i2p.www/pages/faq.html

<h1>FAQ</h1>
<h3>What is <B style="color:black;background-color:#ffff66">I2P</B>?</h3>
<p><B style="color:black;background-color:#ffff66">I2P</B> is a generic anonymous and secure peer to peer communication layer. It is a network that sits on 
top of another network (in this case, it sits on top of the internet). It is responsible for delivering 
a message anonymously and securely to another location.  More tech details are 
<a href="/book/view/39?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">available</a></p>

<h3>What does that mean?</h3>
<p>It means that you can do things anonymously and host services anonymously from your computer. 
You will need to use programs that are designed to work with <B style="color:black;background-color:#ffff66">I2P</B>, though in some cases you can use 
regular internet programs with <B style="color:black;background-color:#ffff66">I2P</B> by creating something called an 
<a href="/i2ptunnel?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">I2PTunnel</a></p>

<h3>What is the difference between <B style="color:black;background-color:#ffff66">I2P</B> and the internet?</h3>
<p>Data transferred via <B style="color:black;background-color:#ffff66">I2P</B> is anonymous and encrypted. Regular internet traffic is not 
(although it can be encrypted). If you set up a web page using <B style="color:black;background-color:#ffff66">I2P</B>, nobody will know who 
you are. If you browse a web page using <B style="color:black;background-color:#ffff66">I2P</B>, nobody will know who you are. If you transfer 
files using <B style="color:black;background-color:#ffff66">I2P</B>, nobody will know who you are.</p>

<h3>Whats an "eepsite"?</h3>
<p>An eepsite is a website that is hosted anonymously - you can access it by setting your web browser's HTTP proxy to use the web proxy (typically it listens on localhost port 4444),
and browsing to the site.</p>

<h3>Can I browse the web with <B style="color:black;background-color:#ffff66">I2P</B>?</h3>
<p>Yes - the I2PTunnel eepproxy includes a hook to use an anonymously hosted outbound proxy
(squid.<B style="color:black;background-color:#ffff66">i2p</B>).  If you have your browser set to use the web proxy, if you type 
http://google.com/ your request will be routed through <B style="color:black;background-color:#ffff66">I2P</B> to the outbound proxy.</p>

<h3>How anonymous is <B style="color:black;background-color:#ffff66">I2P</B> anyway?</h3>
<p><B style="color:black;background-color:#ffff66">I2P</B> is working to support militant grade anonymity, <b>but we're not there yet</b>.  You should not
use <B style="color:black;background-color:#ffff66">I2P</B> if you <i>need</i> your anonymity - there are likely bugs and perhaps other issues, and it
has not gone through sufficient peer review.  However, we're confident that we'll get to the point
that we can provide anonymity strong enough even for militantly subversive political action (so it
should be fine for you to chat online with your friends)</p>

<p>An important point to note is that <B style="color:black;background-color:#ffff66">I2P</B> does <b>not</b> provide anonymity or security of content
after it is transferred - you can still download and run a virus, or even submit your full name 
and bank account numbers on an eepsite.  <B style="color:black;background-color:#ffff66">I2P</B> only tries to provide communication security and anonymity -
what you say or do is up to you.</p>

<h3>How does <B style="color:black;background-color:#ffff66">I2P</B> protect itself from denial of service attacks?</h3>

<p>
	For this too, there are several answers. Short summary is "the best it can".  
	Briefly, <B style="color:black;background-color:#ffff66">I2P</B> attempts to defend against several forms of denial of service 
	attack, all without centralized coordination. For applications using <B style="color:black;background-color:#ffff66">I2P</B>, 
	the computer they are located on is not exposed to the public, so the 
	standard denial of service attack cannot be directly mounted against them
	(ala ping floods, etc). Instead, attackers are forced to go after the 
	gateways to that application's inbound tunnels - of which there can be many
	at any given time. Each gateway also has its own limits for how many messages
	and/or bytes it agrees to send down the tunnel. The application itself 
	periodically tests these tunnels to make sure they're still reachable and 
	usable, so if one of them is taken out by an IP level attack of any kind,
	it will know and rebuild its leases, specifying new gateways.  
</p>
<p>
	To prevent individual users from consuming excessive resources (registering
	too many tunnels, sending too many messages, looking up too many entries in
	the network database, and creating too many router and destination identities),
	various messages and identities have a certificate attached to them.  Currently
	these certificates are blank, but down the line they will be filled with
	<a href="http://wiki.invisiblenet.net/iip-wiki?HashCash">IIP Wiki: HashCash</a> - a computationally expensive collision based on the contents of the
	message or identity.  They can also be filled with other certificates as deemed
	necessary (e.g. a blinded certificate from an anonymous certificate authority, 
	a receipt for real currency payments, etc).  It is also believed that through this 
	certificate attachment system <B style="color:black;background-color:#ffff66">I2P</B> will be able to overcome the <a href="http://citeseer.nj.nec.com/douceur02sybil.html">sybil attack</a>.<br>

</p>
<p>
	Other denial of service attacks include creating a few thousand high quality 
	<B style="color:black;background-color:#ffff66">I2P</B> routers, running them for a week, and then taking them all offline.  This 
	indeed may force the creation of islands within the network, but the underlying
	<a href="/network_database?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">Network Database</a> is built off of a modified <a href="http://citeseer.nj.nec.com/529075.html">Kademlia</a>,
	which should allow the network to recover with minimal overhead (though, of course,
	if a router has literally no other peers left after the bad ones leave, that router will
	need to 'reseed' - fetch a reference to another router through some other mechanism).
</p>

<hr />
<h3>I have a question!</h3>

<p>Great!  Please leave a comment and we'll include it here (with the answer, hopefully)</p>
beginning of branch i2p.www.i2pwww 2004-07-06 20:39:18 +00:00			`<h1>FAQ</h1>`
			`<h3>What is <B style="color:black;background-color:#ffff66">I2P</B>?</h3>`
			`<p><B style="color:black;background-color:#ffff66">I2P</B> is a generic anonymous and secure peer to peer communication layer. It is a network that sits on`
			`top of another network (in this case, it sits on top of the internet). It is responsible for delivering`
			`a message anonymously and securely to another location. More tech details are`
			`<a href="/book/view/39?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">available</a></p>`

			`<h3>What does that mean?</h3>`
			`<p>It means that you can do things anonymously and host services anonymously from your computer.`
			`You will need to use programs that are designed to work with <B style="color:black;background-color:#ffff66">I2P</B>, though in some cases you can use`
			`regular internet programs with <B style="color:black;background-color:#ffff66">I2P</B> by creating something called an`
			`<a href="/i2ptunnel?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">I2PTunnel</a></p>`

			`<h3>What is the difference between <B style="color:black;background-color:#ffff66">I2P</B> and the internet?</h3>`
			`<p>Data transferred via <B style="color:black;background-color:#ffff66">I2P</B> is anonymous and encrypted. Regular internet traffic is not`
			`(although it can be encrypted). If you set up a web page using <B style="color:black;background-color:#ffff66">I2P</B>, nobody will know who`
			`you are. If you browse a web page using <B style="color:black;background-color:#ffff66">I2P</B>, nobody will know who you are. If you transfer`
			`files using <B style="color:black;background-color:#ffff66">I2P</B>, nobody will know who you are.</p>`

			`<h3>Whats an "eepsite"?</h3>`
			`<p>An eepsite is a website that is hosted anonymously - you can access it by setting your web browser's HTTP proxy to use the web proxy (typically it listens on localhost port 4444),`
			`and browsing to the site.</p>`

			`<h3>Can I browse the web with <B style="color:black;background-color:#ffff66">I2P</B>?</h3>`
			`<p>Yes - the I2PTunnel eepproxy includes a hook to use an anonymously hosted outbound proxy`
			`(squid.<B style="color:black;background-color:#ffff66">i2p</B>). If you have your browser set to use the web proxy, if you type`
			`http://google.com/ your request will be routed through <B style="color:black;background-color:#ffff66">I2P</B> to the outbound proxy.</p>`

			`<h3>How anonymous is <B style="color:black;background-color:#ffff66">I2P</B> anyway?</h3>`
			`<p><B style="color:black;background-color:#ffff66">I2P</B> is working to support militant grade anonymity, <b>but we're not there yet</b>. You should not`
			`use <B style="color:black;background-color:#ffff66">I2P</B> if you <i>need</i> your anonymity - there are likely bugs and perhaps other issues, and it`
			`has not gone through sufficient peer review. However, we're confident that we'll get to the point`
			`that we can provide anonymity strong enough even for militantly subversive political action (so it`
			`should be fine for you to chat online with your friends)</p>`

			`<p>An important point to note is that <B style="color:black;background-color:#ffff66">I2P</B> does <b>not</b> provide anonymity or security of content`
			`after it is transferred - you can still download and run a virus, or even submit your full name`
			`and bank account numbers on an eepsite. <B style="color:black;background-color:#ffff66">I2P</B> only tries to provide communication security and anonymity -`
			`what you say or do is up to you.</p>`

			`<h3>How does <B style="color:black;background-color:#ffff66">I2P</B> protect itself from denial of service attacks?</h3>`

			`<p>`
			`For this too, there are several answers. Short summary is "the best it can".`
			`Briefly, <B style="color:black;background-color:#ffff66">I2P</B> attempts to defend against several forms of denial of service`
			`attack, all without centralized coordination. For applications using <B style="color:black;background-color:#ffff66">I2P</B>,`
			`the computer they are located on is not exposed to the public, so the`
			`standard denial of service attack cannot be directly mounted against them`
			`(ala ping floods, etc). Instead, attackers are forced to go after the`
			`gateways to that application's inbound tunnels - of which there can be many`
			`at any given time. Each gateway also has its own limits for how many messages`
			`and/or bytes it agrees to send down the tunnel. The application itself`
			`periodically tests these tunnels to make sure they're still reachable and`
			`usable, so if one of them is taken out by an IP level attack of any kind,`
			`it will know and rebuild its leases, specifying new gateways.`
			`</p>`
			`<p>`
			`To prevent individual users from consuming excessive resources (registering`
			`too many tunnels, sending too many messages, looking up too many entries in`
			`the network database, and creating too many router and destination identities),`
			`various messages and identities have a certificate attached to them. Currently`
			`these certificates are blank, but down the line they will be filled with`
			`<a href="http://wiki.invisiblenet.net/iip-wiki?HashCash">IIP Wiki: HashCash</a> - a computationally expensive collision based on the contents of the`
			`message or identity. They can also be filled with other certificates as deemed`
			`necessary (e.g. a blinded certificate from an anonymous certificate authority,`
			`a receipt for real currency payments, etc). It is also believed that through this`
			`certificate attachment system <B style="color:black;background-color:#ffff66">I2P</B> will be able to overcome the <a href="http://citeseer.nj.nec.com/douceur02sybil.html">sybil attack</a>.<br>`

			`</p>`
			`<p>`
			`Other denial of service attacks include creating a few thousand high quality`
			`<B style="color:black;background-color:#ffff66">I2P</B> routers, running them for a week, and then taking them all offline. This`
			`indeed may force the creation of islands within the network, but the underlying`
			`<a href="/network_database?PHPSESSID=a8b251952f5a8f0b893e37f48a2c6f64">Network Database</a> is built off of a modified <a href="http://citeseer.nj.nec.com/529075.html">Kademlia</a>,`
			`which should allow the network to recover with minimal overhead (though, of course,`
			`if a router has literally no other peers left after the bad ones leave, that router will`
			`need to 'reseed' - fetch a reference to another router through some other mechanism).`
			`</p>`

			`<hr />`
			`<h3>I have a question!</h3>`

			`<p>Great! Please leave a comment and we'll include it here (with the answer, hopefully)</p>`