diff --git a/graphs/.$10 things to do if you are pro-freedom.drawio.bkp b/graphs/.$10 things to do if you are pro-freedom.drawio.bkp index 68ada5a..4e5097e 100644 --- a/graphs/.$10 things to do if you are pro-freedom.drawio.bkp +++ b/graphs/.$10 things to do if you are pro-freedom.drawio.bkp @@ -1,6 +1,6 @@ - + @@ -169,8 +169,8 @@ - - + + diff --git a/graphs/.$lantern.drawio.bkp b/graphs/.$lantern.drawio.bkp index c6b139e..18ca81b 100644 --- a/graphs/.$lantern.drawio.bkp +++ b/graphs/.$lantern.drawio.bkp @@ -1,6 +1,6 @@ - + @@ -194,10 +194,10 @@ - + - + @@ -205,18 +205,166 @@ - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/graphs/10 things to do if you are pro-freedom.drawio b/graphs/10 things to do if you are pro-freedom.drawio index 15566c8..3f4b88e 100644 --- a/graphs/10 things to do if you are pro-freedom.drawio +++ b/graphs/10 things to do if you are pro-freedom.drawio @@ -1,6 +1,6 @@ - + @@ -169,8 +169,8 @@ - - + + diff --git a/graphs/lantern.drawio b/graphs/lantern.drawio index c6b139e..18ca81b 100644 --- a/graphs/lantern.drawio +++ b/graphs/lantern.drawio @@ -1,6 +1,6 @@ - + @@ -194,10 +194,10 @@ - + - + @@ -205,18 +205,166 @@ - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/opsec/anonymityexplained/10.png b/opsec/anonymityexplained/10.png new file mode 100644 index 0000000..6a27766 Binary files /dev/null and b/opsec/anonymityexplained/10.png differ diff --git a/opsec/anonymityexplained/11.png b/opsec/anonymityexplained/11.png new file mode 100644 index 0000000..39d4782 Binary files /dev/null and b/opsec/anonymityexplained/11.png differ diff --git a/opsec/anonymityexplained/12.png b/opsec/anonymityexplained/12.png new file mode 100644 index 0000000..c2c8c0d Binary files /dev/null and b/opsec/anonymityexplained/12.png differ diff --git a/opsec/anonymityexplained/8.png b/opsec/anonymityexplained/8.png new file mode 100644 index 0000000..88343b1 Binary files /dev/null and b/opsec/anonymityexplained/8.png differ diff --git a/opsec/anonymityexplained/9.png b/opsec/anonymityexplained/9.png new file mode 100644 index 0000000..c4c38cd Binary files /dev/null and b/opsec/anonymityexplained/9.png differ diff --git a/opsec/anonymityexplained/index.html b/opsec/anonymityexplained/index.html index 8e17124..f22cef1 100644 --- a/opsec/anonymityexplained/index.html +++ b/opsec/anonymityexplained/index.html @@ -60,7 +60,7 @@
- Previous Page

nihilist@mainpc - 2024-06-29

+ Previous Page

nihilist@mainpc, zl - 2025-03-15

What is Anonymity ? Why is it Important ?

@@ -116,10 +116,117 @@

If you look closer at the image the "Certificate of authenticity" says that it is the 41st plushie amongst the 100 that exist. Therefore if the adversary is the plushie seller, your anonymity odds have been reduced 1 out of 1 as he knows to whom he sent the 41st plushie. Meaning that you just deanonymized yourself for that particular adversary.

You get the idea, if you want to remain Anonymous, you need to always ask yourself "how many people could send that?", if you were to send that picture i sent above, you'd realize that this is a bad idea. The same concept applies as if you were to say what is your real IRL name, your phone number, your home address, your home public IP address, etc. Do not give bullets to an adversary, as he will use everything you give him to shoot you.

The least info you send about yourself, what you like, what you dislike, where you live, where you work, what's your past, the better, as otherwise it will be exponentially easier for an adversary to narrow down the possibilities of who you could be, amongst a given group of people.

+

A question arises, how can we quantify how anonymous we are? When there are adversaries after you and important things to protect, this is a very important issue to consider because, if you can't measure anonymity or the weight of your decisions, how can you tell when you make large mistakes or can improve?

+

We are going to use simple Information Theory for this, a field that deals with everything related to information and gives us a framework. By using "bits" to quantify information, we will have a way to calculate impact.

+
+
+
+
+

Anonymity and Information

+

+ In Information Theory, a "bit" is defined as any information that reduces the space of possibilities by a factor of 2. + This definition may seem weird so an example helps display it clearly. +

+

+ Imagine I am a detective and I know one out of 16 suspects is the culprit. Assume there are 8 men and 8 women. +

+

+ Now, checking security cameras, I learn it was 100% a male by the figure size. With this piece of information, I can rule out the 8 women as suspects, leaving me with only 8 remaining suspects (the men). +

+

+ With that information, my suspects went from 16 —> 8, it halved. Therefore, the information that the culprit was male is 1 bit. +

+ +
+ +

+ This is a powerful concept since it allows us to quantify the value and impact of any information and combine them. +

+

+ Let's make this clearer:

+ You can be fully deanonymized with just ~33 bits of information since log2(8 billion) ≈ 33. + If you half a group of 8 billion things 33 times, you will always be left with 1 singular item, which in this case would be your real identity. +

+

+ So in a game of anonymity, your goal is to minimize the amount of bits you leak and your adversary's goal is to get as many bits as possible until they can brute force your true identity. +

+

(Note that it is impossible to leak 0 bits of information. This will be shown later, but you will always be interacting: your computer will be connected to a network which uses TCP/IP for packet routing which travels through underground cables, and so on, so information transfer will occur.)

+ +

Adversaries


+

Before we can get into specifics of our framework, we have to understand adversaries. They are entities (individuals, companies, states) who are trying to deanonymize you.

+

Our threat model and approach depends on the resources of the adversary.

+

If your home (ISP) IP address is leaked, some guy on the internet may know what city you live in based on IP geolocation. Thats roughly, assuming a city population of 30,000, + log2(8 billion/30000) ≈ 21.2 bits of information. A lot, yes, but as a regular person, it will be mostly infeasible to search the city for your identity, unless he had more information. +

+

However, let's say your adversary is a Nation State. They will simply subpoena the ISP who owns the IP address, obtaining your name, address, and payment details, all 33 bits collected. When dealing with more resourceful adversaries, they are able to extract more with what they learn.

+
+


As displayed in the diagram, strong adversaries have more opportunity and gain with the same information.

+

Motives also vary between adversaries. Google, who let's say has been watching your search history and browser info, learns that you are in New York City, in your 20s, male, skii, and love cats. There will be very few people who meet this whole criteria, but Google obtains this information for advertisement targeting.

+ +

Information Leakage


+

Now that we understand information, let's briefly look at how we leak information and how identifiable it is.

+

Activity Schedules: + Over a long enough time period, any form of activity such as forum posts, account logins, tweets, and git commit will fall into a specific time zone. Depending on your location this can leak roughly ~6-6.5 bits of information.
+ Network/Browser: + You will still be connecting to the internet and several parties (ISP, VPN, Website) get various fingerprintable info. This can leak anywhere from ~2-10+ bits of information.
+ Words: + Your speech topics and patterns can provide insight into your age, interests, race, and professsion, leaking anywhere from ~2-20+ bits of information.

+

Without going into detail, your physical attributes, username, gait, and many other things leak information. However, the true power that the adversary has is the combination of information. They collect as many bits as possible since they can be added together, as mentioned previously.

+

Think of your adversary drawing circles to encompass each piece of information they have. Even from huge sample sizes, just ~16 bits narrows you down to a few thousand people extremely fast and when the adversary is a state, they can likely bruteforce to figure out the last few bits in that group.

+
+



As showcased before with the plushie, OPSEC failures often occur with drastic leakage of bits. Most information, even if not identifiable and simple, is highly usable and a single leak of something that contains 10+ bits of information could be enough. A few examples:

+

+ - Mentioning that you were close to an real world event, narrowing you to a part of a country. (8+ bits)
+ - Giving clues to your ethnicity/languages AND real world location. (12+ bits)
+ - Logging into a personal account at the same time as an anonymous forum account with the same IP. (20+ bits). +

+

Seemingly mundane information transfer is highly compromising when put together.

+

So if we are constantly leaking information, what can we do?

+ +
+
+
+
+ +
+
+
+
+

Anonymity in Practice

+


There are two ways to maintain anonymity with bit leakage in mind: Being in opaque, identical groups and misdirection.

+

Identical Groups


+

One of the core ideas of anonymity, as mentioned earlier, is that everyone should appear the exact same. But why?

+

We can see that the thing that makes bit leakage very dangerous is the combination of them. If an adversary figures out three details about you, even if they are found independently and are vague, when put together, the group size becomes incredibly small. Now, can we stop them from combining the information?

+

This is where the idea of being in identical groups comes in.

+

For an adversary to reliably combine informational bits, the groups (circles in the diagram) have to be transparent. For example, if an adversary knows that you are male and in Germany, then they can put those together without problem since [Male in Germany] is distinct.

+

Now let's say instead your adversary knows you use TOR and live in Germany. Independently, these are ~12 bits and ~6.6 bits of information. But there's an issue for the adversary. The group of TOR users is opaque, every single one looks the same. You cannot distinguish a German TOR user from a TOR user, therefore these two pieces of information cannot be combined.

+

Let's look at this in our previous circle view:

+ +
+
+
+
+ + +


In the left image, although there are 4 groups, everyone person inside of a group looks the same. Overlapping regions can't be seen or analyzed and information can't be combined. The only thing an adversary can know is that you are somewhere in each of the circles independently.

+

However, in the right image, the groups are transparent and people are distinct. You can see the people in each overlapping and, with the combined information that you are part of all four groups, they can easily deanonymize you in the very small overlapping.

+

So, by using tools (TOR , XMR, etc) where every user is identical and non-identifiable, we are not only minimizing bit leakage but also making most leaked bits unusable, significantly decreasing deanonymization risk.

+

It's recommended to be of roughly aware of how many bits you have leaked in an anonymous persona in order to maintain anonymity. We can take advantage of bit leakage by providing false information which may mislead an adversary.

+

To change things like speech, you can use local LLMs and perhaps give fake data about location, skillset, and other idenifiable information. If an adversary combines the incorrect bits with real information, they may be looking for you in a completely wrong group/area.

+

Awareness is crucial: knowing what your adversary might know, actively minimizing bit leakage, and staying in identical, non-identifiable groups are all important.

+ + + + +
+
+
+
+
@@ -228,7 +335,10 @@ All of it because the government intends to destroy Bob's right to remain Anonym

About nihilist

-

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@contact.nowhere.moe (PGP)

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8

Contact: nihilist@contact.nowhere.moe (PGP)

+

About zl

+

Donate XMR: 83geT3KQZGthZ99r1z72t58TFztdDHGHjgnCB3jvniV8FC1bcYf6HriDnSpnt2SZXzcBByNCcjRHiPmtNu5G8CuNG9mfDyY

+
diff --git a/opsec/i2ptorrents/0.0.png b/opsec/i2ptorrents/0.0.png new file mode 100644 index 0000000..dd411fe Binary files /dev/null and b/opsec/i2ptorrents/0.0.png differ diff --git a/opsec/i2ptorrents/0.1.png b/opsec/i2ptorrents/0.1.png new file mode 100644 index 0000000..1907ede Binary files /dev/null and b/opsec/i2ptorrents/0.1.png differ diff --git a/opsec/i2ptorrents/1.png b/opsec/i2ptorrents/1.png new file mode 100644 index 0000000..fdd5614 Binary files /dev/null and b/opsec/i2ptorrents/1.png differ diff --git a/opsec/i2ptorrents/10.png b/opsec/i2ptorrents/10.png new file mode 100644 index 0000000..8553b09 Binary files /dev/null and b/opsec/i2ptorrents/10.png differ diff --git a/opsec/i2ptorrents/11.png b/opsec/i2ptorrents/11.png new file mode 100644 index 0000000..d482e8b Binary files /dev/null and b/opsec/i2ptorrents/11.png differ diff --git a/opsec/i2ptorrents/12.png b/opsec/i2ptorrents/12.png new file mode 100644 index 0000000..86f903a Binary files /dev/null and b/opsec/i2ptorrents/12.png differ diff --git a/opsec/i2ptorrents/13.png b/opsec/i2ptorrents/13.png new file mode 100644 index 0000000..9239cf4 Binary files /dev/null and b/opsec/i2ptorrents/13.png differ diff --git a/opsec/i2ptorrents/14.png b/opsec/i2ptorrents/14.png new file mode 100644 index 0000000..9865350 Binary files /dev/null and b/opsec/i2ptorrents/14.png differ diff --git a/opsec/i2ptorrents/15.png b/opsec/i2ptorrents/15.png new file mode 100644 index 0000000..1bbdf90 Binary files /dev/null and b/opsec/i2ptorrents/15.png differ diff --git a/opsec/i2ptorrents/16.png b/opsec/i2ptorrents/16.png new file mode 100644 index 0000000..4a7eb34 Binary files /dev/null and b/opsec/i2ptorrents/16.png differ diff --git a/opsec/i2ptorrents/17.png b/opsec/i2ptorrents/17.png new file mode 100644 index 0000000..c9d687a Binary files /dev/null and b/opsec/i2ptorrents/17.png differ diff --git a/opsec/i2ptorrents/18.png b/opsec/i2ptorrents/18.png new file mode 100644 index 0000000..02452af Binary files /dev/null and b/opsec/i2ptorrents/18.png differ diff --git a/opsec/i2ptorrents/19.png b/opsec/i2ptorrents/19.png new file mode 100644 index 0000000..32150d0 Binary files /dev/null and b/opsec/i2ptorrents/19.png differ diff --git a/opsec/i2ptorrents/2.png b/opsec/i2ptorrents/2.png new file mode 100644 index 0000000..19cd7f8 Binary files /dev/null and b/opsec/i2ptorrents/2.png differ diff --git a/opsec/i2ptorrents/20.png b/opsec/i2ptorrents/20.png new file mode 100644 index 0000000..d111dad Binary files /dev/null and b/opsec/i2ptorrents/20.png differ diff --git a/opsec/i2ptorrents/21.png b/opsec/i2ptorrents/21.png new file mode 100644 index 0000000..6f9ab82 Binary files /dev/null and b/opsec/i2ptorrents/21.png differ diff --git a/opsec/i2ptorrents/22.png b/opsec/i2ptorrents/22.png new file mode 100644 index 0000000..0b1aadd Binary files /dev/null and b/opsec/i2ptorrents/22.png differ diff --git a/opsec/i2ptorrents/23.png b/opsec/i2ptorrents/23.png new file mode 100644 index 0000000..766e59b Binary files /dev/null and b/opsec/i2ptorrents/23.png differ diff --git a/opsec/i2ptorrents/24.png b/opsec/i2ptorrents/24.png new file mode 100644 index 0000000..d850e2a Binary files /dev/null and b/opsec/i2ptorrents/24.png differ diff --git a/opsec/i2ptorrents/25.png b/opsec/i2ptorrents/25.png new file mode 100644 index 0000000..cbdc238 Binary files /dev/null and b/opsec/i2ptorrents/25.png differ diff --git a/opsec/i2ptorrents/26.png b/opsec/i2ptorrents/26.png new file mode 100644 index 0000000..1d55794 Binary files /dev/null and b/opsec/i2ptorrents/26.png differ diff --git a/opsec/i2ptorrents/3.png b/opsec/i2ptorrents/3.png new file mode 100644 index 0000000..ea06da4 Binary files /dev/null and b/opsec/i2ptorrents/3.png differ diff --git a/opsec/i2ptorrents/4.png b/opsec/i2ptorrents/4.png new file mode 100644 index 0000000..0483a5d Binary files /dev/null and b/opsec/i2ptorrents/4.png differ diff --git a/opsec/i2ptorrents/5.png b/opsec/i2ptorrents/5.png new file mode 100644 index 0000000..f0f1778 Binary files /dev/null and b/opsec/i2ptorrents/5.png differ diff --git a/opsec/i2ptorrents/6.png b/opsec/i2ptorrents/6.png new file mode 100644 index 0000000..9c35c22 Binary files /dev/null and b/opsec/i2ptorrents/6.png differ diff --git a/opsec/i2ptorrents/7.png b/opsec/i2ptorrents/7.png new file mode 100644 index 0000000..936c7c3 Binary files /dev/null and b/opsec/i2ptorrents/7.png differ diff --git a/opsec/i2ptorrents/8.png b/opsec/i2ptorrents/8.png new file mode 100644 index 0000000..e07aa71 Binary files /dev/null and b/opsec/i2ptorrents/8.png differ diff --git a/opsec/i2ptorrents/9.png b/opsec/i2ptorrents/9.png new file mode 100644 index 0000000..21eb799 Binary files /dev/null and b/opsec/i2ptorrents/9.png differ diff --git a/opsec/i2ptorrents/index.html b/opsec/i2ptorrents/index.html new file mode 100644 index 0000000..327ec7c --- /dev/null +++ b/opsec/i2ptorrents/index.html @@ -0,0 +1,539 @@ + + + + + + + + + + + Peer-to-Peer Large File Sharing (Torrents over I2P) + + + + + + + + + + + + + + + + + + + +
+
+
+ + The Nihilism Blog +
+
+ +
+ +
+
+ + + +
+
+
+
+ Previous Page

oxeo0 - 2025 / 03 / 14

+

Peer-to-Peer Large File Sharing (Torrents over I2P)

+ +

+ +
+
+
+
+ + +
+
+
+
+

Introduction

+ +

+ Torrenting is a popular way to share large files. It allows users to share them without having to trust the central server.
+ However, back in 2004 when BitTorrent protocol was invented, nobody really thought about making it anonymous or even encrypted. + Thus torrenting requires client to share their IP address publicly. This means that torrenting can be used to track people's activities on the Internet. + In order to protect your privacy and anonymity, you should use a VPN or anonymizing proxy (like I2P) when sharing files over BitTorrent protocol. +

+ +

+ We already know how to share files with BitTorrent client over VPN. While this is secure, fast and convenient, it doesn't make us truly anonymous. +

+ +

+ In this tutorial, we'll configure an I2P router to share files using the I2P bittorrent client. +

+ +

+ Using torrents with I2P has several benefits: +

    +
  • Full anonymity - while VPN masks the IP address of the client, I2P gets rid of IP addresses entirely replacing them with destination tunnel addresses.

    • +
  • Decentralization - it works without trackers or a central authority.

    • +
  • Free (as in price) - you don't need to buy a VPN service for both Alice and Bob.

    • +
  • Traffic obfuscation - I2P has transit tunnels which make it harder to fingerprint torrent traffic.

    • +
+

+

+ But it also comes with several drawbacks: +

    +
  • Speed - I2P is much slower than VPN because it routes the traffic through several hops.

    • +
  • Convenience - I2P needs to build the tunnels for some time before torrenting. It's best to keep it running in the background to get faster tunnels which may be inconvenient.

    • +
+

+ +
+
+
+
+ +
+
+
+
+

Why I2P, not Tor?



+ +

+ Both I2P and Tor are encrypted overlay networks which aim to deliever privacy and anonymity for servers and clients. + They use onion or garlic routing to hide originating and destination IP addresses. To discover servers on the network, they both use Distributed Hash Table (DHT).
+ However while Tor is designed mostly for client-server applications, I2P takes more peer-to-peer approach. + In I2P, every node is encouraged to act as a relay for others. Your I2P client will accept transit tunnels to participate in anonymizing traffic of other nodes. This also has the benefit of obscuring you traffic volume preventing bandwidth correlation attacks. + On the other hand, Tor relays are usually ran by volounteers on separate Tor instances, they require high bandwidth and stable internet connection so most of them run in datacenters. +

+ +

+ Another very important aspect is that Tor still doesn't support UDP traffic which torrents require to function. It's possible to do UDP tunneling over Tor but it's not very efficient and requires specific configuration.
+ The Tor community discourages usage of Tor for torrenting.
+ I2P on the other hand is built on top of UDP and is much better suited for torrenting. Over the years, the torrenting ecosystem in I2P matured to the point where even qBittorrent introduced experimental I2P support.
+ However in this guide we'll use the bittorrent client built specifically for I2P - I2PSnark. +

+ +
+
+
+
+ +
+
+
+
+

Prerequisites



+ +

+ It's assumed Alice and Bob have a working internet connection, a Debian 12 with a desktop environment and root access to their computers.
+ They can have firewall or NAT (I2P can do NAT traversal) but it would be ideal to have the ability to open one UDP port on the router. + It's also possible to run I2P on a separate machine in your LAN (like a NAS or Raspberry PI running Debian). I2P greatly benefits from running constantly since it can discover faster tunnels over time. +

+ +

+Here's a simplified graph showcasing how the file will be sent over I2P network:

+ + +
+
+ +

+ +
+
+
+
+ +
+
+
+
+

I2P Installation (Alice AND Bob)



+ +

+Both Alice and Bob need to install I2P on their computers. The steps listed below are up-to-date as of now, but always check the official guide in case something has changed since this guide was written.
+ +Install packages used for adding repositories and signing keys: + +

alice@alicepc:~$ sudo apt update
+alice@alicepc:~$ sudo apt-get install apt-transport-https lsb-release curl
+
+ +Add I2P repository signed by their key: + +
alice@alicepc:~$ echo "deb [signed-by=/usr/share/keyrings/i2p-archive-keyring.gpg] https://deb.i2p.net/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/i2p.list
+
+ +Import signing key: + +
alice@alicepc:~$ curl -o /tmp/i2p-archive-keyring.gpg https://geti2p.net/_static/i2p-archive-keyring.gpg
+alice@alicepc:~$ sudo cp /tmp/i2p-archive-keyring.gpg /usr/share/keyrings
+
+ +Finally, install I2P: + +
alice@alicepc:~$ sudo apt-get update
+alice@alicepc:~$ sudo apt-get install i2p i2p-keyring
+
+ +If you decided to go with I2P on separate server, you may need to make Web UI accessible on your local network: + +
alice@alicepc:~$ sudo sed -i 's/127\.0\.0\.1/0\.0\.0\.0/g' /var/lib/i2p/i2p-config/clients.config.d/00-net.i2p.router.web.RouterConsoleRunner-clients.config
+alice@alicepc:~$ sudo systemctl restart i2p
+
+ +

+ +

+Repeat the same steps on Bob's machine. +

+ +
+
+
+
+ +
+
+
+
+

I2P Setup (Alice AND Bob)



+ +

+By now, Alice and Bob have I2P running in the background on their computers.
+Both of them need to do initial configuration of their I2P routers.
+The I2P Console should be accessible at http://localhost:7657. If I2P was installed on a different machine, change localhost to the IP address of that machine. +

+ +

+Navigating to this address, you should be greeted with configuration wizard:

+ +
+
+ +Select theme (I recommend dark of course):

+ + +
+
+ +Agree to the terms of speedtest service:

+ + +
+
+ +Bandwidth test should now begin:

+ + +
+
+ +It should finish in a few seconds:

+ + +
+
+ +Now you can choose how much bandwidth you want to use for I2P. You also set the transit bandwidth expressed as a percentage of total I2P bandwidth. It's recommended to keep it at 80%:

+ + +
+
+ +Configuring I2P web browsing is a topic for a whole different guide. For now, we will just configure I2P for torrenting so skip this section by clicking Next:

+ + +
+
+ +The configuration wizard should be completed, just click Finished:

+ + +
+
+ +Now you should be redirected to the I2P Console. Here you can find the links to I2P-native apps and services.
+You can also configure your I2P Router settings and see its uptime (in green), bandwidth statistics (in red) and network status (in blue):

+ + +
+
+ +As you can see, my network status is Firewalled. I2P should work just fine behind firewalls, however to get faster speeds and better tunnels, we can open UDP port on your firewall.
+This is entirely optional so if you don't have the ability to expose port to the internet, just skip to the next section.
+In I2P the port is choosen randomly at the time of installation. To check it which port needs to be opened, go to the configuration page:

+ + +
+
+ +Select the Network tab:

+ + +
+
+ +Scroll down a bit and check which UDP port was chosen. In my case it's 14496. On your main router or firewall you can forward this UDP port.
+The actual instructions will differ across firewall vendors so I won't show them here. After that, network status should change to OK.

+ + +
+
+ +

+
+
+
+ +
+
+
+
+

I2PSnark Configuration (Alice AND Bob)



+ +

+ +With I2P up and running, we can now configure the built-in torrent app called I2PSnark.
+To do this, we need to navigate back to the I2P Console and click on the Torrents application:

+ + +
+
+ +I2PSnark also has its own configuration which we need to adjust. Click on the Configuration button:

+ + +
+
+ +Take a note of the Data directory. By default it's /var/lib/i2p/i2psnark-config/i2psnark. Torrents will be stored in there.
+Now change the bandwidth to half of that of what we set for I2P.
+The number of hops should be left at 3. It's the number of routers I2P will tunnel your traffic through before reaching the destination (just like Onion Routing in Tor).
+Lower values usually increase speed and decrease anonymity.
+You can also adjust the number of tunnels I2PSnark will use for connections.
+Setting it to 10 will give I2P more choice and potentially increase speed at the expense of higher CPU usage.
+After that's done, click Save configuration button:

+ + +
+
+ +

+ +
+
+
+
+ + +
+
+
+
+

Creating Torrent (Alice)



+ +

+To create and seed files, Alice needs to move them to the Data directory we set earlier in I2PSnark configuration.
+Let's assume Alice wants to send a single large file to Bob - enwik9, which contains the first 1 GB from Wikipedia dump.
+It would work the same way for seeding entire directory. Just provide the path to the directory Alice wants to seed.
+ +

alice@alicepc:~$ sudo mv -v enwik9 /var/lib/i2p/i2psnark-config/i2psnark
+renamed 'enwik9' -> '/var/lib/i2p/i2psnark-config/i2psnark/enwik9'
+ +While a bit inconvenient, the default directory has the appropriate permissions set so that only i2p user can access it on your Linux system.
+It doesn't have read permission on Alice's files under /home/alice so if your i2p daemon were ever to be compromised, the files couldn't be read so easily.
+ +

+ +

+ +Alice should click Create Torrent option in I2PSnark:

+ + +
+
+ +Now she should put the name of file to be seeded in Data to seed field and ensure no trackers are selected (only DHT will be used to find peers):

+ + +
+
+ +We can safely ignore this warning message since we explicitly selected DHT with no trackers.
+To start seeding, click the play button next to the torrent:

+ + +
+
+ +Now verify the status says Seeding and check the details to get the torrent's hash:

+ + +
+
+ +Here's the torrent hash. Anyone who has this hash will be able to download it while Alice is seeding:

+ + +
+
+ +

+ +
+
+
+
+ +
+
+
+
+

Sharing Torrent Hash over Secure Channel (Alice -> Bob)



+ +

+ +If you want to keep the torrent private, it's important not to share torrent hash publicly. Alice will use SimpleX chat to share the torrent hash with Bob:

+ + +
+
+ +

+ +
+
+
+
+ +
+
+
+
+

Downloading The Torrent (Bob)



+ +

+ +To download the torrent, Bob needs to open the I2PSnark torrent client and click on Add Torrent:

+ + +
+
+ +After that, Bob will be prompted with a dialog box to enter the torrent hash he got from Alice into the From URL field and click Add torrent:

+ + +
+
+ +I2PSnark will now look through the DHT and make a connection with Alice. Once a connection has been made, the download will be started:

+ +
+
+ +As we can see, Bob's client connected to 1 peer (Alice) and downloads with a speed of 75 KB/s.
+Alice knows when someone's connected to her. Here's how it looks on her side:

+ + +
+
+ +On my network it took around 3 hours to send this 1 GB file. It's certainly slower than torrenting over a VPN, but the speed may improve over time when better tunnels are discovered.
+After the download is finished, Bob will have the file in /var/lib/i2p/i2psnark-config/i2psnark directory.
+Both Bob and Alice can now click the "Stop" button to disable seeding (so that nobody else can download the file):

+ + +
+
+ +

+ +
+
+
+
+ +
+
+
+
+

Conclusion



+

+ +Alice and Bob have successfully shared a file using I2P network. The transfer was fully anonymous and decentralized. + +

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left.



Creative Commons Zero: No Rights Reserved
+ +

+
+ +
+

My Links

+

+ + RSS Feed
SimpleX Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: + 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8 +


+

Donate XMR to the author: + 862Sp3N5Y8NByFmPVLTPrJYzwdiiVxkhQgAdt65mpYKJLdVDHyYQ8swLgnVr8D3jKphDUcWUCVK1vZv9u8cvtRJCUBFb8MQ

+

Contact: nihilist@contact.nowhere.moe (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/opsec/index.html b/opsec/index.html index b03c8af..1acb64d 100644 --- a/opsec/index.html +++ b/opsec/index.html @@ -223,7 +223,7 @@
  1. ✅ How to send small files Anonymously (Onionshare)
  2. ✅ How to send large files using Syncthing over Tor
    3. -
  3. ❌ P2P large file sharing (Torrents over i2p?)
    4. +
  4. ✅ P2P large file sharing (Torrents over i2p?)

diff --git a/opsec/qubesos/Screenshot From 2024-12-05 11-20-03.png b/opsec/qubesos/Screenshot From 2024-12-05 11-20-03.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-26-38.png b/opsec/qubesos/Screenshot From 2024-12-05 16-26-38.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-28-18.png b/opsec/qubesos/Screenshot From 2024-12-05 16-28-18.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-28-40.png b/opsec/qubesos/Screenshot From 2024-12-05 16-28-40.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-28-51.png b/opsec/qubesos/Screenshot From 2024-12-05 16-28-51.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-00.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-00.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-12.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-12.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-23.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-23.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-33.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-33.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-47.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-47.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-29-57.png b/opsec/qubesos/Screenshot From 2024-12-05 16-29-57.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-39-09.png b/opsec/qubesos/Screenshot From 2024-12-05 16-39-09.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-39-27.png b/opsec/qubesos/Screenshot From 2024-12-05 16-39-27.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-40-07.png b/opsec/qubesos/Screenshot From 2024-12-05 16-40-07.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-40-34.png b/opsec/qubesos/Screenshot From 2024-12-05 16-40-34.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 16-40-42.png b/opsec/qubesos/Screenshot From 2024-12-05 16-40-42.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 17-40-25.png b/opsec/qubesos/Screenshot From 2024-12-05 17-40-25.png old mode 100644 new mode 100755 diff --git a/opsec/qubesos/Screenshot From 2024-12-05 17-40-39.png b/opsec/qubesos/Screenshot From 2024-12-05 17-40-39.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/QubesManager.png b/opsec/qubesosnetwork/QubesManager.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/banking.png b/opsec/qubesosnetwork/banking.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/copy_destination.png b/opsec/qubesosnetwork/copy_destination.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/copy_in_vm.png b/opsec/qubesosnetwork/copy_in_vm.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/create.png b/opsec/qubesosnetwork/create.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/destination_paste.png b/opsec/qubesosnetwork/destination_paste.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/disp_whonix.png b/opsec/qubesosnetwork/disp_whonix.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/dom0_exec.png b/opsec/qubesosnetwork/dom0_exec.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/file_arrived.png b/opsec/qubesosnetwork/file_arrived.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/file_await_transfer.png b/opsec/qubesosnetwork/file_await_transfer.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/firewall-net.png b/opsec/qubesosnetwork/firewall-net.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/firewall-service.png b/opsec/qubesosnetwork/firewall-service.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/manager.png b/opsec/qubesosnetwork/manager.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/master_pasteboard.png b/opsec/qubesosnetwork/master_pasteboard.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/master_pasteboard_wiped.png b/opsec/qubesosnetwork/master_pasteboard_wiped.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/template_install.png b/opsec/qubesosnetwork/template_install.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/template_shutdown.png b/opsec/qubesosnetwork/template_shutdown.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/terminal.png b/opsec/qubesosnetwork/terminal.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/text_arrived.png b/opsec/qubesosnetwork/text_arrived.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/torrent_transmission.png b/opsec/qubesosnetwork/torrent_transmission.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/torrent_vm.png b/opsec/qubesosnetwork/torrent_vm.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/transmission_on.png b/opsec/qubesosnetwork/transmission_on.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/whonix-usage.png b/opsec/qubesosnetwork/whonix-usage.png old mode 100644 new mode 100755 diff --git a/opsec/qubesosnetwork/whonix_dread.png b/opsec/qubesosnetwork/whonix_dread.png old mode 100644 new mode 100755