{% trans trac='https://trac.i2p2.de/report/1' -%} -This is intended to be a comprehensive listing of applications used with -I2P. If you know of something that's missing please submit a ticket on -Trac, and be sure to select the -“www” component in the submission form. -{%- endtrans %}
- -{% trans %} -Supported applications are tagged with one or more of the following: -{%- endtrans %}
- -{% trans -%} -Bundled application — I2P ships with a few officially -supported applications that let new users take immediate advantage of -some of I2P's more useful capabilities. -{%- endtrans %}
-{% trans plugins=('stats.i2p/i2p/plugins/') -%} -Third-party plugin — I2P's plugin system provides convenient -deployment of I2P-enabled applications and allows tighter integration -with the router. Plugins are [reviewed by the community](http://{{ plugins }}) to identify security and -anonymity issues. -{%- endtrans %}
-{% trans -%} -Third-party standalone application — Many standard network -applications only require careful setup and configuration to communicate -anonymously over I2P. These are tagged with standalone. Some -applications, tagged with standalone/mod, require patching to -function properly over I2P or to prevent inadvertent disclosure of -identifying information such as the user's hostname or external IP -address. -{%- endtrans %}
-{% trans -%} -Third-party essential network service — Services which on -the I2P network are analogous to those provided on the public Internet -by hosting providers, ISPs, and Google: eepsite indexes and jump -services, search engines, email, DNS-style name services, hosting, -proxies, etc. These services focus on boosting the usefulness of the -network as a whole, and making network content more discoverable. -{%- endtrans %}
-{% trans -%} -Unmaintained — This is used to tag plugins, applications, -and services which appear to be unmaintained and may be removed from -this listing in the future. -{%- endtrans %}
-{% trans threatmodel=site_url('docs/how/threat-model') -%} -Warning: Using an application, plugin, or service with I2P -doesn't automatically protect your anonymity. I2P is merely a set of tools -which can help you mitigate certain identified -threats to anonymity. We do not and cannot make any guarantees about the -safety of the applications, plugins, and services listed below. Most -applications and plugins must be properly configured, and some will need to -be patched — and even then your anonymity might not be assured. Similarly, -services could put your anonymity at risk, either by design or through -carelessness on their part or your own. -{%- endtrans %}
- -{% trans -%} -If you have doubts about the suitability of an application, -plugin, or service for use with I2P, you are urged to inquire about privacy -issues with its maintainers, to search its mailing lists and bug tracker if -one exists, and consult trusted, knowledgeable members of the I2P -community. -{%- endtrans %}
- -{% trans -%} -Take responsibility for your own anonymity and safety — always -seek expert advice, educate yourself, practice good judgment, be mindful of -disclosing personally identifying information, and don't take -shortcuts. -{%- endtrans %}
- -El Dorado — - {% trans %}Lightweight forum software.{% endtrans %} - [{{ _('standalone/mod') }}]
-Pebble — - {% trans %}Another lightweight blogging platform.{% endtrans %} - [{{ _('plugin') }}, {{ _('standalone/mod') }}]
-phpBB — - {% trans %}Most popular open source forum software.{% endtrans %} - [{{ _('standalone/mod') }}]
-Syndie — - {% trans %}Distributed forums software, originally developed by jrandom.{% endtrans %} - [{{ _('plugin') }}, {{ _('standalone') }}, {{ _('unmaintained') }}]
-JAMWiki — -{% trans plugins=i2pconv('plugins.i2p') -%} -A Java-based MediaWiki clone. No external database needed. -Plugin available here. -{%- endtrans %} - [{{ _('standalone') }}, {{ _('plugin') }}]
-Git — - {% trans %}Most popular distributed version control system.{% endtrans %} - [{{ _('standalone') }}]
-Monotone — -{% trans monotone=site_url('get-involved/guides/monotone') -%} -Another distributed version control system. Currently -used in I2P development. -{%- endtrans %} - [{{ _('standalone') }}]
-I2P-Bote — -{% trans -%} -Serverless peer-to-peer email application using a distributed hash table -(DHT) for secure mail storage. -{%- endtrans %} - [{{ _('plugin') }}]
-Postman's anonymous email service — -{% trans -%} -Provides email service within the I2P network via @mail.i2p addresses, -and email gateway service between the I2P network and the public Internet -via @i2pmail.org addresses. One of the oldest continuous services on I2P. -{%- endtrans %} - [{{ _('service') }}]
-susimail — -{% trans -%} -Simple web browser-based email interface. Configured to use Postman's -email service by default. -{%- endtrans %} - [{{ _('bundled') }}]
-Sylpheed Claws, Thunderbird, other MUAs — -{% trans reviews='http://'+i2pconv('hq.postman.i2p')+'/?page_id=9', -smtp='http://'+i2pconv('hq.postman.i2p')+'/?page_id=10', -pop3='http://'+i2pconv('hq.postman.i2p')+'/?page_id=11' -%} -Can be configured to use Postman's email service. See -this comparison of MUAs, -and configuration settings for -SMTP and POP3. -{%- endtrans %} - [{{ _('standalone') }}]
-I2PSnark — - {% trans %}I2P's integrated BitTorrent client.{% endtrans %} - [{{ _('bundled') }}]
-I2PSnarkXL — - {% trans %}Modified version of I2PSnark, no more supported neither - functional.{% endtrans %} - [{{ _('standalone') }}]
-Robert — -{% trans %} -A fork of rufus that uses the Basic Open Bridge (BOB) and has many -improvements, including using the latest wxwidgets and python. It also -supports use of seedless if installed for trackerless torrents and -magnet-link like fetching of torrents within I2P. -{% endtrans %} - [{{ _('standalone') }}]
-Transmission — -{% trans -%} -Clean, full-featured cross-platform BitTorrent client with official -ports for several GUI toolkits. -{%- endtrans %} - [{{ _('standalone/mod') }}]
-Azureus/Vuze — - {% trans %}Has a plugin providing I2P support.{% endtrans %} - [{{ _('standalone') }}]
-{% trans zzz=i2pconv('zzz.i2p') -%} -For a detailed feature comparison of I2P-enabled trackers/indexers, see -here. -{%- endtrans %}
- -Bytemonsoon — -{% trans -%} -The code that powered one of the first major tracker/indexer sites on the -Internet. Patched for I2P. -{%- endtrans %} - [{{ _('standalone/mod') }}]
-opentracker — -{% trans newdevs=site_url('get-involved/guides/new-developers') -%} -Lightweight tracker/indexer. I2P mod available in the i2p.opentracker -branch of the I2P Monotone repository. -{%- endtrans %} - [{{ _('standalone/mod') }}]
-zzzot — -{% trans zzz=i2pconv('zzz.i2p') -%} -zzz's Java-based open tracker. More info -here. -{%- endtrans %} - [{{ _('plugin') }}]
-I2Phex — -{% trans stats=i2pconv('stats.i2p') -%} -Port of the Phex Gnutella client. Website -for plugin version here. -{%- endtrans %} - [{{ _('plugin') }}, {{ _('standalone') }}]
-jwebcache — -{% trans stats=i2pconv('stats.i2p') -%} -Cache for Gnutella peers on I2P. Website for plugin version -here. -{%- endtrans %} - [{{ _('plugin') }}, {{ _('standalone') }}]
-netcat-openbsd — -{% trans -%} -OpenBSD's rewrite of the Unix standard tool, netcat, for socket relaying. -Several clones, ports, and forks have appeared over the years. -{%- endtrans %} - [{{ _('standalone') }}]
-socat — - {% trans %}Like netcat but more powerful.{% endtrans %} - [{{ _('standalone') }}]
-OpenSSH — - {% trans %}Most popular implementation of the Secure Shell (SSH) protocol and related tools.{% endtrans %} - [{{ _('standalone') }}]
-PuTTY — - {% trans %}Open source Secure Shell (SSH) client for Windows.{% endtrans %} - [{{ _('standalone') }}]
-{% trans -%}
-Many IRC clients leak identifying information to servers or other
-clients, so I2P's IRC and SOCKS IRC client tunnels filter certain inbound
-and outbound messages to scrub data such as LAN IP addresses, external IP
-addresses, local hostnames, and the name and version of the IRC client. Two
-message types in particular, DCC and CTCP, can't be sufficiently anonymized
-without changes to the protocols or to IRC client/server code, so they are
-completely blocked, except for CTCP ACTION (the message emitted by the
-/me command) which isn't inherently dangerous.
-{%- endtrans %}
{% trans -%} -I2P's IRC filtering may not cover every possible leak — users should also -check if their client is sending their real name or local username. Packet -sniffers such as Wireshark are -useful here. Eliminating remaining leaks may be as simple as changing the -client's default configuration. If that doesn't help, inform the I2P -developers; they may be able to solve it via additional filtering. -{%- endtrans %}
- -jIRCii — -{% trans stats=i2pconv('stats.i2p') -%} -Small Java-based IRC client. Plugin available here. -{%- endtrans %} - [{{ _('plugin') }}, {{ _('standalone') }}]
-HexChat — - {% trans %}Cross-platform graphical IRC client based on XChat.{% endtrans %} - [{{ _('standalone') }}]
-irssi — - {% trans %}Unixy terminal-based IRC client.{% endtrans %} - [{{ _('standalone') }}]
-WeeChat — - {% trans %}Another Unixy terminal-based IRC client.{% endtrans %} - [{{ _('standalone') }}]
-ngIRCd — - {% trans %}IRC server developed from scratch.{% endtrans %} - [{{ _('standalone/mod') }}]
-UnrealIRCd — - {% trans %}Most popular IRC server.{% endtrans %} - [{{ _('standalone/mod') }}]
-Eepsites — -{% trans -%} -Any website hosted anonymously on I2P, reachable through the I2P router's HTTP proxy. -{%- endtrans %} - [{{ _('service') }}]
-Deepsites — -{% trans -%} -Distributed anonymous websites hosted -using Tahoe-LAFS-I2P, currently only reachable with Tahoe-LAFS-I2P -clients or through the Tahoe-LAFS-I2P HTTP proxy. -{%- endtrans %} - [{{ _('service') }}]
-{{ i2pconv('i2host.i2p') }} — -{% trans sponge=i2pconv('sponge.i2p') -%} -Website for sponge's jump service. -Source code available. -{%- endtrans %} - [{{ _('service') }}]
-{{ i2pconv('i2jump.i2p') }} — - {% trans %}Another jump service.{% endtrans %} - [{{ _('service') }}]
-{{ i2pconv('identiguy.i2p') }} — - {% trans %}Dynamically updated eepsite index.{% endtrans %} - [{{ _('service') }}]
-{{ i2pconv('stats.i2p') }} — - {% trans zzz=i2pconv('zzz.i2p') %}Website for zzz's jump service.{% endtrans %} - [{{ _('service') }}]
-Polipo — - {% trans %}SOCKS-enabled caching web proxy with basic filtering capabilities.{% endtrans %} - [{{ _('standalone') }}]
-Privoxy — -{% trans -%} -Privacy-focused non-caching web proxy with advanced filtering -capabilities. Excels at removing ads and other junk. -{%- endtrans %} - [{{ _('standalone') }}]
-Squid — - {% trans %}Venerable caching web proxy.{% endtrans %} - [{{ _('standalone') }}]
-{% trans -%} -Gateways allowing users on the public Internet to access eepsites. -{%- endtrans %}
- -{% trans -%} -Gateways allowing I2P users to access content hosted on the public Internet. -{%- endtrans %}
- -{% trans -%} -In addition to Jetty, any web server should function over I2P without -modification so long as it's HTTP-compliant. Some web servers known to -currently serve content on the I2P network are: -{%- endtrans %}
- -Apache HTTP Server — - {% trans %}Most popular web server on the public WWW.{% endtrans %} - [{{ _('standalone') }}]
-Apache Tomcat — - {% trans %}Web server and Java servlet container. More features than Jetty.{% endtrans %} - [{{ _('standalone') }}]
-lighttpd — - {% trans %}Fast lightweight web server.{% endtrans %} - [{{ _('standalone') }}]
-nginx — - {% trans %}High-performance lightweight web server.{% endtrans %} - [{{ _('standalone') }}]
-{% trans %}I2P strives to be safe in it's default configuration for all users. In most, possibly all countries, anonymizing +software and strong encryption are not illegal to possess or use.{% endtrans %}
+ +{% trans %} It may be dangerous to use I2P in what the project calls "Strict Countries" where the law may not be clear on anonymizing software and where risks are judged to be fairly high. Most I2P peers are not in those strict countries and the ones that are are placed in "Hidden Mode" where they interact with the rest of the network in more limited ways, so that they are less visible to network observers. Structurally, taking over a single peer, or even a fairly large group of peers, with a subpoena is not an effective way to deanonymizing anybody else's traffic. +{% endtrans %}
+ +Before you use I2P, use Basic Computer Hygiene Always! Apply your OS vendor provided software updates in a prompt manner. Be aware of the state of your firewall and anti-virus status if you use one. Always get your software from authentic sources.
+{% trans %}It can be deduced that somebody is using the I2P network with some reliability, but it is a little difficult to know for sure. +The most reliable way to know for sure would be to have a computer with a fairly stable IP address that you suspect is an I2P user, and a +bunch of computers you control on different networks all running I2P. When one of them connects to your suspected computer, you will be able +to see their I2P router in the netDB. This might take time, and it might never happen. You could also try blocking all obfuscated traffic +on a particular network until you're sure every I2P router on that network has lost all of it's peers. At that point, they'll reach out +to reseed servers to get more peers, which a network administrator can probably observe.{% endtrans %}
+{% trans %}Yes, by far the easiest and most common way is by blocking bootstrap, or "Reseed" servers. Completely blocking all obfuscated traffic +would work as well (although it would break many, many other things that are not I2P and most are not willing to go this far). +In the case of reseed blocking, there is a reseed bundle on Github, blocking it will also block Github. +You can reseed over a proxy (many can be found on Internet if you do not want to use Tor) or share reseed bundles on a friend-to-friend basis offline.{% endtrans %}
+{% trans %}If you're hosting a personal blog or doing something otherwise non-sensitive, then you are obviously in little danger. +If you have privacy needs that are basically non-specific, you are in little danger. If you are hosting something sensitive, then +your services will go down at the same time that your router goes down. Someone who observes your downtime and correlates it to +real-world events could probably de-anonymize you with enough effort. I2P has defenses available against this like multihoming or +Tahoe-LAFS, but they require additional set up and are only appropriate for some threat models. There is no magic solution, protecting +yourself from a real threat will take real consideration in any case.{% endtrans %}
+ +The I2P Addressbook application maps human-readable names to long-term destinations, associated with services, making it more like a hosts file or a contact list than a network database or a DNS service. It's also local-first there is no recognized global namespace, you decide what any given .i2p domain maps to in the end. The middle-ground is something called a "Jump Service" which provides a human-readable name by redirecting you to a page where you will be asked "Do you give the I2P router permission to call $SITE_CRYPTO_KEY the name $SITE_NAME.i2p" or something to that effect. Once it's in your addressbook, you can generate your own jump URL's to help share the site with others.
+ +{% trans %}You cannot add an address without knowing at least the base32 or base64 of the site you want to visit. The "hostname" which is human-readable is only an alias for the cryptographic address, which corresponds to the base32 or base64. Without the cryptographic address, there is no way to access an I2P site, this is by design. Distributing the address to people who do not know it yet is usually the responsibility of the Jump service provider. Visiting an I2P site which is unknown will trigger the use of a Jump service. stats.i2p is the most reliable Jump service.{% endtrans %}
+ +{% trans %}If you're hosting a site via i2ptunnel, then it won't have a registration with a jump service yet. To give it a URL locally, then visit the configuration page and click the button that says "Add to Local Addressbook." Then go to http://127.0.0.1:7657/dns to look up the addresshelper URL and share it.{% endtrans %}
+