I2P is a generic anonymous and secure peer to peer communication layer. It is a network that sits on top of another network (in this case, it sits on top of the internet). It is responsible for delivering a message anonymously and securely to another location. We have both a more detailed summary and more in depth tech info available.
For security purposes, the router's admin console by default only listens for connections on the local interface. However, with a little hacking, you can make it reachable remotely:
clientApp.0.args=7657 127.0.0.1 ./webapps/clientApp.0.args=7657 0.0.0.0 ./webapps/consolePassword=foo (or whatever password you want)After that fires up, you should now be able to reach your console remotely. You will be prompted for a username and password though - the username is "admin" and the password is whatever you specified in step 2 above.
Bm*(Hi+Ho+1). Note that the size of the network (N) does
not come into play at any time.An eepsite is a website that is hosted anonymously - you can access it by setting your web browser's HTTP proxy to use the web proxy (typically it listens on localhost port 4444), and browsing to the site.
Yes - the I2PTunnel eepproxy includes a hook to use an anonymously hosted outbound proxy (squid.i2p). If you have your browser set to use the web proxy, if you type http://google.com/ your request will be routed through I2P to the outbound proxy.
You should consider using a file manager that supports resuming of downloads, like Getright on windows or wget on unix. Until the full streaming protocol is in place, the current streaming protocol lets a transfer fail entirely when a single message is not acknowledged.
I2P is working to support militant grade anonymity, but we're not there yet. You should not use I2P if you need your anonymity - there are likely bugs and perhaps other issues, and it has not gone through sufficient peer review. However, we're confident that we'll get to the point that we can provide anonymity strong enough even for militantly subversive political action (so it should be fine for you to chat online with your friends)
An important point to note is that I2P does not provide anonymity or security of content after it is transferred - you can still download and run a virus, or even submit your full name and bank account numbers on an eepsite. I2P only tries to provide communication security and anonymity - what you say or do is up to you.
For this too, there are several answers. Short summary is "the best it can". Briefly, I2P attempts to defend against several forms of denial of service attack, all without centralized coordination. For applications using I2P, the computer they are located on is not exposed to the public, so the standard denial of service attack cannot be directly mounted against them (ala ping floods, etc). Instead, attackers are forced to go after the gateways to that application's inbound tunnels - of which there can be many at any given time. Each gateway also has its own limits for how many messages and/or bytes it agrees to send down the tunnel. The application itself periodically tests these tunnels to make sure they're still reachable and usable, so if one of them is taken out by an IP level attack of any kind, it will know and rebuild its leases, specifying new gateways.
To prevent individual users from consuming excessive resources (registering too many tunnels, sending too many messages, looking up too many entries in the network database, and creating too many router and destination identities), various messages and identities have a certificate attached to them. Currently these certificates are blank, but down the line they will be filled with HashCash - a computationally expensive collision based on the contents of the message or identity. They can also be filled with other certificates as deemed necessary (e.g. a blinded certificate from an anonymous certificate authority, a receipt for real currency payments, etc). It is also believed that through this certificate attachment system I2P will be able to overcome the sybil attack.
Other denial of service attacks include creating a few thousand high quality I2P routers, running them for a week, and then taking them all offline. This indeed may force the creation of islands within the network, but the underlying Network Database is built off of a modified Kademlia, which should allow the network to recover with minimal overhead (though, of course, if a router has literally no other peers left after the bad ones leave, that router will need to 'reseed' - fetch a reference to another router through some other mechanism).
Quoting a recent discussion on the mailing list:
> Now for this ultra-greedy user, it's irrational > to allocate downstream bandwidth for anything other > than his current huge Bittorrent download. So he > uses 99% of his bandwidth for his own tunnels, and > 1% of his bandwidth for everyone else's tunnels. > It will become a practical issue because people will > write "I2P download optimizers," which will abuse the > network in exactly this way. Here, I'll write the optimal download optimizer for them. Turn java -jar i2ptunnel.jar into java -Dtunnels.depthInbound=0 -jar i2ptunnel.jar voila. The data they receive goes through no other routers, allowing them to get obscene transfer rates (but not wire speed, since we /do/ have some overhead :). They still do have some level of anonymity, since no one else knows their tunnels are 0 hops long (at least, not without statistical analysis or some powerful traffic analysis). This is probably (IANAL) sufficient "plausible deniability" for many people (the RIAA/MPAA won't get the court orders to mount the necessary traffic analysis, though the NSA wouldn't bother) The load on the network is negligible - while they don't add any resources to the net, they don't take much away either. The network routes around these users, and peers only bother to attempt routing their tunnels through those other peers who *do* have excess bandwidth. There is no rational cause for someone who only needs a basic level of anonymity (e.g. for illicit copying of bits) but still wants high throughput to want longer tunnels. Now, the scenario where the user needs better anonymity but still wants higher throughput, they must be made to understand that they simply *can't get* better anonymity unless they route other people's traffic. Its a functional necessity for dealing with powerful adversaries, since otherwise their traffic sticks out like a sore thumb.
I2P is "cryptographically addressed" - meaning when you try to talk to someone, you are trying to talk to whomever has their cryptographic private key. In addition, everything is end to end encrypted. No one - not even your local router - knows the contents of what you send to them (unless 2048bit ElGamal is broken).
No, the host should just work after saving the file.
Great! Please either drop an email to the mailing list or post to the forum and we'll post it here (with the answer, hopefully).