Thanks to Bernhard Fischer from
<a href="http://www.abenteuerland.at/onioncat/">Onioncat</a>
for helping to test.
</p>

<p>
We implement a SOCKS 5 proxy. SOCKS 4 and 4a are not supported,
and the code dies a horrible death if you try it - to be fixed.
It supports standard addressbook names, but not Base64 destinations.
Base32 hashes should work as of release 0.7.
It supports outgoing connections only, i.e. an I2PTunnel Client.
There is no GUI support in I2PTunnel - you must start it with the command line.
Run the command line as follows - adjust the I2P variable as necessary.
You probably want to do this in the directory that contains your
hosts.txt file (i.e. $I2P) so that naming lookups work.
<pre>
#!/bin/sh
export I2P=~/i2p
java -cp $I2P/lib/i2ptunnel.jar:$I2P/lib/mstreaming.jar:$I2P/lib/streaming.jar:$I2P/lib/i2p.jar net.i2p.i2ptunnel.I2PTunnel -cli $*
</pre>
Now type <tt>sockstunnel portnumber</tt> and you will have a client tunnel.
Type <tt>close 1</tt> to close the tunnel and <tt>quit</tt> to quit.

</p>

<h3>See Also</h3>
<ul>
<li>
The notes for
<a href="meeting81.html">Meeting 81</a>
and
<a href="meeting82.html">Meeting 82</a>
in March 2004.
<li>
<a href="http://www.abenteuerland.at/onioncat/">Onioncat</a>
<li>
<a href="http://zzz.i2p/">zzz.i2p</a>
</ul>

<h3>If You Do Get Something Working</h3>
Please let us know. And please provide substantial warnings about the
risks of socks proxies.

{% endblock %}