Installing I2P – Privacy Overlay Network

Most of the generic services needed for reasonable privacy and some anonymity can be found in I2P without using other products.

For right now, the installation is not as easy as a regular program, but not too hard either.

The online documentation for Debian (and, thus, Devuan) and the forum entries are a bit dated. This makes it even more confusing when you have products that are maturing fast, and more recently. But I’ll point out some of those “landmines” here too.

First up, realize that I2P is already IN Debian. In this case, I’m using the Armbian port of Debian to the Odroid N2 platform. (I’ll try others, including Devuan, later).

Here’s what you get with an “apt-get install i2p” request:

root@OdroidN2:/# apt-get install i2p
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  apparmor ca-certificates-java famfamfam-flag-png geoip-database gettext-base i2p-router
  java-common libeclipse-jdt-core-java libel-api-java libgetopt-java libjbigi-jni libjetty9-java
  libjson-simple-java libjsp-api-java libservice-wrapper-java libservice-wrapper-jni
  libservlet-api-java libservlet3.1-java libtaglibs-standard-impl-java
  libtaglibs-standard-jstlel-java libtaglibs-standard-spec-java libtomcat9-java
  libwebsocket-api-java openjdk-11-jre-headless service-wrapper
Suggested packages:
  apparmor-profiles-extra apparmor-utils privoxy syndie default-jre libgetopt-java-doc jetty9
  libjson-simple-doc libservice-wrapper-doc tomcat9 libnss-mdns fonts-dejavu-extra
  fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei | fonts-wqy-zenhei fonts-indic
Recommended packages:
The following NEW packages will be installed:
  apparmor ca-certificates-java famfamfam-flag-png geoip-database gettext-base i2p i2p-router
  java-common libeclipse-jdt-core-java libel-api-java libgetopt-java libjbigi-jni libjetty9-java
  libjson-simple-java libjsp-api-java libservice-wrapper-java libservice-wrapper-jni
  libservlet-api-java libservlet3.1-java libtaglibs-standard-impl-java
  libtaglibs-standard-jstlel-java libtaglibs-standard-spec-java libtomcat9-java
  libwebsocket-api-java openjdk-11-jre-headless service-wrapper
0 upgraded, 26 newly installed, 0 to remove and 1 not upgraded.
Need to get 65.6 MB of archives.
After this operation, 213 MB of additional disk space will be used.
Do you want to continue? [Y/n] 

Notice all the Java related libraries? Yeah, not going to be that efficient in Java. Good enough for small iron, one hopes. We’ll see when I move “down scale” to my lighter weight platforms without 4 GB of memory and 4 A73 cores running at 2 GHz… provided this one works out OK.

Jumping Ahead: It did work, and it is only using about 10-12% of one A53 core when idle and just being a router, so ought to work well on small boxes too.

Next notice it will need 213 MB of added disk space. Make sure you have it.

Now the big plot complication is that the I2P web site says it’s a back level release unless you are on the testing release of Debian named SID. Well I generally don’t run “testing” releases. I’m running Buster, one back from “testing”. But they don’t say what, if anything, happens if you are running back level. Are the cryptographic keys expired so nothing works? Does it only work with other back level users in a 2 tier network? Does nothing at all really change? No idea… So of course I’m going to try it.

The apt-get run took just a couple of minutes and completed without complaint. Will it work, or need I do more? It DOES look like it handled some (all?) of the cert stuff needed:

Adding debian:Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
Adding debian:TrustCor_RootCert_CA-1.pem
Adding debian:UCA_Extended_Validation_Root.pem
Adding debian:Buypass_Class_3_Root_CA.pem
Adding debian:ACCVRAIZ1.pem
Adding debian:GTS_Root_R4.pem
Adding debian:Microsec_e-Szigno_Root_CA_2009.pem
Adding debian:USERTrust_RSA_Certification_Authority.pem
Adding debian:T-TeleSec_GlobalRoot_Class_2.pem
Adding debian:COMODO_Certification_Authority.pem
Adding debian:SSL.com_EV_Root_Certification_Authority_ECC.pem
Adding debian:SecureSign_RootCA11.pem
Adding debian:AffirmTrust_Networking.pem
Adding debian:CFCA_EV_ROOT.pem
Adding debian:Amazon_Root_CA_4.pem
Adding debian:GeoTrust_Universal_CA_2.pem
Setting up i2p (0.9.38-3.1) ...

Creating config file /etc/i2p/wrapper.config with new version
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for systemd (241-7~deb10u5) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for ca-certificates (20200601~deb10u1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...


The Debian Wiki is rather out of date (last update 2015!), but has some useful bits in it. Bolded bits bolded by me.:

I2P is an security and anonymity network protocol, similar to TOR.

I2P (Invisible Internet Project) is a computer network layer that allows applications to send messages to each other pseudonymously and securely.

Uses include anonymous web surfing, chatting, blogging and file transfers. The software that implements this layer is called an I2P router and a computer running I2P is called an I2P node. The software is free and open source and is published under multiple licenses. The name I2P is derived from Invisible Internet Project, which, in pseudo-mathematical notation, is represented as I²P.

Installation on Debian is trivial and takes 5 minutes, though as of 2013-12/Wheezy it is not packaged in official Debian repository.

Update: installs and runs fine as service on testing/jessie. Web interface insists it´s firewalled, but daemon thinks it´s hunky-dory.

How ever, i2p developers do publish own Debian repository.

In future, ?Mempo project will include I2P as default application.

You need to install java runtime (java-jre) and then download java application-installer from and run this as user.

Some users would recommend to run such programs on separate user for better security, in such case adduser srv_i2p –disabled-password, su to this user, wget and run downloaded .jar file with command java -jar i2pinstall_0.9.9.jar -console (or other file name for other i2p version).

With I2P running you can for example:

connect to localhost (own computer) control panel as web page on:

connect an IRC client like xchat or issi to it, e.g. irssi -c or start either and /connect 6668 and there you are on IRC2P the main IRC network inside I2P network which makes your IP connection private (invisible to other without special observation or attacks to uncover/correlate it).

* fell invited to join channel #debian
* fell invited to join channel #mempo about hardening Debian/computers as part of Mempo project
* popular channels include #i2p and #salt
use new web-browser profile (e.g. firefox –no-remote -P and there create profile) and in configuration – advanced – networking set proxy server for http to port 4444 and for https same but port 4445. Then you can in this browser open protected i2p web pages, like http://zzz.i2p etc.

Download files from I2P
If you want to download any files from I2P you have to install and configure I2P (if you do not have it already) and next connect to I2PSNARK as web page on: I2PSNARK and next copy I2P magnet link like magnet:?xt=urn:btih:…=http://tracker2.postman.i2p/announce.php which we mark here often with I2P icon e.g. on SameKernel/Releases_and_Downloads and paste that link into “From URL” input box on your I2PSNARK web-panel and press “Add torrent”.

I2P (last modified 2015-02-20 08:29:32)

FWIW, when I “hit the link” to the page I get a nice “configure” panel, so looks like it installed and is happy. IFF it works too ;-) The first thing it does is ask what language I want to use. There’s a selection of 32 at the moment… A broad selection of European along with the major Asian languages, and Arabic, but a shortage of Afro-Asiatic and Native Americas languages, along with little from the Micronesia / Polynesia groups. Hebrew curiously lacking and Indonesian along with Malagasy as the Indo-Pacific island sort of tokens. One assumes the Israelis have their own system for privacy or use a non-native language, while the heavy representation of language from Muslim countries along with Chinese is due to their higher needs…

After picking a language, it then does an (optional) bandwidth test. After about a minute (that seems longer…) it shifts from “running” to “completed” and you press “next”… which gave me:

Bandwidth test failed

Test running? false
Test complete? true
Test server location San Francisco Bay Area US
Completion status No results were received. Either the test server is unavailable or network problems are preventing the test from running correctly. Please try again.
Details No results were received. Either the test server is unavailable or network problems are preventing the test from running correctly.
Please try again.

I’m willing to bet that it didn’t get past the AT&T boundary router doing NAT. We’ll see if it works at all on actual target URLs after the configuration completes…

After a few more “next” clicks, the management panel comes up and informs me it thinks it is getting peers and likely working, so far…

Welcome to I2P! Please have patience as I2P boots up and finds peers.

While you are waiting, please adjust your bandwidth settings on the configuration page.

Also you can setup your browser to use the I2P proxy to reach eepsites. Just enter (or localhost) port 4444 as a http proxy into your browser settings. Do not use SOCKS for this. More information can be found on the I2P browser proxy setup page.

Once you have a “shared clients” destination listed on the left, please check out our FAQ.

Point your IRC client to localhost:6668 and say hi to us on #i2p.

In a side panel it says:

Version:	0.9.38-0-3.1
Uptime:	28 min
3 Sec:	0.21 / 0.31 KBps
5 Min:	0.38 / 0.55 KBps
Total:	0.47 / 0.87 KBps
Used:	761 KB / 1.27 MB
Network: Firewalled
Restart Shutdown
Client	shared clients	Ready
Client	shared clients (DSA)	Ready

Given that there is “used” bandwidth, that implies it is doing something. UN-fortunately, Chromium doesn’t let me set the proxy on ARM Debian releases, so I’ve had to manually set it in FireFox to see if I can get to anything.

Where I got:

I2P Router Console Configuration Help Addressbook
Website Unreachable

The website was not reachable. The website is offline, there is network congestion, or your router is not yet well-integrated with peers. You may want to retry.

Could not find the following destination:

It has a nice little I2P logo / Icon in the message, so I’m pretty sure that I’ve connected to the I2P service, it is running, but something doesn’t love it. I’m suspecting the boundary router / NAT service. Yet my network status page claims I have 14 connections:

CH FGm0 Inbound 14 sec / 15 sec 0.00 / 0.00 15 sec −804 ms 8K / 0 / 8 / 0 512K 1278 ms 6 sec 620 / 620 2 2 0 0
?? JkT8 Inbound 14 sec / 5 min 0.15 / 0.00 5 min −322 ms 9K / 0 / 8 / 0 512K 1164 ms 6 sec 620 / 1131 2 24 0 0
?? K0z0 Outbound 19 sec / 19 sec 0.00 / 0.00 7 min −300 ms 28K / 0 / 11 / 0 512K 729 ms 3 sec 1484 / 620 19 2 0 0
US L7UK Outbound 6 min / 35 min 0.00 / 0.00 41 min −313 ms 15K / 0 / 8 / 0 512K 982 ms 5 sec 1484 / 1484 4 46 0 0
US RC75 Outbound 4 min / 12 min 0.00 / 0.00 28 min 23 ms 46K / 0 / 10 / 0 512K 258 ms 530 ms 1484 / 620 36 3 0 0
?? VTNc Inbound 22 sec / 5 min 0.00 / 0.00 6 min −417 ms 8K / 0 / 9 / 0 4K 1201 ms 6 sec 620 / 1145 3 13 1 0
RU ZVLK Outbound V 20 sec / 20 sec 0.00 / 0.00 40 min −126 ms 76K / 0 / 13 / 0 512K 450 ms 642 ms 1484 / 1484 64 61 0 0
US fZ4b Inbound 4 min / 4 min 0.00 / 0.00 6 min −421 ms 9K / 0 / 8 / 0

So no clue why nothing seems to be working…

Some Hour Or Two Later….

The problem was traced to the browser configuration. One of these was the issue, but I don’t know for sure which one.

1) I had to put port 4444 in for HTTP and HTTPS proxy. But that was not sufficient.

2) I had to go into about:config and set it to use a proxy always. But that was not sufficient.

3) Also in about:config I turned on the use of DNS via the browser (i.e. ignore my DNS server). This was likely the culprit.

4) I went back and discovered that when I’d shut off MY Proxy server entries in the config, network page, it auto-filled in MY proxy server address in the Socks Proxy also. One needs to TURN OFF Socks proxy. After I blanked the entry in Socks Proxy, (and I did FTP proxy while I was there), everything suddenly worked.

I do not know if #3 is necessary as the SOCKS proxy was set at that time, but I’m pretty sure it is essential, otherwise looking up “eepsites” (things ending in .I2P and only on I2P network) ought to fail as MY DNS server doesn’t know about them…

This was helpful in realizing the SOCKS issue:

@eyedeekay on github
edited 6 days ago
Port 4444 is an HTTP Proxy, not a SOCKS proxy. I do not know how to make that simpler to understand, if you configure your browser to use 4444 as a SOCKS proxy it absolutely will not work. As I said in the other thread, you have now set up a SOCKS proxy on a privileged port that your OS will not let you open. Ports less than 1000 are restricted for use by OS-essential programs, you have to ask to use them(sudo). No where on that page does it suggest using a SOCKS proxy. The screenshot only shows that because that is exactly what it looked like in the Firefox UI after I configured the HTTP proxy and took the screenshot.

There is no such thing as a main tunnel. If you want to set up browsing over the SOCKS proxy tunnel you have set up, then change 4444 to the SOCKS proxy port you choose when you re-attempt to set up your SOCKS proxy on a port greater than 1000. Now that you will actually be using a SOCKS proxy, you may configure your browser as such.

Please, for your own sake, stop trying to use a SOCKS proxy. You are making things so much harder for yourself. Just follow the basic instructions to set up browsing with the built-in, longstanding, tested HTTP proxy.

I’d not gone out of my way to configure a SOCKS proxy, but when I clicked OFF the “use proxy for all that stuff below” button, it was filled in for me as MY proxy server address. I then proceeded to set the HTTP and HTTPS values, but simply paid no attention to the SOCKS proxy setting as I typically don’t do anything but click the “use for all” radio button… OK, I know know to watch it…

Very useful for the general guidance on setting up your browser. A key bit:

Finally, go to the address about:config and find the property Ensure that this setting is True.

In Conclusion

I now have a working 12P install on my computer, AND I’m getting to the hidden “eepsites” on the I2P overlay network. The I2P install was nearly trivial, and the bulk of my time and troubles were in configuring my browser to use it.

It is an advantage to have 2 browsers installed, one for the Regular Internet and one for the I2P Privacy Network. On ARM Chips, Chromium is reluctant to let you properly set a proxy server, so you get to use FireFox for the I2P network (or go down the “how to whack on Chromium rabbit hole…).

I’m happy to have FireFox be for I2P and Chromium be for the public internet.

The Big Deal

In all of this the big deal is that I2P has a LOT of privacy and anonymity services. With it, alone, you have opened a way to do most of what most folks want to do. Having looked at all the various P2P (Peer to Peer) and F2F (Friend to Friend) applications and services under the FreedomBox (and others) I believe this is the best one to start with to get the most “bang for the buck” of installation time and effort. It has a HUGE installed base of participants (on the order of 50,000) so contact tracing is nearly impossible. It has a lot of services. And it is already essentially built in to Debian (and becoming more so every release).

If you want to look around and see what’ out there, there is a special search engine just for that:

how to tweet anonymously? – Hidden Answers
http: //kj2kbzt27naifij4ki6bklsa2qfewxnkzbkgvximr4ecm7y4ojdq.b32.i2p/115585/how-to-tweet-anonymously
View Webpage Cached
how to tweet anonymously? – Hidden AnswersI want to know how to tweet someone without using my twitter account, I tried the clearnet stuff but nothing really works. Login Register Hidden Answers
Cryptic Trump tweet…
http: //smv3cryi3n7d5ll7xpvlhstubi5yj4dadeltyrdwdr4onwd2jvvq.b32.i2p/f/conspiracy/224/-/comment/368
View Webpage Cached
Cryptic Trump tweet… Jump to main content Jump to sidebar [RAMBLE] Forums Wiki Log in Sign up /f/ conspiracy Cryptic Trump tweet… Submitted by MrBlack on December 11, 2020 at 10:46 PM in
Penny Arcade 2009-10-21: The Glass Tweet
http: //s5ynkgagndmpxpf2kmnenv4x72io664gzd2x3qef54ilammnte3q.b32.i2p/urn:syndie:channel:d7:channel44:Ffn4RhCunO6gwMfAYfOoPY7FGwPNDy65dS4DyuyorME=9:messageIdi1256183508347e4:pagei1ee
View Webpage Cached
Penny Arcade 2009-10-21: The Glass Tweet recent messages all channels rss What is this? Penny Arcade 2009-10-21: The Glass Tweet Posted by Anonymous in Comics on 2009-10-21 page 1 attachment 1
Sky (@SkyUK) | VxEmpire Nitter
http: //axd6uavsstsrvstva4mzlzh4ct76rc6zdug3nxdgeitrzczhzf4q.b32.i2p/SkyUK
View Webpage Cached
Sky (@SkyUK) | VxEmpire NitterAll the latest from Sky TV. For customer assistance, tweet @SkyHelpTeam VxEmpire Nitter Sky @SkyUK All the latest from Sky TV. For customer assistance, tweet

Note that you can reach sites by a very short name in regular text, or by a long cryptic handle. That’s the string of stuff in those names. I2P has a built in way to remember those for you, though I’ve not explored it yet, so it isn’t like you need to remember or type them ;-)

If you don’t want to do the search and hunt exploration, there’s a guide for NOOBS (and others…):

Note that “eepsites” is what I2P darkweb sites are called.

The Hitchhiker’s Guide to the I2P eepsites
Masayuki Hatta
Jan 23, 2019·6 min read

So you are interested in I2P. After installation and some setup, the biggest question would be, what’s next? what can I do with I2P?
There are lots of things you can do with I2P, and one of the nice things is running and browsing “eepsites”. Eepsites are websites in the I2P network, which have .i2p pseudo TLD, only accessible via I2P. You can run eepsites anonymously, and you can browse eepsites anonymously, too. Your identity information is supposed to be lost in onion/garlic routing, so you will not be tracked down by anyone else (at least theoretically). Eepsites are similar to Tor’s Hidden Services.
Some time ago, I wrote about how to run eepsites. I have also covered how to browse eepsites. This time, let’s find out interesting eepsites and have some fun.
As I explained before, in the world of I2P, human-readable addresses (like retrobbs.i2p in this example) are optional. The b32 addresses or longer Destinations are canonical (and can be used all the time). Sometimes you have to register b32 addresses/Destinations for human-readable addresses to your I2P router by hand.
Search Engines
I2P is a pillar of the so-called dark web, along with Tor and Freenet. Generally speaking, the contents in dark web are not indexed by standard web search engines such as Google. However, non-standard web search engines can handle it.
There are many special search engines for Tor onionland. One of the most well-known would be Ahmia. But until recently, there were none for I2P eepsites.
Legwork/Ransack are my own recent efforts. Legwork.i2p (b32 address) is a search engine specialized in the I2P network. It only indexes eepsites. No .onions, no clearnet websites.
Sometimes we want to ask questions. Maybe embarrassing questions. Or, maybe you want to reply embarrassing answers. I2P provides a way for it.
Hidden Answers (b32 address) is a great place to ask questions. It features very clean and intuitive user interface. There are also Russian version (b32 address), Spanish version (b32 address) and Portuguese version (b32 address) available.
Good microblogging service in I2P is one of the missing links in the I2P world. Still, there exsts an eepsite called Visibility (b32 address). A bit slow and shaky, it works nevertheless.

Running Mastodon instances or similar inside I2P is possible (and not so difficult, actually). It will give us a completely anonymous, distributed Twitter clone. Does anyone take a dare?

Note that “microblogging” is the generic for the service commonly called a “tweet”…

You can also set up hidden censorship free Web Sites:

And a whole lot more.”

The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a Mix Network) that allows for censorship resistant, peer to peer communication. Anonymous connections are achieved by encrypting the user’s traffic (by using end-to-end encryption), and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an “I2P router”, and a computer running I2P is called an “I2P node”. I2P is free and open source, and is published under multiple licenses.

So if you need to “tweet”, blog, run a web site, or just chat, you can do it privately and free of censorship.

General networking
I2PTunnel is an application embedded into I2P that allows arbitrary TCP/IP applications to communicate over I2P by setting up “tunnels” which can be accessed by connecting to pre-determined ports on localhost.

SAM (Simple Anonymous Messaging) is a protocol which allows a client application written in any programming language to communicate over I2P, by using a socket-based interface to the I2P router.
BOB (Basic Open Bridge) is a less complex app to router protocol similar to “SAM”

Orchid Outproxy Tor plugin

Any IRC client made for the Internet Relay Chat can work, once connected to the I2P IRC server (on localhost).

File sharing
Several programs provide BitTorrent functionality for use within the I2P network. Users cannot connect to non-I2P torrents or peers from within I2P, nor can they connect to I2P torrents or peers from outside I2P. I2PSnark, included in the I2P install package, is a port of the BitTorrent client named Snark.[56] Vuze, formerly known as Azureus, is a BitTorrent client that includes a plugin for I2P, allowing anonymous swarming through this network.
Two Kad network clients exist for the I2P network, iMule and Nachtblitz. iMule (invisible Mule) is a port of eMule for I2P network. iMule has not been developed since 2013. iMule is made for anonymous file sharing. In contrast to other eDonkey clients, iMule only uses the Kademlia for proceeding to connect through I2P network, so no servers are needed. Nachtblitz[citation needed] is a custom client built on the .NET Framework. The latest version is 1.4.27,
MuWire is a file-sharing program inspired by the LimeWire Gnutella client that works atop the I2P network.


A screenshot of the inbox of I2P-Bote.
I2P-Bote(github) is a free, fully decentralized and distributed anonymous email system with a strong focus on security.
It supports multiple identities and does not expose email metadata.
I2P also has a free pseudonymous e-mail service run by an individual called Postman. Susimail is a web-based email client intended primarily for use with Postman’s mail servers, and is designed with security and anonymity in mind. Susimail was created to address privacy concerns in using these servers directly using traditional email clients, such as leaking the user’s hostname while communicating with the SMTP server. It is currently included in the default I2P distribution, and can be accessed through the I2P router console web interface. Mail.i2p can contact both I2P email users and public internet email users.
Instant Messaging
I2P-Messenger is a simple Qt-based, serverless, end-to-end-encrypted instant messenger for I2P.
No servers can log the user’s conversations. No ISP can log with whom the user chats, when, or for how long. As it is serverless, it can make use of I2P’s end-to-end encryption, preventing any node between two parties from having access to the plain text. I2P-Messenger can be used for fully anonymous instant communication with persons the user doesn’t even know, or, alternatively, to communicate securely and untraceably with friends, family members, or colleagues. In addition to messaging, file transfer is also supported.

I2P-Talk is another simple instant messenger incompatible with I2P-Messenger, but having the same security properties

Syndie is a content distribution application, suitable for blogs, newsgroups, forums and small media attachments. Syndie is designed for network resilience. It supports connections to I2P, the Tor network (Syndie does not support Socks proxies, workaround needed for Tor access), Freenet and the regular internet.
Server connections are intermittent, and support higher-latency communications. Connections can be made to any number of known servers. Content is spread efficiently using a Gossip protocol.

Aktie is an anonymous file sharing and distributed Web of trust forums system. Aktie can connect to I2P with its internal router or use an external router. To fight spam, “hash payments” (proof of CPU work) is computed for every published item.

I2PBerry is a Linux distribution which can be used as a router to encrypt and route network traffic through the I2P network.

i2pd is a light-weight I2P router written in C++, stripping the excessive applications such as e-mail, torrents, and others that can be regarded as bloat.

The Privacy Solutions project
The Privacy Solutions project, a new organization that develops and maintains I2P software, launched several new development efforts designed to enhance the privacy, security, and anonymity for users, based on I2P protocols and technology.

These efforts include:

The Abscond browser bundle.
i2pd, an alternate implementation of I2P, written in C++ (rather than Java).
The “BigBrother” I2P network monitoring project.
The code repository and download sections for the i2pd and Abscond project is available for the public to review and download. Effective January, 2015 i2pd is operating under PurpleI2P.


I2P running on Android.
Release builds of an I2P Router application for Android can be found on the Google Play store under The Privacy Solutions Project’s Google Play account or on an F-Droid repository
hosted by the developers.

Nightweb is an Android application that utilizes I2P and Bittorrent to share blog posts, photos, and other similar content. It can also be run as a desktop application. It is no longer in development.

Some crypto currencies that support I2P are listed below.

Monero (cryptocurrency)
Verge (cryptocurrency)

As those things listed cover most of anything I’d ever need to do, I figured this was the best place to start. From communications to file sharing and even to payments via a minor crypto currency, it covers a lot of turf.

And, with that, now that I’m “On the dark web”, I think I need to do something with it ;-)

Hopefully this little tutorial will help folks get started too. When I have more, I’ll talk it up here. FWIW, I’m planning my next step to be a “do over” of this install and bring up process, but on a Raspberry Pi Model 3 with Devuan or a Debian port. Once that’s working reasonably well, I intend to move it to my TV Network and just leave it running as a router / gateway service to the I2P network.

While I’m pretty sure these folks have carefully kept Bad Stuff from being able to “crawl up the wire” and I’m willing to trust that while I’m at the keyboard and have HTOP to watch for unexpected activity, I’m not willing to leave it up and running for days (and nights…) on the house network.

But that’s for later…right now I’m going exploring! (Well aware that lack of policing in a privacy and anonymity network also means Bad Guys can set up phishing sites too… so after tepid and careful exploring, I’m making that Pi Box for more “interesting” poking around ;-)

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits. Bookmark the permalink.

82 Responses to Installing I2P – Privacy Overlay Network

  1. cdquarles says:

    For folk interested in this on Windows, it is available for Windows 10.

  2. E.M.Smith says:

    OK, some first impressions.

    A fair number of .i2p sites are either down, or the network to them is not very reliable.
    Even those that are obviously up seem to have sporadic “speed” issues. Like a Web Page that ought to load almost instantly being very slow to load images.

    One, a blog per security, here:
    Spent a few minutes in ‘loading spin’ indications and still only had half an embedded cartoon up. (Do remember that link will only work if you are running I2P routing…)

    The article had some good stuff in it, but clearly i2p has some sloth issues. I’m on a fairly fast internet connection (supposedly 40 Mb or some such, we can watch 1080p TV on 3 TVs at once without issues…).

    But it did work, so there’s that.

    But it won’t become a “daily driver” with those speeds. Good for modest uses, yes, I’d say so. But the dropouts and sloth will be constant encouragement to try other services as well. Still, IMHO, a very good place to start and a great way to get some experience at this stuff.

    BTW, that article above? Pointed at some things I’d not been aware were underway:

    Take, for example, a smart home sensor that can “detect the walking speed and stride length of people based on how their bodies interfere with radio signals”. It works through walls, and “can help predict health events related to conditions such as heart failure, certain lung diseases, kidney failure, and stroke”.

    Then there is AutoEmotive, an MIT project that puts sensors in cars to measure the driver’s facial expression, heart rate, respiration rate, heart rate variability, electrodermal activity, skin temperature, hand pressure, and hand contact area (on the steering wheel and the door handle). It uses all of these biometric indicators to infer how stressed the driver is. Because driving when stressed increases collision risk, the system will then take a variety of measures to try and calm down the driver.

    Finally, there’s EQ Radio, another MIT project that uses wireless signals to detect people’s emotions with 87 percent accuracy. Over time, these readings could be used to diagnose mental illness. Some have mentioned that it could be used in smart home’s, potentially to change the lighting depending on how you feel. That’s right: lightbulbs that can detect your emotions. And let’s face it, those lightbulbs are probably going to be connected to the internet.

    So, whether you’re having board games night at a friends house who has one of these devices, or borrowing their AutoEmotive-equipped car for the weekend, these types of technologies are making privacy evermore elusive. Add to that the fact that they are sensing what is essentially health information, and we’ve got a world where a lightbulb could get hacked and expose that someone is depressed or at high risk of heart failure.

    So that’s going to be fun to defend against…

    Then he has an interesting take on finding out if someone you are visiting has Alexa monitoring your conversations:

    If you’re reading this blog, there’s a good chance that you have more control than the average person over your privacy. You’re probably using Tor or a VPN, or an adblocker at the very least. While these tools help, maintaining privacy is getting more complicated every day, and all it takes is an XKCD comic to drive that home:

    Note I’m using this cartoon for educational purposes so it falls under “Fair Use”.

    It is an interesting idea, but maybe not a ton…

    It could be VERY interesting to make a product, then make a commercial that shows how to order it easily and includes “Alexa, order 3 FOO Product. Alexa Confirm Purchase” then wait… ;-)

  3. E.M.Smith says:

    Had a bit of an issue finding out how to shut down the I2P router / service, so just rebooted the system. After that, it was not running, but OK, how to start it? That lead to a web page that pointed me at the right command to use: i2prouter start|stop

    ems@OdroidN2:~$ i2prouter
    Usage: /usr/bin/i2prouter [ console | start | stop | graceful | restart | condrestart | status | install | remove | dump ]

    console Launch in the current console.
    start Start in the background as a daemon process.
    stop Stop if running as a daemon or in another console.
    graceful Stop gracefully, may take up to 11 minutes.
    restart Stop if running and then start.
    condrestart Restart only if already running.
    status Query the current status.
    install Install to start automatically when system boots.
    remove Uninstall.
    dump Request a Java thread dump if running.

    So that’s nice to know…

    After going the start as a regular user, it was up and running again.

  4. H.R. says:

    From the article E.M. used:
    “Because driving when stressed increases collision risk, the system will then take a variety of measures to try and calm down the driver.”

    A shot of morphine usually calms me down. That takes care of the stress, but then it introduces another complication to driving. So, if they can fix that, then another risk from the follow-on measure will arise and so on, and so on.

    The only way to take the risk out of being in an automobile accident is to never drive or ride in a car. Or get a HAL9000 car that, when you start to put the key in the ignition it says, “I cannot let you do that, Dave.”

  5. cdquarles says:

    Part of the issue here is cultural, enhanced by the predations of tort claims lawyers. If something bad happens, it wasn’t your fault and is only the fault of someone else. Never mind that you can cause bad things to happen to yourself and others may not cause bad things to happen to you, or that both you and others caused said bad things. Add to that the seeming acceptance of the general public to equate diagnosis with gnosis; which it isn’t.

    Life is inherently risky to varying degrees and embodied in chemicals life lives until it doesn’t. For us, that’s one hour at a time for a span (maximum) of 120 years, until the nature of our being is changed.

  6. Simon Derricutt says:

    Like the other technical stuff here, I read it and find it interesting, but I’m not seeing a use here for me. On the other hand, if it does turn out to be needed to continue to find out what’s happening with the people here (since EM might be driven underground) I maybe need to actually do something about it this time. It’s possible though that my ISP (Orange) may disable it somehow – they did spend a while messing up my VOIP setup so that unless I changed the port it used every couple of months it stopped working.

    Though I did get a Pi 3b, it’s not a daily driver. For that I’ve now got a little AMD box with an SSD, running without a fan so it’s quiet. Slight risk of TLA buggery of course, but relative to all the other spying and tracking that’s going on not an excessive risk. The advantage is that I can use standard software which has had the edges knocked off it, since I want the computer to do the job rather than need to spend a lot of effort making it work first.

    As such, I may try this in an alternate boot image on this box. It does however sound like there’s not yet a lot to see on this alternate web. Still, back when I started on the web, using Mosaic, one of the few things that was available was the Library of Congress. Things grow….

  7. E.M.Smith says:


    That is, essentially, the point.

    For those already banned, or on the edge, I am shining a light on alternatives. Though small now, they can grow by millions overnight. P2P scales well.

    Should I be banned in the future, I will shortly have a “toy” copy of “my stuff” up soon that can be made public in hours. I have email addresses in the site backups, so could send out “look here” notices to frequent commenters.

    These “how to” articles will be remembered by some, already practiced by a few, and hopefully on thd Internet Archive for late arrivals.

    Then they also point folks to the larger community of privacy and freedom of speach tech advocates, so if nothing else, it is known they exist and where to go for discovery or to start anew.

    Basically, IFF the Deamonization of The American Way and normal Judeo-Christian values continues to the Progressive Goal, we will just move to The Dark Web with other shunned beliefs.

    But the bits WILL flow. “You can’t stop the signal, Mal.”

  8. E.M.Smith says:

    OK, with at least one Transport Layer in place (really two: I2p and the older Onion Routing used by Tor, but that was looked at years ago…), I started looking at what Applications would play best with each other. Found this nice top level entry point.

    An icon for each App, click it, you get a dedicated site with how-to’s for install and use. Nice.

    Between the set included in FreedomBox, the set to “click and go” in the I2P dashboard, and the set here, it is an embarrassment or riches (and choices).

    Anyone wants to “run ahead” and try some out, feel free to report experiences or preferences.

    I’m going to start by cataloging those three sets, look for overlap, then settle on best feature set with least trouble making it go.

    For example, “microblogging” (or “tweeting”) looks like one of Mastodon, Twister or Pleroma might be best, but Friendica and Diaspora need a look too. Mastodon is biggest with most users, but a harder install on bigger hardware, while Twister is lighter P2P with better anonymity.

    I can plod through all of them, or folks can spread the look-see bit around… all it takes is a look at features and install directions, then a reaction. Yuck vs OK…

    There’s a menu upper right. Among others is a list of all apps you can sort different ways:

  9. E.M.Smith says:

    Launched i2p router again. Needed a minute to get enough tunnels up to be workable, but was faster to come up than last time.

    Inside the trac_wiki ( http://trac.i2p2.i2p/ ) there’s an interesting bit on “HowTo’s”:


    Configure UUCP
    Configure C-News
    Connect to Irc2P in Pidgin (including Tails)
    Howto sign your destination with another destination

    First up, looks like UUCP (Unix to Unix Copy) is alive and well. This lets any two *nix machines talk to each other over “whatever” link is agreed. Then they can chose to exchange files, email, ‘netnews’ pages (before there were blogs and faceplant and twits, there were news groups…) and more. So that can tunnel through i2p. Nice. No need for modems or leased lines or wireless mesh or ‘whatever’…

    The other one is that there’s a configuration to use it with Tails (and by extension, likely with Heads too).

    Pidgin is a new one to me. Looks like ‘yet another chat client’:

    Looks like what makes it ‘special’ is an ability to connect to many carriers AND an optional end to end encryption:


    Pidgin (formerly named Gaim) is a free and open-source multi-platform instant messaging client, based on a library named libpurple that has support for many instant messaging protocols, allowing the user to simultaneously log in to various services from a single application, with a single interface for both popular and obsolete protocols (from AOL to Discord), thus avoiding the hassle of having to deal with a new bloated, unaudited, closed-source, and different piece of software for each device and protocol.

    The number of Pidgin users was estimated to be over three million in 2007.

    Pidgin is widely used for its Off-the-Record Messaging (OTR) plugin, which offers end-to-end encryption. For this reason it is included in the privacy- and anonymity-focused operating system Tails.

    So that looks rather nice. Same interface for several services with use in your choice of i2p tails or just normal internet on your choice of OS.

    That’s a pretty good privacy suite right there. Private real time chat and then ability to ship out of band via UUCP encrypted content. (Encrypt about anything in a separate step with the recipients public key then ship it via UUCP they can decrypt with the private. Or do the old time “shared key” thing.)

  10. E.M.Smith says:

    Looks like email is a built in. Uses the @mail.i2p target:

    Postman HQ
    … providing service excellence to the I2P community since 09/2004
    Postman Services

    Chose from the following menu:

    Creating a mailbox
    Changing your password
    Quota management
    Account management
    Deleting a mailbox
    Public addressbook

    So a simple mail facility built in. Nice. Looks like regular old Unix mail running over SMTP (Simple Mail Transport Protocol) or POP3 (Post Office Protocol) Also looks like they have identified “The Usual Suspects” in mail and fixed them and include an encryption option:

    2. Security Basics

    The largest danger is that your mail client compromises your
    anonymity or privacy while composing/sending mail.
    Some mail clients add their own Received: header, including
    local network addresses and information indicating the software
    or the native language of the user. Some mail clients announce
    their local IP address as a HELO/EHLO host-name. Some clients
    don’t allow you to choose from multiple identities.

    All those problems require our special attention.
    Since susimail works as a trusted SMTP and POP3 proxy, you’ll always be on the safe side when using it.
    Install and configure a PGP compatible software like OpenPGP, GNUPG or enigmail. Public keys of mail users are available from the postman.i2p public address book.

    Those measures are nothing special but are suggested by common sense. The next chapter will show you more about the composition of a mail and what those fancy header lines do


    Now if only I liked using email ;-)

    OTOH, not being pissed about all of it ending up in the archives of ALL of my ISP, Email server, NSA, China, Russia, Mossad, etc. etc. would make it less of an annoyance ;-)

  11. E.M.Smith says:

    Oh are there a LOT of software choices at that Fediverse software link… This is gonna take some time.

    OK, first impressions:

    i2p has a nice minimal set of software “ready to go”. You can get done what needs doing with what is there. Email, file transfer, hidden web site, chat, etc. Not fancy and not particularly what you might want to choose, but already there and works. It already new how to punch through my NAT router without opening any ports or anything (though supposedly goes faster if you do).

    FreedomBox: Has a reasonable set of applications for everything you would want to do and claims to make installation and set up easy to do. But you DO get to install them even if via a ‘click and hope’ management panel. The apps listed are not always the more common ones and it will take some investigation and “think time” to decide if that is better, worse, or just a preference. Claims a Noobs friendly click-to-install-stuff but then also tells you to go play with your Telco boundary router and open / forward ports… Likely needs a Noob to properly evaluate how convenient it is as I chafe at Pictures & Clicks so I’m biased out the gate.

    Fediverse: More a contract than a single thing. An agreement on how different end software can all share content. So you pick one of a 1/2 dozen “microblogging” application but on the back-end they all can share your “tweet” around. LOTS more choices and lots more opportunity to make things just the way you like it. But you will be doing a lot of deciding and installing and configuring (and router port fiddling). Some choices are more P2P and others more “server” oriented, but you get to choose.

    P2P, F2F World: A collection of applications that all work the same way, between peers (no server) or friends (peers who are authenticated as good and you know them). Safer and faster in many ways (direct connections, no onion routing or garlic routing multi-hops and delays; you only talk to who you choose to trust) BUT you will expose your IP address to any peer or friend with which you trade connections. Anonymity is lower and contact tracing possible.

    Of course, you can obfuscate the P2P and F2F contact trace information. Use VPNs. Put up cloud based servers / relays. Use a Pi at Starbucks. Etc. But it is an added operational layer.

    Now I get to oh so slowly explore the specifics of all that space. Sigh.

    While I think Fediverse is the way of the future and likely the ultimate best choice for what I do; i2P looks good for basics working NOW right out of the box.

    FreedomBox has a nice set of stuff that might work OK for NOOBs (or might ‘have issues’) and needs testing with that in mind. Also I think using it on absolute minimal hardware as I did in my first test (Pine A64+ 1 GB quad core A53 a modest MHz) shows it CAN work, but really wants more like 2 GB and maybe a USB disk with swap.

    Then P2P or F2F looks best as “one off” services between smaller groups. So Twister is highly anonymous and highly private and could make quick connections between some machines when set up. Your IP becomes known as someone using it, but nobody can connect your messages to your use. So you are known to be a user, but your “tweets” are anonymous. IF that is ‘good enough’, then it’s a great option. IF however, the China Internet Police or the Biden PC Police decide to go hunting for all users of Twister as anything private must be Against The People’s State, then you are toast.

    That’s the first blush, anyway.

    But what to explore first?

    I think I’m going to look at the P2P / F2F stuff first as there isn’t as much of it ;-)

    Then Fediverse (other than an early survey) likely last as it is huge and incorporates some of the same end applications as the others, so having some of them out of the way already will help, then.

    FreedomBox will be ‘in the middle’ as I do a re-install on some more appropriate hardware (and perhaps with my own file system choices…).

    Which kind of leaves i2P dangling. But realistically, I think I’ve covered it OK so far. I will be putting up a list of included services (most of which are Navel Gazing – it has a lot of i2P history, bug reports, status, stats, wiki, forum, etc. etc. pages not relevant for the decision to actually USE it if not already using it. Only a few apps included to do non-i2p related things, and I covered the best of those above. I’d only add it includes Web Server stuff via Apache servers. So I think it will just be ‘sprinkled along the way’ if anything new and exciting shows up.

    But I don’t see that being soon. For example, I can’t really do a review of the email facilities when I don’t know anyone in @mail.i2p to send them email… But, “We’ll see”. If I suddenly disappear, look for me there as a near instant pop-up. But if I have time, I’m more likely going to show up in some Fediverse choice later.

  12. E.M.Smith says:

    Very nice comparison of i2p vs vpn vs Tor along with screenshots of the i2p control pages:

  13. E.M.Smith says:

    Well, I think I know the lower bound for hardware for the I2P router, at least on memory…

    Fresh install on the Orange Pi One ( 512 MB) is using nearly no CPU, about 10% to 20% with a browser open. BUT, I’ve got 330 MB rolled out to swap (a lot of that the browser / console IMHO).

    So looks like about ANY CPU but 1 GB of memory if you will run a browser too.

  14. H.R. says:

    @E.M. – I am “watching this space.”

    Thanks for birddogging this. I won’t go down the rabbit hole, but I will pay attention to where you pop out.

    I have been bookmarking a few of your *ahem* alternate comms channel posts, should I need them. It just occurred to me that perhaps I should download them, including comments. pinroot, jim2, Ossqss, and others (sorry for no mention) flesh out some of the details and further options.

    Your articles are pretty close to a ‘recipe’. Hardware and software differences mean you can’t just write, “Do A, B, C, D…. and there you have it.” You’re stringing the thousands of miles of necessary cable. The last 100 feet are up to the interested user.

  15. E.M.Smith says:


    First I do a “sniff around” and get a general idea what’s what, maybe. I usually don’t say much at all about this stage, but sometimes will say “Hey, this is interesting: LINK” and not much more.

    Then I’ll do an “experiment”. This can range from “just do a trial install” to a full on attempt to configure and use. That’s the stage I’m in now. Postings with “well that didn’t work, but this did, eventually…” and things like “that kinda sucked.” or “Hey, this is neat!”.

    Sometimes it’s enough I need to do a “Dig Here!” after some experiment demonstrated either a Gold Mine that needs excavating or a big rock pile with something that smells under it (depending on motivation / goal… Blessed Bliss or WT? Is Biting Me?)

    For things I like, that pass the Experimental without too much Dig Here! and where I plan to do it regularly in the future, I’ll do a CookBook (now usually posted so I can just find it with a blog search, but often just in a notebook).

    So hopefully that helps give a picture of what kind of status I’m in with different things.
    Sniff around
    Dig Here!
    CookBook it Dano!

    At present I’m really liking i2p for ease of bring up. On the Orange Pi (Armbian) I just did “apt install i2p” and up it came. Browser open to console and all… So there may be a very simple full package install target in that.

    There is also a C language implementation of just the router (the ones I’ve installed so far are the full thing with management pages and apps stuff written in Java so slow) so I suppose I ought to find out how to install “just the router” and in C; so small and very fast ;-)

    I’ve pretty much decided I’m going to set up one of my Orange PI One boards as “just a router” for i2p and have it in my TV Network sub-net, just running away. I have 2, and they are off almost 100% of the time so might as well have one of them be “on”. And, as a Chinese Allwinner H3 Chipset, I’m not really interested in having them inside the private lab. But as an appliance that just gets an encrypted tunnel in, takes encrypted content, and sends it out another encrypted tunnel, I think it’s pretty safe.

    Besides, at about $12, a couple of W of power, and unlimited bandwidth / fixed $$; why not just make a permanent router node for ‘middle of the pipe’ use by others?

    Frankly, I’m just a little tickled that a $12 board makes a very serviceable I2P router. Swap going to zram first then the uSD card seems to work fine. FWIW, this also means making one for “on the go” use will also be cheap and easy. So in Starbucks I can just fire it up and have my own little VPN alternative. Not as fast as a VPN, but much more private and secure. Note that Starbucks is now “fingerprinting” your device if you use their WiFi and then they leave a cookie to track you AFTER you get a Magic Token via email… I’d rather that “tracking” go to a $15-$20 “whatever” than to the device I actually use for things that matter. So I’ll have a dedicated uSD card just for them… and likely use a R.Pi M3 as a private AP for my tablet, etc. etc. so they can’t see what I do.

    Initial investigation is not showing how to use it (the i2p router) as a general AP Gateway for other computers, it only seems to work for the browser on THAT device. But maybe with a bit of a Dig Here ;-) After all, I’ve only been doing this a couple of days. Takes me at least a week to be an Expert. 8-0 Worst case is I use a laptop to open a session / window on the i2p device and remote run the browser (ala Dongle Pi project long long ago)

    In the management console, I got to see one pipe that started in Japan, went to Australia, then here, then to the UK for exit. (The tunnel monitor lets you see the flag of origin for some sites in a pipe using your device, but you can’t get anything else. The IP is not visible as everyone is connected inside an overlay network tunnel. But you get a vague idea where the bits are flowing). I’ve seen flags of France, Brazil, Russia once, Japan and a few others. VERY evenly spread I’d say. (My guess is it is the language flag you chose at set up as it doesn’t know the real physical locations).

    Oh, and on further reading, I2P looks even more protective of your anonymity and privacy than is TOR. (Several complicated reasons, but mostly that OUT and IN happen in different pipes to/from different machines, that keep moving where they connect every 10 minutes or so…)

    It is also “Standard Linux / Apache” to bring up a web site in a .i2p domain, so I’ve decided to try cloning this site into it. IF I can make it happen, I’ll try to have a full duplicate on “hot standby” and available for i2p use also. We’ll see what it takes and how much time I have ;-)

    In theory it is just install WordPress (that I’ve already trialed) and then load up the backup (that didn’t work in my one trial… 2 GB? limit in the loader and a 6 GB? backup… or some such) so I need to work more on that ‘restore’ step.

    Anyway… I’ve decided that i2p is a “keeper” even if just as a Toy System with my dedicated $12 node and occasional poking at it. I’m almost certainly going to make 2 email accounts in that domain. One for private private things, the other for ‘testing, play, and random contacts’ things. And a trial web site of some sort.

    Other stuff may displace it for Daily Driver or Primary Use if they are faster and more user friendly for others, but it will not be abandoned. It’s around to stay. The fact that it’s a built in package in Linux now says a lot…

  16. Pinroot says:

    @EM – I have to agree with H.R. your write-ups on alternatives are practically recipes/how-tos, and I’m saving all of them, just in case. Personally I can’t thank you enough for all the time and effort you’ve been putting into this. You’ve done a LOT of the heavy lifting, and given us enough info and options on what is out there.

    I installed the I2P client on my phone and need to set up Firefox to work with it, but I’m looking forward to checking it out. I’ve also been looking into ZeroNet ( I think the main drawback to this is that it isn’t anonymous, but on the other hand “As of 2016 there was no way to take down a ZeroNet page which still had seeders,[2] thus making such pages immune to third-party methods of taking them down, including DMCA takedown notices.”. And I’m sure there are ways to anonymize the traffic through them.

    As for the Fediverse, there is a map of nodes that is useful.
    There is a dropdown at the top right, and you can use it to look at nodes for a variety of software packages (Diaspora*, Mastodon, Pleroma, etc. there’s about 45 different ones to choose from). From the map you can hover over a node and get some info on that node. From what I’ve read (and I think it was specific to Mastodon but probably true of most of them) there are three different types of sites (as far as accounts go): Open to anyone who wants an account, open to a request for an account (which may or may not be accepted) and closed (usually a system set up for testing or a private system for specific users). These will show up on the map along with a description of what the site is aimed at, so you can know whether or not you’d like to check it out.

    Pidgin: This has been around a while, I used to use it when keeping in touch with certain people, but it’s been a while since I used it. It supported a variety of protocols (AIM, ICQ, Jabber/XMPP, IRC and lots of others). It also had a lot of plug-ins for other protocols, as well as adding various functions (the page for plugins is pretty well organized and there are a ton of them). It’s basically the Swiss army knife of IM/Chat clients. I may have to check it out again just to see how much it’s changed since I last used it.

  17. E.M.Smith says:


    Thank’s for the motivation ;-)

    You can run zeronet with Tor for anonymity… but I’d wonder about the speed hit ;-)

    FWIW, I’ve been slowly working through the list of microblogging(“Twitter”ish) options. I’ve pretty much settled on trying to bring up a Pleroma instance (likely inside i2p) along with a Twister instance (outside of i2p ‘in the wild’ of the internet as it is already designed for anonymity).

    The problem space is basically Privacy (security), and Anonymity.

    Until recently I’d been basically all about privacy and security but didn’t care much about anonymity. Unfortunately, with the rise of Catastrophic Vindictive Cancel Culture Assaults (CVCCA?) anonymity has become far more important. There’s lots of ways to assure a message can not be taken down, even as simple as just having your own hidden service on a .onion site or being a bittorrent seeder.

    So my intent is to ‘dual track’ things with a basic set of services (primarily for testing and maybe me with one or two interested others) on both i2p and on the Clearnet with things like Twister. Where possible, things that are Fediverse Friendly.

    So most likely first set will be an i2p Blog / Web-server, and email, along with a Pleroma instance inside i2p. Then seeing what comes next.

    2nd up will be Twister and some kind of Video Server on the Clearnet (nginx?) where I can put “banned videos” as they pop up. Limitation here is that I need to put it somewhere other than my home network lest the IP# be used to “Dox” me… So need some indirection. Public cloud server or VPN redirect from an interior network at my end, or “whatever”. Some of this will take a while, thus i2p first.

    I left the Orange Pi One up overnight and it ran i2p without issue. Now shut down as I work on other stuff in that lab space…

    Frankly, I’d just sign up for a Mastodon or Pleroma account at one of the existing sites were it not for the fact that I don’t really want to use it ( I don’t do Social Media really…) I want to find one that’s easy to set up and use in case I, or others, need it. To know how to use it for Family & Friends ‘when that day comes’.

    So having done my ‘sniff around’ and a bit of ‘explore’ on i2p; I’m now proceeding to “Cook book write up how to bring up a production node for both routing and services” where the services will include my blog, seriously private email, a chat of some sort, a video server, and likely some kind of ‘tweet’ / microblogging platform. Though that last one may just end up Twister ‘in the clear’…as it already encrypts and obfuscates.

    As one is made to “go” in the i2p overlay network, I’ll write that up AND likely get one working in the clearnet (normal internet) as well. Install ought to be very similar and easier in the clearnet.

    FWIW, for some unknown reason it looks like most of the microblogging applications are written in bizarre language choices and have mildly painful install chains as a result. So things like installing Ruby, Rails, and 1/2 dozen odd libraries before you can begin to download and install the application from some out of the way archive somewhere… Essentially “Add strange build environment for odd language and then build it from an odd repository that ‘apt’ can’t use.”

    Oh Well…

    So they will likely come after the other ‘services’ are scripted…

  18. E.M.Smith says:

    This probably works best here:

    Just checked my R.Pi M2 Squid Proxy Server. I was getting failure to reach https sites with a ‘tunnel’ issue. Turns out that Chromium was having a hissy as I had a LOT of tabs open and it was grumpy. Exit / reload browser and it was fine.


    Along the way, I got to see that my Squid Proxy server has now finishes 112 days of continuous uptime with zero issues. Golly! I know we had one, maybe 2, power cuts / blips during that time, so I guess that shows my UPS system is working well ;-)

    I’m pretty sure the 113 days ago was me unplugging the wrong thing ;-) It had been up for months then, too.

    I just love *Nix servers that just run for months to years…

  19. Pinroot says:

    There used to be a site (I can’t find it now) that tracked uptimes of various machines. You installed a small piece of software that basically uploaded your uptime and some system info to the site. There were machines that had been up for years, and all of them were some type of *nix/bsd machine. You had to go way down the list to find anything running a Microsoft OS. I wish I could find the site, but so far no luck.

  20. E.M.Smith says:


    I think I’ve told one of these two stories here before…

    1) Hired at a new Tech Company to run their computer lab / it stuff / etc. I’m doing my usual walk along all the rows of equipment, front and back, one hand passing in front of the fans. One system isn’t blowing much air on me. I check. Fan is sporadically slowing a lot, occasionally stopping. It is their main Build Server for their product development. We do an emergency shutdown to replace / clean / whatever the PSU Fan. Seems it was a BSD box and had been running without shutdown for a couple of years and the fan had just gunked up as the room wasn’t filtered. Swap PSU and back up for a few more years.

    2) At Ericsson, on another contract, they were running their main user base on Microsoft NT Servers (which dates the story…). It had a memory leak such that they would run out of memory and eventually hang (so crash to recover it) in about 10 to 12 days, so…. to prevent that… Every Friday we would wait until about an hour after end of business and SHUT DOWN EVERY SERVER for a reboot. Globally.

    And some people wonder why I prefer BSD to Microsoft for servers…

  21. E.M.Smith says:

    Not sure where to put this, so putting it on the most recent “encrypted tunnel” thread.

    I’ve been having sporadic “Failure to form tunnel” and failures to connect via HTTPS on wordpress sites (mostly my own, but not exclusively, in proportion to frequency of visit I think).

    So for “some reason” the HTTPS encrypted tunnel is sometimes not getting done in time. It could be load at my end, at the WordPress end, a MTM Man in The Middle attack, clock skew too far off (though I doubt it, my clock is right), a DDoS attack, or who knows what.

    NOTE that this is NOT related to i2p (despite putting it on this thread…). This is a regular Armbian running without i2p but on the regular ‘clearnet’ internet.

    Anyone else having issues?

  22. Pinroot says:

    I haven’t had any problems, but I’m at work so not really spending too much time surfing. It could just be something local. You can check here ( or some place similar to see if there are any issues in your area I suppose.

  23. E.M.Smith says:

    Problems with https are VERY sporadic and seem related to network load locally and perhaps a failed connection spike at WordPress per a downtime page.

    In other news:

    I’ve installed i2p on my Rock64 and it’s going great.

    This is running straight Armbian Buster and install was “apt install i2p”.

    While it didn’t launch FireFox for me, it did start the router and launching FF for myself was kind of a non-issue.

    The Rock64 is a 4 core A53 / 64 bit processor at 1.3 GHz, so significantly more than the Orange Pi One (that’s supposedly a 1.2 GHz 32 bit but mine seems to top out at 1.01 GHz so is throttled somewhere). The 2 GB of memory on the Rock64 means swap issues are essentially gone. It has 1 GB of zram swap available, and I added 1/2 GB of uSD card at lesser priority just to be sure, but with browser open and i2p router running, and having done some stuff that would load up disk cache, it has all of 10 MB on swap at all, and that’s not active as there.s 1.24 GB memory used out of 1.95 GB available (after partitioning out video / zram / etc.)
    This also implies that 1 GB on a 32 bit machine would be OK too. Modulo that programs are 2 x as big on 64 bit machines vs 32 machines but data isn’t necessarily.

    IMHO this means there’s plenty left to bring up an Apache web server, email and a couple of other services too. So this is the SBC that’s going to be kept up, more or less all the time, as my i2p testbed / home server.

    Very comfortable to use, reasonably fast, and with room to spare in memory and several GB of uSD left over too.

    More when I do something more with it ;-)

  24. E.M.Smith says:

    In the left side bar of the I2P control panel, it has a I2P Services box. Listed in it are Email, Web Server, and Torrents. These, it seems, are ready to go.

    I clicked on email, and it offered a login panel that included a ‘create account’ option, which I did. So now there is a “pub4all@mail.i2p” account ready to go. Now I just need to have someone to send email to in the I2P world. It was trivial to set up, only issue was I was choosing special char in my password that it didn’t like. The allowed special char are a subset.

    Getting a web page up and running was almost as easy. Click the Web Server item and it gives you the help screen that contains links to do what you need to do. It looks like a lot more than it is. In reality, I edited one file and got to flush the browser cache to see the new stuff. In the “package install” bolded directory below, the index.html file.
    Then did the paste of the long binary name and my chosen site name into the Address Book. The result:

    Since this is experimental and gets shut down when I’m not playing with it, most likely you can’t get to it even on the .i2p network just yet.

    Guide to Anonymous Webserving on I2P

    This is your own anonymous I2P webserver (traditionally referred to as an eepsite). To serve your own content, simply edit the files in the webserver’s root directory and the site will be public once you follow the instructions below.

    The webserver’s root directory can be found in one of the following locations, depending on your operating system:

    Standard install: ~/.i2p/eepsite/docroot/
    Package install, running as a service: /var/lib/i2p/i2p-config/eepsite/docroot/

    /Users/(user)/Library/Application Support/i2p

    In I2P, hidden services are addressed using a Base32 address ending in “.b32.i2p”, or a Destination represented as a long Base64 string. The Base32 address may be used as a hostname, until you register a name following the instructions below. The Destination is somewhat like an IP address, and is shown on the Hidden Service Configuration page.

    The instructions below detail how to assign a name like “mysite.i2p” to your website and enable access by others. You may reach your site locally via
    How to set up and announce your hidden service

    Your webserver is running by default, but is not accessible by others until you start the hidden service tunnel. After you start your I2P Webserver tunnel, it will be difficult for other people to find. It can only be accessed with the long Destination or with the shorter Base32 address (.b32.i2p), which is a hash of the Destination. You could just tell people the Destnation or the Base32 address, but thankfully I2P has an address book and several easy ways to tell people about your website. Here are detailed instructions.

    Pick a name for your website (something.i2p), using lower-case. You may wish to check first in your own router’s address book to see if your name is already taken. Enter the new name for your website on the Hidden Service Configuration page where it says “Website name”. This will replace the default “mysite.i2p”.
    Also, if you would like your I2P Webserver tunnel to be automatically started when you start I2P, check the “Auto Start” box. Your website will now start every time you start your router. Be sure to click “Save”.
    Click the start button for your webserver tunnel on the main Hidden Service Manager page. You should now see it listed under “Local Tunnels” on the left side of the I2P Router Console. Your website is now running.
    Highlight and copy the entire Local destination on the Hidden Service Configuration page. Make sure you copy the whole thing, it is over 500 characters.
    Enter the name and paste the destination into your address book. Click “Add” to save the new entry.
    In your browser, enter in your website name (something.i2p) and you should be right back here. Hopefully it worked!

    Before you tell the world about your new website, you should add some content. Go to the server’s root directory listed above and replace the index.html redirect page with your own content.

    Directory listings are enabled, so you may host files from a subdirectory without providing a page with links to the files. You may change the appearance of the directory by supplying an edited jetty-dir.css file for each directory. The lib subdirectory demonstrates a custom style. The resources subdirectory demonstrates the default style. If you need a template for a basic site, feel free to adapt this page and associated content.

    If you’re returned to this page after editing the content, try clearing your browser’s web cache:

    Firefox: Preferences ➜ Advanced ➜ Network ➜ Cached Web Content ➜ Clear Now
    Chrome/Chromium: Settings ➜ Advanced Settings ➜ Privacy ➜ Clear browsing data
    Opera: Settings ➜ Privacy ➜ Clear browsing data

    So now begins the long slow process of getting historical pages from here, loaded to there. “For that day”…

    But I’ve got the basics working.

  25. E.M.Smith says:

    Oh, and in theory, inside the i2p network, this address ought to get you to my little toy web server (pending adding it to your address book):



    I got to my test page from my OTHER computer that’s running i2p so looks like it is generally working! (Do need to get address stuff propagated though. That takes time. But the 32bit address above ought to always work. (INSIDE the i2p tunnel world that is…)

  26. Pinroot says:

    I’ve been trying to install an I2P client on my phone (Android). It installs, but I’ve yet to get a connection to an i2p site. They recommend Firefox, but there’s no way to configure the necessary options using the mobile version (about:config doesn’t work). There’s a built in browser in the app, but I keep getting an error message about the i2p router not working (from what I can tell it is, but I could be missing something, as usual). I’ve done some searching and found another browser (Lightning) for Android that is supposed to work, so I downloaded it, only to find that I got the wrong version (there was a basic and advanced, so I picked the wrong one, need the advanced one). Got all that going, but can’t connect while at work (I use our guest wifi, and they block a lot of things :( ). While I was at it, I decided to install I2P on my work laptop (Windoze 10), where I would be able to configure Firefox to work with it. Installed it, and found out I have the wrong version of Java installed. I’m not messing with Java because the last time I did that, it broke the website where I put my time in to get paid (started getting a ‘wrong version’ error). Right now, getting paid is more important that I2P, so that’s as far as I’m going using Windoze. I don’t have a working linux machine at home, just a MacBook Air which doesn’t have java installed, so tonight’s project will be to get java and then I2P installed on the Mac, and we’ll see how that works. I’ll also keep trying to get it to work on my phone. While looking for on-line help I did run across an Mastodon site dedicated to I2P ( Just scanned it briefly, but it seems to have lots of links to helpful things, so definitely worth checking out. Also there is a sub-reddit for I2P (r/i2p) and found this as part of the sub ( They seem to be pretty friendly towards n00bs (“noobs are people to, and they have important input.”) and welcome any questions, so that looks like a good place to go for help. I’ll eventually suss it all out.

  27. Pinroot says:

    Oops, that’s not a Mastodon site for I2P, it’s an account for I2P on a Mastodon site. Sorry for the confusion.

  28. E.M.Smith says:


    For about $50 all up including PSU heat sink et al you could have a nice little SBC to experiment with… Just sayin’…. comes a time when being able to do what you want in 10 minutes is more valuable that one tank of gas or a dinner out…


    for an example of running the little board as a “rat on a rope” from a laptop such that I didn’t need to change the laptop but could still have a ‘free screen and keyboard’ on it while I could re-flash the Pi at will.

    Sometimes a little hardware can avoid a whole lot of software Dependency Hell…

  29. E.M.Smith says:

    FWIW, found a couple of web pages that tell you how to raise the limit on size of a WordPress dump that can be loaded, so likely can do that to load my site dump onto the i2p server.

    Until then, I’ve started a wget running. It’s throwing some errors, but they mostly seem to be complaints about things that are missing / moved (old pages have dead links to things that have now evaporated…) and what looks like the occasional complaint about unallowed browser / connection type (that at least in some cases looks like twitter or facebook links in comments not liking my ‘user string’).

    It isn’t nearly done yet, but I was still able to open the top page (from the local files) in my browser and things looked OK. So worst case is I’ll have a slightly broken backup copy of this site up on my i2p location sometime tonight or tomorrow. Certainly enough to play with and enough to have captured most of the articles. (So far comments not showing up, but it’s early in the dump and wget only adjusts links at the end, so comment links may be late to show). I still have the WordPress Approved extract that does include comments, so worst case is that “someday” I’d have to do that “adjust the upload limit” thing and reload it.

    I’ll let folks know when there’s something more to play with.

    FWIW, it is unlikely that NEW comments can be applied to the clone as it is just a clone and lacking all the WordPress Software that lets the active bits do those mysterious things WordPress does… Installing WordPress itself will be another day. I’ve done one test of it and succedded, but that was on a different machine and certainly NOT integrated with the i2p software / i2prouter & console… So “some assembly required”.

    OTOH, I’m happy if it is just a ‘read only clone’ for a good while. That’s enough to preserve and protect. Making it fully functional can come later. (Though really I’d be tempted to just ‘recandle’ under a new brand for a little while and let the archive copy be static, maybe…)

    In any case, I’m continuing to make good progress.

    Oh, and Pinroot:

    I’m pretty sure a R.Pi M3 would be enough SBC for generally getting started. $35 (or less if you buy one from someone who just MUST have a new Pi M4… ;-) In my case, it is network limited so the CPU use never goes high for the router; only if you do something in the browser that’s a heavy load, like a video.

  30. E.M.Smith says:

    Interesting. This application claims to duplicate web-sites for off-line viewing:

    It is in Debian:

    root@OdroidN2:/# apt-get install httrack
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    The following additional packages will be installed:
    Suggested packages:
      webhttrack httrack-doc
    The following NEW packages will be installed:
      httrack libhttrack2
    0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
    Need to get 262 kB of archives.
    After this operation, 696 kB of additional disk space will be used.
    Do you want to continue? [Y/n]

    So I think I’m going to give it a try after my wget is done. I’d love to not have to fidget with all the options to wget to make it work right…

  31. Pinroot says:

    @EM – I’ve got a RPi M3+, I just haven’t set it up yet. I really don’t have any place to use as a desk right now, so I’m using a laptop. I want to get off my lazy butt and set it up as a freedom box and play with that, it’s just a matter of motivating myself. That, and finding time between going to work and doing chores around the house. I’ll get a round toit one of these days.

    I did get the client working on my phone and was able to connect to your i2p server, and I did get it up and running on the laptop, so there’s that. For some reason I can’t get the laptop to connect to your server, but the phone will (using same wifi, etc). So, at least a little progress on my end. Maybe this weekend I’ll set up the RPi and play with it (I’ve got the Freedom box image so I just need to burn it to an SD card).

  32. E.M.Smith says:


    That’s why I pointed you at the “Dongle Pi” link. I ran it in my cargo pants pocket on 2 wires from the laptop. USB for power and ethernet for VNC / terminal interface.

    No desk nor table required ;-)

    The Pi M3 doesn’t even need the WiFi dongle as it has built in WiFi.

    In theory, it is ‘plug two cables into R.Pi M3 with ‘whatever’ Debian base OS is on it. Configure putty / VNC and you have a terminal into it. Turn on WiFi to world and go play.”

    More or less ;-)

    Per Laptop reaching site:

    I’ve noticed that the full router install needs to run about 10 minutes to establish enough neighbors that it has a decent shot at connecting to things and decent speed. The longer it is up, the more integrated into the mesh it becomes and the more reliable.

  33. Taz says:

    I don’t like I2P – but run it 24/7 anyway in hopes they’ll improve. Little D2550 Atom can move 1TB per month. Haven’t tried it on better hardware, but suspect it will be slow and cranky there too.

    Feel ZeroNet or Onions are more practical right now. Hoping that will change. Especially now that both Tor staff and Mozilla have become woke cancers.

  34. E.M.Smith says:


    I2P does seem a bit slow some times, and flat out fails to load .i2p sites more than I like. But I’m still exploring it.

    One thing I’ve noticed is that the console shows me using far less bandwidth than I’m allocation to moving bytes. Don’t know if I’m not reading it right, volume is just low, or my system / pipe is too small to attract much use…

    I’m planning on an “all of the above” exploration. I’ve already run Tails and Tor. (FWIW, being open source, if some group goes too “woke” others can just fix their junk and move on. ) I’m going to try FreeNet and Zeronet and more.

    For now, the “feature” of i2p for me is the easy bring up of a backup web server in an overlay P2P network. After I’ve got that done, and gathered in the experience, finding a better one is just legwork…

    So far my Rock64 is doing just fine. Last I looked had something like 16 client tunnels running. So yeah, doesn’t need much hardware at all. So I’m planning on just letting it run 24 x 7 too. Otherwise it just sits in a box, so…

    Also like that I get to play with easy encrypted email…

    FWIW, longer term I’m pretty sure it will be something from the Fediverse that’s the winner. BUT the install and bring up is more painful. So i2p is going first…

  35. Taz says:

    “Anyway… I’ve decided that i2p is a “keeper” even if just as a Toy System with my dedicated $12 node and occasional poking at it. I’m almost certainly going to make 2 email accounts in that domain. One for private private things, the other for ‘testing, play, and random contacts’ things. And a trial web site of some sort.”

    Try ZeroNet (bittorrent over onions). It’s like a portable app – you just unpack to it’s home. Start the Tor browser (which brings the Tor Network online), then start the ZeroNet server via their .sh file. Comes to life fairly quick, and I’ve seen it update VERY rapidly when many peers are up. Almost as fast as server client. For your safety, I recommend that you only operate from a disk fitted with full disk encryption. That said, I’ve honestly not seen much troublesome material there. Just Onlyfan skanks one can’t unsee :)

    One guy does Zeronet. He really needs to find a way to run it off I2P. Tor may be better tested than I2P – but it does seem they’ve run off anyone competent…leaving only green haired cannibals behind to hold the fort.

    Secure Scuttlbutt is something you should look at too. Sneakernet on steroids.

    This config might help. It’s been reposted and reposted:

    trackers_file =
    trackers =
    tor = always
    open_browser = False
    fileserver_port = 56123
    tor_controller =
    tor_proxy =
    connected_limit = 5
    global_connected_limit = 256
    workers = 3

  36. Taz says:

    To post anywhere, you pretty much hafta get a ZeroID.

    Most don’t get past this. It’s a very shaky system. Sometimes using plain Firefox works better – I don’t know why.

    Every file you post is cryptographically signed. Only YOU can remove what you post. Destroy that key – it’s there forever. The files you post are also hashed to SHA512…so not much chance of corruption either.

    I actively search for sites belonging to the deceased – to keep them from fading. There was a Russian who died early leaving wife and young kids behind. He was very energetic on Zeronet…creating many sites. Those sites are still up. His key was either lost, or his widow destroyed it? So it will remain as long as others are willing to mirror it.

  37. E.M.Smith says:


    It is looking to me like “Invasion Of The PC Army” is all about disrupting development on projects the TLAs don’t control and don’t like. Something similar tried to run off Linus…

    I suspect many project forks will result.

    FWIW, I don’t have anything interesting to hide so don’t really need any of this encryption stuff. I just like playing with it. Unfortunatly, given the speed of the Cancel Culture Plague, I’m now required to “prepare the field” to contest with it. So I am.

    Part of that will be cookbooks for several easy bring up privacy options. Another part will be running nodes on some of them just to help out a little. Then a 3rd will be evaluation for exposures. Hopefully I won’t have to get involved with programming / devo…

    But who else better to be a QA guinea pig than someone with nothing in their encrypted kit but what they already published in the clear? So I’ll add distracting volume to the traffic that helps obscure other traffic…

    I’ll take a look at your other suggestions too. Thanks.

  38. E.M.Smith says:

    One thing that put me off zeronet as a first trial was that “fading” thing. I’ve never been fond of popularity contests. It makes sense from a performance POV but I’m more archivist oriented.

  39. Taz says:

    Less useful is “handshake”. Sure, they can’t take your domain…but your ISP could cut you. Then there is the matter of of DNS support. How many will really support it?

    I’d be willing to setup a Loki relay free – but that bunch is in love with their cryptobabble. And Australia is looking more and more like the old Soviet Union.

    Sure wish some Russia would write up a detailed outline of all of the techniques everyday Russians used to communicate around the state. That expertise is likely far beyond what you’ll find in western circles. To my mind, I2P is modeled on the old Russian snailmail relay networks.

  40. Taz says:

    Imagine secure scuttlebutt “packages” being hauled around by long distance truckers. No internet contact – EVER. Just highway sneakernet.

    Would be really surprised if Iranians weren’t using that system. Heard they did use it in Cuba.

    Snailmail needs development: I’d trust the mailman any day over electronic messaging – especially if the letter was encrypted.We really need something routine here. Something YOU could use for newsletters or Samizdat should you choose. Russians know how to make these ideas work – we could really use their help/expertise.

    Dialup (where POTS is still available) is also an underutilized tool…as is simplex voice over email:

  41. Pinroot says:

    Well, I went ahead and ordered a RPi Zero (whole kit for ~$25; also got some Brazil nuts since I can’t find any locally). I’m not sure what I’ll do with it, other than install an OS, but that’s a start. I don’t have anywhere convenient to work with it tho. I’ve got a small house (~1300 ft^2) that got a WHOLE lot smaller when the wife moved in, but I’ll figure something out.

    I did get a copy of Heads (it’s supposed to be about the same as tails, but without systemd) and installed VirtualBox so i could run it as a VM. It’s not bad, but for some reason on some sites the Tor browser seemingly locks up and system load goes to 100%. If you wait a bit you can shut Tor down and restart it, but I can’t figure out why some pages seem to break it. For now, I guess I’ll stay away from those pages.

    @Taz – Yeah, one of the things I didn’t like about ZeroNet is the need to create an account in order to post, and there are only a couple of places to register the account. It seems to be some type of blockchain thing I think (could be wrong tho). Since I mostly lurk it’s not a deal breaker for me, but I could see where some people wouldn’t like it. Of course, you need an account to post nearly everywhere anyway (except on the chans, which are ‘anonymous’) so I don’t guess it’s a big deal in the long run.

  42. E.M.Smith says:


    I was about to launch into my “complaint” about the Pi Zero having no good interfaces (especially ethernet) so a PITA when I checked Amazon and saw the wireless chip one.

    Nice. Still has ‘no keyboard USB spigot’ problem, OTOH has bluetooth so a bluetooth KB/ Mouse would be fine. (I had one, but it died of Coffee Drowning… RIP…)

    So now I’m lusting after a Pi Zero Wireless ;-)


    Consider that a uSD chip would easily fit inside a folded letter in an envelope and can be 64 to 128 GB of data. Shipping those around via mail is trivial.

    Oh, and a shoebox of them arriving via local car or truck is one heck of a large packet size ;-)

    FWIW, I’m presently downloading this ENTIRE site onto an 8 GB old one (via httrack) and will have a load of room left over. About 3 GB used, 5 GB empty. Just as one metric. It will be in my i2p test bed as a duplicate copy “for that day”…

    The notion that you can stop the flow of information is, er, “quaint” and also broken. You can stop the very lazy uninterested person from tripping over information accidentally, but that’s about it.

    Heck, just consider that you could tape about 16 of those inside the sleeve of a SMALL box of matches (keeping ALL the matches in place) and then just hand it to someone who asks “You got a match?” while waving a cigarette around. You could pass huge volumes of data in plain sight in front of cameras.

    BTW, to clone my site, the only ‘gotcha’ I ran into was the robot.txt file on the first run. So I had to add the “ignore robots.txt file” flag.

    “httrack -s0”

    And off it goes. This, BTW, ought to work on any OTHER web site too. (Though there are dozens of flags for special cases you might run into.) As this is only my second trial, and I’ve not had time to QA check it yet, I may still need some other flags once I see what all I’ve got.

    But for now, it looks like it is working correctly.

    I think it fails on active pages (those that don’t actually have stuff in them, but run a program to load stuff to display…) so sites that do that (or try to be cute and hide their stuff from copy / paste by doing that) may well have “issues” being copied.

    OTOH, a whole lot of sites that are just interested in sharing data and getting whacked for PC Crap, well, you too can snag a copy…

    Now figure that I can’t even FIND 8 GB uSD chips to buy anymore, and 16 GB are getting scarce, and 32 GB are common… at about $16 last I tried. For $16 you ought to be able to store about 8 web sites of the size of mine and I’ve been posting for a dozen years. That’s a pretty darned cheap sneaker net.

    FWIW, once this copy is done, and QA checked, and issues documented, I’ll be posting a How To cookbook on it.

    As it stands now, I can save videos that are “at risk”, and put them over in the Dark Net World as I feel like it. I can save whole web sites if necessary. And I can “pdf print” selected pages as desired and save them / post them to the Dark Side / put on uSD.

    Bit just gotta flow…

    Now I just need a set of things “at risk” to preserve… I’ve been busy on the “how to” part and not spending much time on the “what to”… Maybe that can be the next step / project…

  43. p.g.sharrow says:

    @EMSmith: I have figured that at some point you will burn Devuan OS onto chips for SBC computers for applications and I wouldn’t have to learn how to do it. 8-) Now that you have tested all the possibilities time for a judgement call….pg

  44. p.g.sharrow says:

    Suppose you had to decide on a standardized version for a network of like minded individuals to use. You have the knowledge and experience. We are of like minds but somewhat ignorant…pg

  45. E.M.Smith says:


    I’m happy to “make you a chip” if you like, but it would be very easy to “roll your own”.

    At this point, there isn’t “The One Answer”, but there is a limited set of paths.


    For not too slow, good enough but still not as fast as you like: Raspberry PI M3 or (M4 with mondo heat sink added).

    For quite nice, actually: Odroid XU4 or Odroid N2 (now in short supply)

    For Damn Fast and not too paranoid: Any old Intel based PC or laptop hand-me-down.

    Operating System:

    For PC or Pi boards: Your choice of Devuan (if a true System D hater) or Armbian for the Pi if not so much worried.

    For Odroids: So far, the Devuan install is not as clean and easy as I’d like, but Armbian works just fine (they clean up most of the annoying crap). Download it and ‘dd’ it onto a chip. (“dd bs=10M of=/dev/sdYOURuSDmountPoint”)

    Boot and configure.

    FOR PRIVACY & ANONYMOUS browsing and communications:

    Tor / heads or tails work Just Fine for anything but being a “always on and selling notorious Dark Web contraband site” like Silk Road (where it took years of constant uptime to finally get them). Fairly fast on PCs and most SBCs too while being a bit more reliable than i2p (but a little less secure and fewer features).

    I2P is a little more secure and has built in email facilities for encrypted email (though I’ve not tested them yet). A little slow but works nice enough.

    Beyond that is a vast ocean of exploration of various specific applications. As noted the Zeronet has persistence of files as long as someone is seeding them, so you can’t just have your stuff evaporate when done. On the flip side, if not enough folks are interested in any thing it slowly evaporates and goes away when the last person seeding it doesn’t do that anymore. Has it’s uses.

    For ME right now: I’m fond of the nearly trivial bring up of i2P. Yes, the ability to reach any one site is a bit sporadic (especially when you first turn it on before a lot of tunnels have formed and before you become well known as being up in the network) but it is “good enough” and more importantly, trivial for you to try and see if you like it for what you do. Log into your Pi, su root, do “apt install i2p”.

    But, next on my testing list is to try a “micro-blogging fediverse” bring up. Pleroma being my target. Why? First off, you can have other folks who use some other interface still able to connect without learning something new. Second, you can set up your own server and only let on folks you know and trust. Third, it includes features like chat, email, and anonymizers.

    The most prominent feature in 2.1 are the all-new Chats. You can instantly message your friends (and enemies) in a one-to-one chat directly inside Pleroma now – no more “DM for discord”!

    This feature is completely different from the existing direct messaging system, which proved to be cumbersome and easy to get wrong. If you want to get the whole story, you can check out this Merge Request, but the main point is that these Chats will feel and behave like the chats you are used to from other instant messaging systems like XMPP, Matrix or WhatsApp.

    For now, we do not have group chats (which will require group support) or end-to-end encryption (check out my blog post about that topic for more info), but these are on the horizon.

    So if you need end to end encrypted chat, either this must go in a tunnel, or use something else, or wait for it to show up. (My intent is to bring this up, and an end-to-end encrypted chat choice, but drop back to this when they get the encryption up on chats.)

    enabled – Enables the backend chat. Defaults to true.
    This filter replaces the filename (not the path) of an upload. For complete obfuscation, add Pleroma.Upload.Filter.Dedupe before AnonymizeFilename.

    This filter only strips the GPS and location metadata with Exiftool leaving color profiles and attributes intact.

    What I would do, were I doing this right now, and I am…

    Bring up i2p on a small SBC. I’m using my Rock64 that is basically a slightly faster Pi M3 with 2 GB of memory, but a Pi M3 would be just fine too. I’m also using plain Armbian on it as Devuan is not there yet (but would use Devuan on a Pi).

    This consists of “apt install i2p”.

    Then first thing I’d do is Email (that I’ve done. It’s all of a few clicks and pick a name). Unfortunately, so far, I’ve got nobody to exchange email with. pub4all AT-Sign mail.i2p is the generic open to everyone target, if anyone has i2p running and wants to test it with me.

    At that point, the rest depends on services you want to run. Microblogging? (“tweeting”) or Blogs? Or video servers? Or “chats”? (these can be both text or verbal so it’s a bit unclear…) Text chat rooms are built in to i2p:

    2. IRC (Internet Relay Chat)
    If you’re not already familiar, IRC’s are basically chat rooms online, and I2P has an IRC service that allows users to chat anonymously. The I2P IRC channels are full of some extremely intelligent people that spawn some great discussions, interspersed with hilarious sarcasm. I’ve never been a huge IRC user, but I2P chats stand out as some of the best you’ll see. The best part is that I2P’s anonymity offers a near-perfect sense of freedom of speech. Often controversial topics are talked about in these channels, but nobody is afraid of offering what may be a very valid, but unpopular opinion, pushing you to explore new ideas from new perspectives. If you end up using I2P, I’d definitely check out the IRC. Two of the best rooms are #salt and #i2p-chat, and you can connect to them by setting your IRC client (such as X-Chat) to on port 6668.

    For my kind of use, I’m fine with just a personally run “chat room within an encrypted tunnel system like i2p. It is already built in. Though I’ve not had a chance to test it in any way. Match that to the encrypted email, and the ability to make a clone of my website there, and I’m pretty much done. All those already built in.

    What I don’t have (yet) is a choice for “tweet” like things and a VoIP encrypted phone application identified. (Though I’ve looked at a lot of them).

    So what is your checklist? Do you want something beyond that list?

    I’m going to keep testing and exploring and if something a lot better comes along (or if i2p proves flaky and a pain in testing, once I have someone to swap stuff with…) then I’ll “move on” and bring up more choices. BUT: I’m going to keep an i2p server running and use those services in any case. Why? It is very easy, and it works on small hardware. Not common things in my experience. So I want to encourage them by participating AND I want to have an easy alternative already in place if this site suddenly goes “POOF!” (and that will be up and running end of business today by all appearances… just need the web site scrape to finish).

    So once my web site is cloned (even if not yet ‘participatory’ i.e. static not open to new comments) and I’ve had some email flow, I’m pretty much happy. Then I’ll work on how to set up a private chat room for conversations and more. All on i2p.

    Even as continued parallel exploration happens for the Fediverse applications. I don’t see this as “either / or” but rather as “belt AND suspenders AND spandex …”

  46. E.M.Smith says:

    While the htttrack runs to completion on the i2p server, I had another “clone” running on the N2. It has completed, successfully converted links (so clicking on a sidebar posting name takes you to the local file version not to the online live web site, similarly comments) and I’ve opened it in a local tab.

    Looks like it is all correct and works as expected. So a decent “backup at a moment in time”. When the httrack one completes, I can compare the two for appearance, function, size, etc. and see what works best or if they are basically the same.

    Here’s the command I used. I did not put any pauses or time wasters in this one as I wanted to find out if WordPress watched for such things (other than a robots.txt file it looks like it doesn’t). In theory this will clone any WordPress site, but I’d likely add some time pauses in it if doing someone elses site. It’s the polite thing to do.

    ems@OdroidN2:~$ bcat cloneme
    wget -m -k -p -np --domains -U "Mozilla/4.0 
    (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

    So this says to launch wget, do a “-m” or “mirror” the site

    Turn on options suitable for mirroring. This option turns on
    recursion and time-stamping, sets infinite recursion depth and
    keeps FTP directory listings. It is currently equivalent to -r -N
    -l inf –no-remove-listing.

    the -k says to handle the links so that the local copy looks to local pages, then -p is for loading all ‘page requisites’; usually this doesn’t matter but it can make sure the last leaf page has some detail bits. Maybe. The -np is ‘no parent’ and says not to climb out of this site going up the food chain to the whole world. I restrict it to just my domain, and give it a ‘user string’ saying I’m an old NT box. Finally, the target URL of my site.

    That’s pretty much it. You can add “-w 20” to have it wait 20 seconds between fetches or –wait=20 which is equivalent for those folks who actually like options starting with two dashes and taking way more letters…

    Total download size was 2.6 GB, so a fair amount of stuff ;-)

  47. Pinroot says:

    I’ve been playing around with i2p some the past few days. I found a couple of interesting sites that could be useful:

    identiguy.i2p (site name: ‘eepstatus’) – Has a listing of other i2p sites and the last time they were active. There is no description of what the listed sites are about, so if you can’t tell from the name of the site (and for most of them, you can’t) you’ll have to visit it and find out for yourself. Named sites are clickable, but if the name hasn’t been added to your router address book, you won’t be able to connect.To the right of each name are the letters ‘a’ and ‘b’. Clicking on one of them will take you to a page which lists the 32 bit hash for the site name, and there are two buttons at the bottom of the page, one to go directly to the site and the other to add the name to your router address book and continue to the site.

    diasporg.i2p (site name: ‘diaspora*) – Basically a diaspora ‘pod’ running on the i2p network. I set up an account on it and got in, but then had trouble staying connected, so I don’t know what the site is really about. However I took it as at least showing that some of the fediverse sites can run over i2p, so I’m assuming things like Mastodon and Pleroma can also run as well.

    I also found a couple irc sites, but I didn’t have time to play with them, but as EM mentioned above, they’re out there and available for chatting.

    Anyway, the eepstatus site is a good place to start looking for other sites that might pique your interest. Lots of interesting stuff out there to look into and play with.

  48. E.M.Smith says:

    Well, I tested it from “my other computer in the other room” and it looks like my i2p backup / archive site works. Y’all ought to be able to get to it also (IFF you are running i2p) at this address:


    (In fact, just the [stuff].b32.i2p bit ought to be enough…)

    As the copy was made with a different ownership than the default for the i2p web server I was a little bit worried it would have permissions issues and I’d have to change all the ownership, but it looks like it is working anyway. (Though a 3rd party test would be appreciated…)

    Realize this is NOT a “live site” in that it is NOT running the WordPress software, so things like adding a comment ought to fail. It is a STATIC archive copy (or at least is supposed to be ;-)

    But enough to keep “my stuff” alive in the case that WordPress suddenly decides I’m unfit for human contact… after a mob of sub-human psychopaths howls at it too much…

    I’ve also noticed this bit:


    Postman HQ is proudly powered by WordPress
    Entries (RSS) and Comments (RSS).

    So since the i2p postman service site is running on a WordPress installation, that is an existence proof that it runs fine too.

    So next thing for me to do is install the WordPress software on my i2p box and bring up a live instance of this site. (Or, more likely, to avoid concurrency / sync issues, a simple test site…) as proof of concept, and figuring out those referenced ways to fix the “too big to load” bug / block. So that I can ‘recandle’ more or less immediately.

    For now, I just need to occasionally re-run the httrack update to keep the archived copy in sync with this live site. That will effectively preserve everything up to that last run moment.

    Color me happy ;-) I’m now “Cancel Proof”. Both web site and email have Dark Web alternatives more or less ready to go.


    FWIW, I’m going to repeat the technical steps on a Raspberry Pi Model 3, just to assure that nothing is different and that performance is acceptable. It ought to be as the Rock64 is the same kind of cores (A53) running all of 0.2 MHz faster (1.4 MHz vs 1.2 MHz) and the only really significant difference is the 2 GB of memory (that doesn’t look to be used all that much so far) on the Rock64 while the Pi M3 has built in WiFi.

    I may very well end up buying another R.Pi M3 just for that WiFi as then I don’t need to use up my dongle on the Rock64 so as to put it on the “WiFi Only” TV network… but that’s for another day. (Though the wireless Pi Zero has potential too… )

    As I do the R.Pi bring up, I’m going to document exactly all the steps AND script what I can of it, and make a Whole ‘Nother article out of it. IF there is any particular additional i2p service you would like documented in that article, let me know and I’ll try it too. (Things like chat, or whatever). Also, should you be trying this at home already, feel free to test your i2p network email against my i2p email at: pub4all@mail.i2p

    At this point, I’ve got running about 95% of everything I wanted as a first set of services. Email, private browsing (it seems to also go to the clearnet via gateways even if a bit slowly), my website archive, a working node to help the overlay network work. Only thing missing is “active website”, and that has the issue of 2 sites (Dark and Clearnet) getting out of sync; so needs some prep-work, but not a ‘go live’.

    Performance is “OK” much of the time, though you do need to give it a few minutes after first launch for your computer to establish some tunnels to others. On first use, being relatively unknown, things are slower than they are after you run it a few times. (It builds a table of known places to try tunnels, from what I’ve read). I’m happy with it.

    With that, I’m on to the next steps that will likely show up in a new thread. The R.Pi version, installing WordPress as a local instance inside i2p, a “twitter alternative” (likely Twister on the Clearnet first, then Pleroma in one or the other nets), and testing ‘chat’ against some target (though it looks like it is already a built in… but I may want to set up a personal “chat room” to see how hard it is to make a private one.)

  49. Pinroot says:

    I was able to connect to your i2p site.

  50. E.M.Smith says:


    Testing the “search” box on the archive mirror resulted in a jump to the clear net site (here) and search results from the live site. So some “active” bits of code do work, but were not ‘target shifted’ the way links were in the copy.

    The “Category” links in the sidebar do keep you on the archive copy.

    Attempting to post a comment tries to function (so code active) but gives a ‘failed to post comment’ result (probably confused about who it is and where it’s going and “can’t get here from there”…)

    It will be confusing to anyone who expects it to be a working WordPress site. But it’s a nice archive…

  51. E.M.Smith says:



    At some point I’ll need to clean up my desk and move that SBC to another location for continued operation (meaning downtime for about an hour) but that’s likely a day or so in the future. It has been up and running for a few days now and looks well integrated into the tunnel structure.

    So I’m chalking it up as “Success!” 8-)

  52. Pinroot says:

    @EM – Well, I went outside (so I could get a signal on my phone) and was able to connect to the site. The most recent post was “Pathogenic Priming & Autoimmune Risks”. I tried to reply to this thread and was able to enter everything, then was sent to WordPress to sign in. I did that and got a “Looks like you’ve already said that” error and got redirected back to “this” page in i2p land without my comment, but it looks like you’ve got the site up and running on i2p. Sometime later tonight I’ll see what I can do with email.

  53. Pinroot says:

    Whoa, when I posted “I was able to connect to your i2p site” I did that from within the i2p site, so posting is apparently possible.

  54. E.M.Smith says:


    So you made a comment on the i2p site, and it showed up here? Nice, in a way, as that prevents a “sync” problem between the two.

  55. E.M.Smith says:

    On the Devuan front, it looks like they make their packages available via Tor so you can do updates and such without being observed. Nice.

    Access via Tor
    We also provide access to our package repositories via Tor. Install apt-transport-tor and then use the following hidden services:

    deb tor+http://devuanfwojg73k6r.onion/merged main
    deb tor+http://devuanfwojg73k6r.onion/merged -updates main
    deb tor+http://devuanfwojg73k6r.onion/merged -security main

    One of the “risks” (though admittedly a very minor one) of running a Linux site and having it do “un-approved” things, is that when you do “update/upgrade” cycles or install additional programs / packages, a TLA or other Bad Actor can try a Man-in-The-Middle attack to insert malware /spying stuff.

    It ought to be rather hard as there’s a SHA hash that must match, but in practice that just means they must spoof that, too.

    So here’s a complete bypass of that. Nice. I may try that at some point once I get the Pi M3 i2p instance running. (Yes, I’m working on that “document end to end from bare hardware” posting / bring-up).

    I just stumbled on this and I’m not planning on doing it right now. But it’s nice to know it exists ;-) If there isn’t already a Devuan Source / Binary mirror on i2p, maybe I’ll make one. Then you can do the whole thing from install to updates without being observed / intercepted. They don’t have one listed on their mirrors page:

    So it’s something I could add to the project…

    Well, back to work 8-}

  56. Pinroot says:

    @EM – After I posted to the i2p site I was sent back to this page (on the i2p site). It looked like some of the posts were missing. I think the last thing I saw was this:

    E.M.Smith says:
    10 February 2021 at 11:31 pm

    That’s why I pointed you at the “Dongle Pi” link. I ran it in my cargo pants pocket on 2 wires from the laptop. USB for power and ethernet for VNC / terminal interface.


    When I get off work I’ll check it out again to be sure. In the meantime, I hope I haven’t broken anything by trying to post there. I really didn’t expect anything to show up, and especially didn’t think it would show up here.

  57. E.M.Smith says:


    The nice thing is that you CAN’T break anything, as the purpose of this install is to test stuff. Pretty much by definition, if you did manage to “break” something, that’s a testing feature ;-)

    Comments here on the Clearnet site will not be reflected on the Darknet i2p site until / unless I do another httrack update of it.

  58. Pinroot says:

    Yeah, I was hoping you would say that :) Go ahead and get the bugs worked out early.

    I have tried to send you an email at your i2p mail address, but I’m not sure it went out. I did manage to send myself one successfully (pinroot@mail.i2p for anyone who’s interested).

  59. Pinroot says:

    Oh, I forgot to mention, I got my RPi Zero today. That thing is TINY! It does have two on-the-go micro usb ports on it, one for power and the other for whatever (keyboard and mouse for now). I had to order an adapter for it so that I can hook my wireless keyboard/mouse up to it (got a two pack for ~$5), but you don’t need a bluetooth keyboard/mouse to use it, so that’s nice.

  60. E.M.Smith says:

    The Pi Zero is a very interesting device. The only reason I never bought one was the lack of network connector meant you had to add that outboard and by the time you got that plus keyboard and mouse atrached, the added bits were making it cost as much as a regular Pi.

    Looks like they fixed all that in the wireless curent version.

    It is only a single core instead of the 4 in the regular Pi, but they have it up to 1 GHz now. Ought to be enough for a i2p gateway, but running a browser on it will be a challenge. It ought to work, but will be slow and most likely need a GB of swap space.

  61. E.M.Smith says:

    Day 2 of the ‘simple’ R.Pi bring up has begun.

    I decided to use an old slow 4 GB uSD card I had laying around… turns out that some Linux releases no longer fit on a 4 GB card if you install the full lxde desktop… so a “do over” is underway with a reduced set…

    Note To Self: Buy only 8 GB or bigger uSD Cards from here on out, 16 GB or better preferred… oh, and really fast ones that build in minutes instead of hours of I/O…

  62. E.M.Smith says:

    Golly! “Special Price” on Odroid XU4 direct from Hardkernel: $49

    I’d want to know shipping cost though…

  63. E.M.Smith says:

    Oh Dear! Looks like MicroSnot has been busy infesting things again. This time they (somehow) look to have crawled into the Raspberry Pi approved OS repository list:

    Summary: Microsoft entryism (using fake ‘love’ and openwashing tactics) seems to have yielded the worst possible outcome; it now has root-level access, without user consent, into millions of Raspberry Pi devices
    $ grep -i pretty /etc/os-release
    PRETTY_NAME=”Raspbian GNU/Linux 10 (buster)”
    How to know if you’re affected/infected already:

    $ cat /etc/apt/sources.list.d/vscode.list
    # You may comment out this entry, but any other modifications may be lost.
    deb [arch=amd64,arm64,armhf]
    stable main
    We don’t know yet if this affects only Buster-based devices. We need to highlight the issue before this becomes widespread.

    “Just in case the implications were not obvious,” our source noted, “Microsoft servers get pinged with every update. That tells them the quantities and locations of all the world’s networked Raspberry Pi computers running Raspberry Pi OS.”
    A poor work-around or fix (to the above):

    sudo rm /etc/apt/sources.list.d/vscode.list
    sudo touch /etc/apt/sources.list.d/vscode.list
    sudo chattr +i /etc/apt/sources.list.d/vscode.list
    But why was this added in the first place? “A far as I can tell,” the source said, “the file was injected during an update this weekend, but no package fesses up to having created it.”

    sudo dpkg -S /etc/apt/sources.list.d/vscode.list
    dpkg-query: no path found matching pattern /etc/apt/sources.list.d/vscode.list
    We got the same on two systems now. As the video shows, a system update a week ago did not yield this ‘infection’. So it happened less than a week ago.

    “Conclusion,” according to our source, is that “Raspberry Pi Foundation has a quisling somewhere inside.”

    “Result,” the source added: “Microsoft has, via the package repository, defacto root access.”

    “This is almost certainly a direct reaction to the Raspberry Pi having entered the desktop market with very, very serious models.”

    This is both “as bad as they say” and “not really all that bad”, depending on what Micro$oft does with the system update “ping”.

    It does not DIRECTLY give them root access, but it does allow them to INSERT root access if you updated some package with a buggered version from them.

    vscode is the Visual Studio code that M.S. has made “free”, so if you want it, you need to get it from them. IF they buggered it, then your system would be ‘had’. Like ALL choices of repositories, you are depending on TRUST and REPUTATION.

    Unfortunately, MicroSnot has shown itself to by untrustworthy and has a lousy reputation (IMHO). It has attacked (and still is attacking) Linux and FOSS whenever it can get away with it. So I’d remove any MS Software, and repositories, from my system.

    As I don’t use (and won’t use) Visual Studio, removing that entry is no big loss.

  64. E.M.Smith says:

    Annndddd… it looks like Chromium might end up headed for the rocks. Google has shoved restrictions on what you can do with the Chrome API interfaces at it. Essentially you can use it as a plain old browser, but the abilities will be limited. Some I don’t care about (like ability to sync my bookmarks with Google…) but the article says it also kills spell checking.

    Guess we’ll either end up with a “fork in the road” of Chromium or I’m going to (eventually) need to look at other browsers. (Like maybe Brave…)

  65. E.M.Smith says:

    Just got around to checking my mail.i2p email and there was the test message from Pinroot! Oh Boy, mail works!

    Also sent a reply.

    Only “odd bit” was that it looks like you need to click the “check mail” button to have outgoing mail picked up…

  66. E.M.Smith says:

    Posting this from a fully brand new install of Raspbian Buster on a Pi M3 running i2p.

    Two things:

    First off, the vscode.list is NOT in the downloaded image, but it DOES get added when you do the “update / upgrade” cycle. So someone at the Pi Foundation has decided Visual Studio is a good thing… “Note to self: Put in place ‘just nukem’ script to kill it whenever it shows up”…

    Second, after a modest amount of pain and suffering (to be detailed in an upcoming posting…) I got i2p to run on the Pi M3. Substantially ALL the troubles caused by either “i2p not in the build” or “A 4 GB uSD card is just too damn small”. After finally shoehorning it in (“apt remove chromium”, “apt install i2p”, “apt-get install firefox-esr”) as Chromium took up about 340? MB and FFox was about 1/2 that… it runs fine and just like everwhere else.

    So, IF you already have a Raspberry Pi and are running the regular Raspbian build, to install and run the i2p stuff consists entirely of opening a root shell (sudo bash or similar) and then:

    apt install i2p
    {answer Y when asked to proceed then to launch it, 
    exit the root shell and:}
    i2prouter start

    At which time it will start the router and toss you into the default browser to finish the installation via clicking the “next” button a lot of times after you pick your language on the first page. Once the console launches, click on the lower left line that says “client tunnels” or some such and it will open the console page showing the tunnels forming.

    Longer form to follow ‘in a while’… but it really is easy once you have the OS installed and if you are not using a 4 GB or smaller uSD card…

  67. Pinroot says:

    Yes, EM and I were able to exchange email using i2p, which is nice. The email client is web based and the inbox doesn’t auto update but I can live with the way it is, since it won’t be my primary email client. Also, if you know someone’s i2p email address, you should be able reach them from the clear net by using “”. I think that will work…

    I tried installing i2p on my RPi Zero. No go. I forget the error, but it was something about the chip doesn’t support VM (the Java VM I assume). I found something that should work on it (a Tor router), so I’ll give that a shot sometime soon. I think I’ll follow EM’s lead and install i2p on my Pi 3+, which can run it.

    I’m not happy about the M$ infiltration of the linux world, but I’m not surprised. They’re a cancer, so they’re going to spread. It’s something else to be on the lookout for.

  68. E.M.Smith says:


    See my description of R.Pi M3 experience here:

    Short form:

    It is in Raspbian and easy to install. The Devuan I tried didn’t have it. The Debian I tried was flaky and hung so I moved on. (A better Debian ought to have it or a sources build package from Devuan?). Ubuntu to be tried a bit later, maybe.

    What OS you running on your M3?

  69. Pinroot says:

    @EM – For now, I’m going to try to install Freedom box. I don’t have any idea what distro it’s built on, but i2p is included, so I’ll start there. I’m also grabbing the latest Raspbian (minimal desktop version). I usually get the minimum necessary (console version) but if I don’t like Freedom box, I expect setting up i2p will be easier in a GUI.

  70. E.M.Smith says:

    I2p is managed from your browser, so I think a GUI is required. It will run without the browser open, but at first launch it expects a browser to configure and finish the process.

  71. Pinroot says:

    @EM – Once I get i2p set up on the Freedom box, I’ll see what other stuff I might want to run and play with it. If I was just running it by itself, I’d probably get rid of the GUI after getting it up and running and just run a headless system. There are bound to be config files that the gui is writing settings to, just a matter of finding them and understanding them :) . And if it’s running ok, no need for the overhead of the GUI, I would hope. But i would like to have one up and running just to contribute to the system overall.

  72. E.M.Smith says:

    Installing I2P and first steps
    First get the newest version of i2p here. You can choose between 3 different installation types: a graphical installer, headless install and sourcecode. If you use windows or linux with a graphical interface, pick the first one. On headless machines e.g. on rent servers without a monitor choose the headless install.

    So, OK, it’s an option somehow somewhere…

    Also, this link gives specifics for various other OS types, including repositories you can add if your favorite distribution is lacking:

    Though I’d wonder if those repositories have ARM variations…

    And an interesting overview of it, and features, once up:

    Somewhere I saw directions for using a browser on “some other machine” to control another one with i2p running, but I’ve misplaced it now. I THINK you just point the browser at IP:port on the other machine… I’ll have to go looking for that again, as I’m going to be running mine ‘headless’ pretty soon.

  73. E.M.Smith says:

    Ah, got it. In the FAQ of course: (Quoted from here on down:)

    How can I access the web console from my other machines or password protect it?
    For security purposes, the router’s admin console by default only listens for connections on the local interface. There are two methods for accessing the console remotely:

    1 SSH Tunnel
    2 Configuring your console to be available on a Public IP address with a username & password
    These are detailed below:

    1 SSH Tunnel
    If you are running a Unix-like Operating System, this is the easiest method for remotely accessing your I2P console. (Note: SSH server software is available for systems running Windows, for example
    Once you have configured SSH access to your system, the ‘-L’ flag is passed to SSH with appropriate arguments – for example:
    ssh -L 7657:localhost:7657 (System_IP)

    where ‘(System_IP)’ is replaced with your System’s IP address. This command forwards port 7657 (the number before the first colon) to the remote system’s (as specified by the string ‘localhost’ between the first and second colons) port 7657 (the number after the second colon). Your remote I2P console will now be available on your local system as ‘http://localhost:7657’ and will be available for as long as your SSH session is active. If you would like to start an SSH session without initiating a shell on the remote system, you can add the ‘-N’ flag:
    ssh -NL 7657:localhost:7657 (System_IP)

    2 Configuring your console to be available on a Public IP address with a username & password
    1 Open ~/.i2p/clients.config and replace
    clientApp.0.args=7657 ::1, ./webapps/

    clientApp.0.args=7657 ::1,,(System_IP) ./webapps/

    where you replace (System_IP) with your system’s public IP address
    2 Go to http://localhost:7657/configui and add a console username and password if desired – Adding a username & password is highly recommended to secure your I2P console from tampering, which could lead to de-anonymization.
    3 Go to http://localhost:7657/index and hit “Graceful restart”, which restarts the JVM and reloads the client applications
    After that fires up, you should now be able to reach your console remotely. Load the router console at http://(System_IP):7657 and you will be prompted for the username and password you specified in step 2 above if your browser supports the authentication popup.
    NOTE: You can specify in the above configuration. This specifies an interface, not a network or netmask. means “bind to all interfaces”, so it can be reachable on as well as any LAN/WAN IP. Be careful when using this option as the console will be available on ALL addresses configured on your system.

  74. E.M.Smith says:

    In moving the Rock64 off my desk and to a more permanent position, it looks like the website on the i2p network did not come back up.

    There’s a ‘tick box’ to have it come up automatically, so that’s now checked, and I did a restart of the i2p router, but something still isn’t right.

    It acted like I needed to start all over again and do all the ‘make name & 32b address and put in address book and all’…

    So I did that, but I’m still not getting anything.

    As it is late at night, I’m going to just try that again tomorrow.

    It isn’t like this is production or anything.

    But be advised that a “Down / Up” cycle may not be a clean as you expect and / or there’s some steps I don’t understand yet.

    Also, as of now, you likely can’t get the backup web site and that 32 bit address may need changing once I get this sorted out. The operational aspects are not as clear as I’d like…

  75. E.M.Smith says:

    OK, it turns out there are 2 kinds of install. Package and service or some such. One expects the web pages to be in a system directory
    which is where I’d had them mounted before when it worked. The other expects them to be in a hidden directory of the user who starts the router running, for user ’ems’:

    Somehow I started it one way the first time, but the other way after the move, and it was looking in the home directory for what was mounted in the /var system area.

    It also acted like it wanted a new config (what language, etc.) so is likely being seen as a whole new router instance, which would mean that the 32b address is new too.

    OK, at least I figured out what was broken.

    This 32b seems to reach the new mount point in what looks like a new router instance:

    I’m going to just leave it all alone for a while as I try to figure out what was different between the other time and now. There’s only one login on this box other than root, and root nags you to not launch the router as root.

    So, OK, my “homework” is to learn more detail on the “2 types of install” and what might cause swapping between them.

  76. E.M.Smith says:

    Well, I thought “Maybe I ran it as root and that was the difference?”. Nope:

    root@OdroidN2:/var/lib/i2p/i2p-config/eepsite/docroot# i2prouter start
    Running I2P as the root user is *not* recommended.
    Please edit /etc/default/i2p and set the variable RUN_AS_USER.
    To run as root anyway, edit /etc/default/i2p and set ALLOW_ROOT=true.

    It’s a NoGo. when you go to edit the file it tells you to edit (/etc/default/i2p):

    # Defaults for i2p initscript (/etc/init.d/i2p) 
    # This is a posix shell fragment 
    # [automatically edited by postinst, do not change line format ] 
    # Run 'dpkg-reconfigure -plow i2p' to change these values. 
    # The next value is also in /etc/i2p/wrapper.config 

    It says to run “dpkg-configure” and not edit it. OK… something to sort out later. This looks to be the config file for if run as a daemon / service with i2psvc as the user name. For the individual user running it, config is ‘somewhere else’…

    ems@OdroidN2:~/.i2p$ more clients.config 
    # Modified by I2P User dir migration script
    # NOTE: This I2P config file must use UTF-8 encoding
    # If you have a 'split' directory installation, with configuration
    # files in ~/.i2p (Linux), %APPDATA%\I2P (Windows),
    # or /Users/(user)/Library/Application Support/i2p (Mac), be sure to
    # edit the file in the configuration directory, NOT the install directory.
    # When running as a Linux daemon, the configuration directory is /var/lib/i2p
    # and the install directory is /usr/share/i2p .
    # When running as a Windows service, the configuration directory is \ProgramData
    # and the install directory is \Program Files\i2p .

    So my best guess so far is that on the prior run it was able to get into the /var directories so used them, but on a re-launch they were owned by i2psvc and I was launching it ‘as me’ and it could not (since permissions in the i2p directory prevent it) so it went to my home directory/.i2p

    But why is still a mystery.

    Maybe I ought to look for a users manual ;-)

  77. Pinroot says:

    From what I’ve read, if you install from a repository, the installation goes somewhere in /var, or at least the eepsite does. If you do a manual install (say from then it goes in an invisible directory in the user’s home directory (/home/username/.i2p) like you mentioned above. If you did a package install, it seems odd that the second location would even exist. Hopefully I will get it installed sometime this week. I want to try the Freedom box first (which has i2p included), and see how that works out.

  78. E.M.Smith says:

    My best guess so far is that first install / run I had done NOTHING so there was no ~ems/.i2p directory at all and so it defaulted to the /var space for the Web Server (that wasn’t even running).

    Then I started the web server from the control panel, populated it, etc. and that was fine. And I did an email cycle.

    During that stuff, I think it created the ~ems/.i2p directory set. Then, on next launch, it saw those directories in existence and pointed there instead. That’s my thesis anyway.

    This could only happen at most once per person / install so most folks would blow it off as ‘learning the software’. Folks who install, launch, reboot and launch again before loading up a web page would also not experience it. Experienced hands would be running dedicated server versions and so would not experience it. It becomes a non-repeatable minor annoyance bug that nobody (or very few) would bother to report and that developers would ignore as “user error” since they can’t repeat it.

    I don’t know if I’ll find a way to repeat it either. I’m on track to bring up a C based server as my end target and only use the Java version for “boot and use then shutdown” browsing / email station, so will never run into it again either…

    I may give the Freedom Box another test run now that I’m more familiar with i2p, since for most folks that would be an easy “bring up” and they can ignore some of the other odd bits of FreedomBox. We’ll see…

    One thing I’m pretty much settled on is that i2p is the core system for my particular usage. There are some (minor) issues for Freenet, Zeronet, GNUnet, IPFS, that puts them in 2nd tier for me. (I’ll still bring up instances of each of them at some time, just to be sure and to assess function myself). So likely in a few weeks to months for each of them. That i2p started as a fork of Freenet and looks to have surpassed it means Freenet is likely to whither. GNUnet suffers from the typical GNU problems of LOTS of complexity, a focus on ‘perfection or nothing’, and VERY long slow development due to that. IPFS looks good but has “issues” with inability to limit potential exposure to malware:


    Phishing attacks have also been distributed through Cloudflare’s IPFS gateway since July 2018. The phishing scam HTML is stored on IPFS, and displayed via Cloudflare’s gateway. The connection shows as secure via a Cloudflare SSL certificate.

    The IPStorm botnet, first detected in June 2019, uses IPFS, so it can hide its command-and-control amongst the flow of legitimate data on the IPFS network. Security researchers had worked out previously the theoretical possibility of using IPFS as a botnet command-and-control system.

    Yes, I know, you can either make a system that is fully anonymous and where there can be no censorship, or you can have content policing, but not both… but you can have things tuned / crafted in such a way so as to make it unattractive to botnets and phish schemes….

    Leaving Zeronet as most interesting to me right now. But again, “we’ll see”.

  79. E.M.Smith says:

    Minor memory note:

    At first boot and i2p start, with console in Firefox auto launched on Rock64:

    Memory used is about 800 MB out of 2 GB.

    After 2.5 days with 20 to 40 tunnels most of the time:

    1.7 GB was used and 1.5 GB were on swap. Over 3 GB total.

    Inspecting processes, a lot were Java and more were Firefox. It is my opinion, once again, that the Rust version of FFox is a memory hog. It holds memory until processes are terminated, but seems to accumulate semi-zombie processes. They die when you exit FFox, but hang around long after useful actions are over.

    For a best use case server expected to be up for weeks, run the browser consol remotely via the ssh directions.

  80. E.M.Smith says:

    This morning we’re at 1.27 GB memory used, zero swap.

    OTOH, I’ve got 90 peers going for 52 tunnels ATM. So the little guy is putting in the work for it…

  81. E.M.Smith says:

    127 Tunnels
    334 Active peers
    2605 Total know peers

    It would seem my little box is getting better known :-)

    I did an exit / restart of just FireFox (leaving i2p router running) and memory used dropped by about 600 MB at the exit. Took about 300 to 400 at the restart I think… still below swap point. We’ll see if leaving FFox off or periodic reload of it reduces swap needs over days.

  82. E.M.Smith says:
    has the interesting entry:

    Discover Dark Web Hidden Service
    Find hidden services in dark web, we freshly baked i2p sites daily
    #	I2P Link	Title	Description	Last Updated
    1	http://22wwp4s4n4sre45cj72zrfcdqcelpga65yrt6jlgahehxtbg2vzq.b32.i2p	Pleroma

    You will likely need to scroll right to see that the title is Pleroma.

    So there’s at least one Pleroma site already inside the i2p network.

    I’ve been trying to find “how to install in i2p” guidance, but it seems to be scarce. Some useful bits include how to federate, but not clear if it is inside or outside:

    It says both pleroma and i2p so I think it’s about “federating” to the outside world, not just having a federation inside i2p network. Maybe.

    I’m going to bring up a test case i2p Pleroma instance and make two accounts on it, then see how well it does “inside i2p only” after which I’ll work on the “federating” aspect (both inside i2p and to outside instances).

    I think I’ll also try running the “lightweight” i2Pd version on a R.Pi3 as another test case.

    We’re going to use I2PD for its lightweightness over the official client. Follow the documentation according to your distro:

    How to run it:

    So there’s a bit of work en queue…

    BTW, while slow to load:

    Gives a nice overview of sizes. Pleroma has more instances per user, but Mastodon more users (reasonable as Pleroma is light weight easier to set up a personal server while Mastodon does more so attractive as a service site).

    Project	        Nodes	Users	  Website
    Mastodon	3,381	3,028,329
    Matrix(Synapse) 2,537	
    Pleroma	        1,007	78,504
    PeerTube	  804	120,565
    Friendica	  306	8,158
    Write Freely	  296	21,346
    diaspora*	  177	752,541

Comments are closed.