i2p.www/pages/faq.html

<h1>FAQ</h1>
<h3>What is I2P?</h3>
<p>I2P is a generic anonymous and secure peer to peer communication layer. It is a network that sits on 
top of another network (in this case, it sits on top of the internet). It is responsible for delivering 
a message anonymously and securely to another location.  More tech details are 
<a href="/book/view/39?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">available</a></p>

<h3>What does that mean?</h3>
<p>It means that you can do things anonymously and host services anonymously from your computer. 
You will need to use programs that are designed to work with I2P, though in some cases you can use 
regular internet programs with I2P by creating something called an 
<a href="/i2ptunnel?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">I2PTunnel</a></p>

<h3>What is the difference between I2P and the internet?</h3>
<p>Data transferred via I2P is anonymous and encrypted. Regular internet traffic is not 
(although it can be encrypted). If you set up a web page using I2P, nobody will know who 
you are. If you browse a web page using I2P, nobody will know who you are. If you transfer 
files using I2P, nobody will know who you are.</p>

<h3>Whats an "eepsite"?</h3>
<p>An eepsite is a website that is hosted anonymously - you can access it by setting your web browser's HTTP proxy to use the web proxy (typically it listens on localhost port 4444),
and browsing to the site.</p>

<h3>Can I browse the web with I2P?</h3>
<p>Yes - the I2PTunnel eepproxy includes a hook to use an anonymously hosted outbound proxy
(squid.i2p).  If you have your browser set to use the web proxy, if you type 
http://google.com/ your request will be routed through I2P to the outbound proxy.</p>

<h3>How anonymous is I2P anyway?</h3>
<p>I2P is working to support militant grade anonymity, <b>but we're not there yet</b>.  You should not
use I2P if you <i>need</i> your anonymity - there are likely bugs and perhaps other issues, and it
has not gone through sufficient peer review.  However, we're confident that we'll get to the point
that we can provide anonymity strong enough even for militantly subversive political action (so it
should be fine for you to chat online with your friends)</p>

<p>An important point to note is that I2P does <b>not</b> provide anonymity or security of content
after it is transferred - you can still download and run a virus, or even submit your full name 
and bank account numbers on an eepsite.  I2P only tries to provide communication security and anonymity -
what you say or do is up to you.</p>

<h3>How does I2P protect itself from denial of service attacks?</h3>

<p>
	For this too, there are several answers. Short summary is "the best it can".  
	Briefly, I2P attempts to defend against several forms of denial of service 
	attack, all without centralized coordination. For applications using I2P, 
	the computer they are located on is not exposed to the public, so the 
	standard denial of service attack cannot be directly mounted against them
	(ala ping floods, etc). Instead, attackers are forced to go after the 
	gateways to that application's inbound tunnels - of which there can be many
	at any given time. Each gateway also has its own limits for how many messages
	and/or bytes it agrees to send down the tunnel. The application itself 
	periodically tests these tunnels to make sure they're still reachable and 
	usable, so if one of them is taken out by an IP level attack of any kind,
	it will know and rebuild its leases, specifying new gateways.  
</p>
<p>
	To prevent individual users from consuming excessive resources (registering
	too many tunnels, sending too many messages, looking up too many entries in
	the network database, and creating too many router and destination identities),
	various messages and identities have a certificate attached to them.  Currently
	these certificates are blank, but down the line they will be filled with
	<a href="http://wiki.invisiblenet.net/iip-wiki?HashCash">IIP Wiki: HashCash</a> - a computationally expensive collision based on the contents of the
	message or identity.  They can also be filled with other certificates as deemed
	necessary (e.g. a blinded certificate from an anonymous certificate authority, 
	a receipt for real currency payments, etc).  It is also believed that through this 
	certificate attachment system I2P will be able to overcome the <a href="http://citeseer.nj.nec.com/douceur02sybil.html">sybil attack</a>.<br>

</p>
<p>
	Other denial of service attacks include creating a few thousand high quality 
	I2P routers, running them for a week, and then taking them all offline.  This 
	indeed may force the creation of islands within the network, but the underlying
	<a href="/network_database?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">Network Database</a> is built off of a modified <a href="http://citeseer.nj.nec.com/529075.html">Kademlia</a>,
	which should allow the network to recover with minimal overhead (though, of course,
	if a router has literally no other peers left after the bad ones leave, that router will
	need to 'reseed' - fetch a reference to another router through some other mechanism).
</p>

<hr />
<h3>I have a question!</h3>

<p>Great!  Please leave a comment and we'll include it here (with the answer, hopefully)</p>
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`<h1>FAQ</h1>`
ungooglify (duck) 2004-07-06 21:38:20 +00:00			`<h3>What is I2P?</h3>`
			`<p>I2P is a generic anonymous and secure peer to peer communication layer. It is a network that sits on`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`top of another network (in this case, it sits on top of the internet). It is responsible for delivering`
			`a message anonymously and securely to another location. More tech details are`
			`<a href="/book/view/39?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">available</a></p>`

			`<h3>What does that mean?</h3>`
			`<p>It means that you can do things anonymously and host services anonymously from your computer.`
ungooglify (duck) 2004-07-06 21:38:20 +00:00			`You will need to use programs that are designed to work with I2P, though in some cases you can use`
			`regular internet programs with I2P by creating something called an`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`<a href="/i2ptunnel?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">I2PTunnel</a></p>`

ungooglify (duck) 2004-07-06 21:38:20 +00:00			`<h3>What is the difference between I2P and the internet?</h3>`
			`<p>Data transferred via I2P is anonymous and encrypted. Regular internet traffic is not`
			`(although it can be encrypted). If you set up a web page using I2P, nobody will know who`
			`you are. If you browse a web page using I2P, nobody will know who you are. If you transfer`
			`files using I2P, nobody will know who you are.</p>`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00
			`<h3>Whats an "eepsite"?</h3>`
			`<p>An eepsite is a website that is hosted anonymously - you can access it by setting your web browser's HTTP proxy to use the web proxy (typically it listens on localhost port 4444),`
			`and browsing to the site.</p>`

ungooglify (duck) 2004-07-06 21:38:20 +00:00			`<h3>Can I browse the web with I2P?</h3>`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`<p>Yes - the I2PTunnel eepproxy includes a hook to use an anonymously hosted outbound proxy`
ungooglify (duck) 2004-07-06 21:38:20 +00:00			`(squid.i2p). If you have your browser set to use the web proxy, if you type`
			`http://google.com/ your request will be routed through I2P to the outbound proxy.</p>`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00
ungooglify (duck) 2004-07-06 21:38:20 +00:00			`<h3>How anonymous is I2P anyway?</h3>`
			`<p>I2P is working to support militant grade anonymity, <b>but we're not there yet</b>. You should not`
			`use I2P if you <i>need</i> your anonymity - there are likely bugs and perhaps other issues, and it`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`has not gone through sufficient peer review. However, we're confident that we'll get to the point`
			`that we can provide anonymity strong enough even for militantly subversive political action (so it`
			`should be fine for you to chat online with your friends)</p>`

ungooglify (duck) 2004-07-06 21:38:20 +00:00			`<p>An important point to note is that I2P does <b>not</b> provide anonymity or security of content`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`after it is transferred - you can still download and run a virus, or even submit your full name`
ungooglify (duck) 2004-07-06 21:38:20 +00:00			`and bank account numbers on an eepsite. I2P only tries to provide communication security and anonymity -`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`what you say or do is up to you.</p>`

ungooglify (duck) 2004-07-06 21:38:20 +00:00			`<h3>How does I2P protect itself from denial of service attacks?</h3>`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00
			`<p>`
			`For this too, there are several answers. Short summary is "the best it can".`
ungooglify (duck) 2004-07-06 21:38:20 +00:00			`Briefly, I2P attempts to defend against several forms of denial of service`
			`attack, all without centralized coordination. For applications using I2P,`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`the computer they are located on is not exposed to the public, so the`
			`standard denial of service attack cannot be directly mounted against them`
			`(ala ping floods, etc). Instead, attackers are forced to go after the`
			`gateways to that application's inbound tunnels - of which there can be many`
			`at any given time. Each gateway also has its own limits for how many messages`
			`and/or bytes it agrees to send down the tunnel. The application itself`
			`periodically tests these tunnels to make sure they're still reachable and`
			`usable, so if one of them is taken out by an IP level attack of any kind,`
			`it will know and rebuild its leases, specifying new gateways.`
			`</p>`
			`<p>`
			`To prevent individual users from consuming excessive resources (registering`
			`too many tunnels, sending too many messages, looking up too many entries in`
			`the network database, and creating too many router and destination identities),`
			`various messages and identities have a certificate attached to them. Currently`
			`these certificates are blank, but down the line they will be filled with`
			`<a href="http://wiki.invisiblenet.net/iip-wiki?HashCash">IIP Wiki: HashCash</a> - a computationally expensive collision based on the contents of the`
			`message or identity. They can also be filled with other certificates as deemed`
			`necessary (e.g. a blinded certificate from an anonymous certificate authority,`
			`a receipt for real currency payments, etc). It is also believed that through this`
ungooglify (duck) 2004-07-06 21:38:20 +00:00			`certificate attachment system I2P will be able to overcome the <a href="http://citeseer.nj.nec.com/douceur02sybil.html">sybil attack</a>.<br>`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00
			`</p>`
			`<p>`
			`Other denial of service attacks include creating a few thousand high quality`
ungooglify (duck) 2004-07-06 21:38:20 +00:00			`I2P routers, running them for a week, and then taking them all offline. This`
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`indeed may force the creation of islands within the network, but the underlying`
			`<a href="/network_database?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">Network Database</a> is built off of a modified <a href="http://citeseer.nj.nec.com/529075.html">Kademlia</a>,`
			`which should allow the network to recover with minimal overhead (though, of course,`
			`if a router has literally no other peers left after the bad ones leave, that router will`
			`need to 'reseed' - fetch a reference to another router through some other mechanism).`
			`</p>`

			`<hr />`
			`<h3>I have a question!</h3>`

			`<p>Great! Please leave a comment and we'll include it here (with the answer, hopefully)</p>`