i2p Includes Bittorrent File Sharing w/o DNS ID

Well this is a pleasant surprise. I’d known that i2p let you do anonymous Bittorrent file sharing / downloading. What I’d not appreciated was how easy they make it to do anonymous UPLOADING.

For a while now I’ve wanted to make some Raspberry Pi images that could just be “downloaded and launched” without all that configuration and such work. Basically instead of a “cookbook”, the results of the cooking.


Running a Bittorrent Server requires some way to find you that involves either an IP address, a “Cloud Server instance”, or a “magnet link” that can then lead to the IP Address. I’m not so willing to “out myself”…


Built in to i2p is a Bittorrent server, i2pSnark, and using the i2p handles, it is anonymous. Yay!

The “downside” is that in order to download from it, you must also already be using i2p. So a “bootstrap” into i2p via downloading a pre-built image is not possible using i2p. There’s still a “first install i2p”. Which, conveniently, is trivial. It is already in the repository for Debian / Devuan, so it’s just an “apt-get install” and you have it.

What this means is that now I’m going to make a few pre-built R. Pi images, compress them, and put them up for Bittorrent download over i2p.

There’s also a small issue that at i2p install / first launch time, it makes a crypto-key. You can’t just clone an image and go as then several folks end up with the same identity… and routing is confused. So what I’ll need to do is just make a little script to do that step and include it.

Now what I need to do is lay out all the things to put in such a build.

From i2p itself, we get encrypted email, bittorrent file sharing, Web Server, Dark Net services in the .i2p domain, IRC chat client, and a bit more. What I’m thinking of adding is:

Miniirc chat server
Pleroma Social Media Server (‘tweets’ / facebook) federated server
Firefox pre-configured to proxy into the .i2p network
Tor Browser pre-configured for faster anonymous regular clearnet-internet browsing

Any suggestions of other stuff to have pre-installed?


The i2p install:

Here is what has to be done to setup the anonymous bittorrent client:

Download the I2P installer for Windows or Linux

Install the application. Just run the executable in Windows

Go to the start menu and open the I2P folder there. Click on Start I2P (restartable)

You have to configure a local proxy now. You do that the following way:
Firefox: Go to Tools > Options. Click on Advanced > Network and select the Settings button under Connection. check Manual Proxy Configuration and add localhost as the HTTP Proxy and the port 4444
Internet Explorer: Click on Tools > Internet Options. Select Connections from the Tab and click on the LAN settings button. Activate Use a proxy server and enter the same data. (Localhost and 4444)
Opera: Select Tools > Preferences and click on the Advanced tab. Choose network from the menu and click on the Proxy Servers buttons. Add localhost and the port 4444 to the HTTP and all other protocols that you want to use.

Opening the console for i2p and launching the bittorrent instance:

Visit http://localhost:7657/index.jsp to load the main interface. You do have many options such as chatting anonymously on IRC or starting the anonymous bittorrent client.

Click on I2PSnark in the header to load the bittorrent interface.

You may now add Torrents by either browsing your local computer or pasting a url with the torrent information.

The speed seems to be a little bit lower than usual which is caused by the anonymization. I think that the download rates are still acceptable if you consider that you download and share anonymously.

For my installation, all I did was click on “torrents” in the left hand menu / bar in the main console and it launched the Torrents window, ready to add a ‘torrent’ file. I’ve run a bittorrent before, so it will be a short learning curve to find out how this one is different. Hopefully I’ll have some test file up sometime later today (or maybe tomorrow…)

i2p Torrents panel

i2p Torrents panel

The only real downside to this is that a large uSD image of, say 380 MB is going to take a long time at 38 kB / second… we’re talking a few hours…

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits. Bookmark the permalink.

44 Responses to i2p Includes Bittorrent File Sharing w/o DNS ID

  1. E.M.Smith says:

    In theory, I’ve created a Bittorrent Tracker:
    and shared it out to “the usual” places like Postman and open tracker sites on i2p where again in theory one can go, get the tracker, and start a Bittorrent Download.

    This file contains the same image as above ( the i2psnark console) so is pretty light weight.

    I need to:

    1) Figure out how to do the ‘get tracker and download’ on i2p (as you don’t just share your IP address like in the Real World)…

    2) Test downloading it via bittorrent on another i2p instance.

    If anyone already can do those things and tell me if it is working, that would save about a day of me wandering in the woods and building another system…

    Adding the Tracker was trivial (and I’ll post more on that in a little while when back in the other browser…); or at least seemed trivial… we’ll know if it was when it is proven to actually have worked ;-)

    So now, in theory, on i2p, anonymously and privately, I can:

    Send encrypted email
    Upload and download files via torrents
    Do IRC Chats at existing chat sites.
    Run a web site without any infrastructure dependency on the ROW other than an internet connection of some sort.


    Start Miniirc server instance.
    Install, start, and federate a Pleroma instance
    Try downloading some Torrent (somewhere in i2p land)

    Anything else?

    Then just repackage / redo the whole thing, with detailed notes, on a R.Pi.M3, compress and upload the image, and publish the cookbook.

    Sound about right?

  2. Jerry says:

    Bit torrents do not require any of those things (DNS, fixed IP, etc), IF you use the Distributed Hash Table. (DHT) You can then publish (by any other means… email, note on bulliten board…) the 40 digit “hash”, and anyone can join the torrent using only that information, and no servers of any kind. (DHT does need at least ONE IP address of something somewhere that is doing DHT, there are many public IPs used for this purpose, and all DHT enabled bittorrent clients have at least one such hard coded as default)

  3. E.M.Smith says:

    Oh, and just as backpointers to the earlier two articles on i2P:



    So I can find it all without searching for i2p or looking through the list under “tech” category when, God only knows how long from now, I need to refer to it all making a summary article ;-)

    Oh, and ran into this bit for the Mac:

    • Install I2P
      • Download I2P
      • java -jar i2pinstall_*.jar
    • Install Java Service Wrapper
      • Download Community Version
      • tar xzf wrapper-*.tar.gz
      • cp wrapper*/bin/wrapper /Applications/i2p/i2psvc
      • cp wrapper*/lib/wrapper.jar /Applications/i2p/lib
      • cp wrapper*/lib/libwrapper.so /Applications/i2p/lib
    • Try to start I2P using /Applications/i2p/i2prouter start or Start I2P Router app
      • tail -f /tmp/wrapper.log and look for any problems
    • Configure FireFox browser
      • Install FoxyProxy
      • Set HTTP Proxy:, Port: 4444
      • Whitelist https?://*
      • Whitelist *.i2p/*
    • Install I2PMonitor
      • Download I2PMonitor
      • Install I2PControl Router Plugin
      • Wait until plugin is downloaded and installed. Be patient, it can take time, if your router is not yet good integrated into network.
      • Launch I2PMonitor app

    view raw
    I2P OS X.md
    hosted with ❤ by GitHub

  4. E.M.Smith says:


    It was my understanding that Bittorrent on the ClearNet shares your IP address with the folks doing the downloading to your machine, so a DMCA Agent can put up a nice fast server and offer up a feed, then note who downloads it and sue them. No?

    Yes, to the extent some segments are shared laterally between other folks, only those other folks know each others IPs, but even there, many will be getting some segments from the primary source. Since there is direct server to site connection, the Honey Pot server knows your IP and that you are downloading their offered illegal target.

    Then it’s just a reverse DNS lookup to know who to contact to knock on your door…

    On i2p, there is no DNS, and blocks are woven into the Garlic Routing bundle, so you can know a given IP is moving blocks, but you can’t know that they are moving any particular content inside the pipe (outproxy servers being an exception as they pass to the clearnet). So someone offering up an i2p router can find out random folks IP addresses around the planet, but not what they are doing with it at all.

    Essentially, my understanding of i2psnark is that it breaks the connection between an IP address and a downloading site, so reverse DNS lookups can’t tell you who is moving Bittorrent blocks. Just who is offering garlic routing for random mixed unknown traffic.

  5. Pinroot says:

    Well, I’ve tried looking for your torrent using Postman and opentracker. I can connect to each of these, but the ‘announce’ portion doesn’t work for either. I get an error message from Postman’s announce page (d14:failure reason22:Missing key: info_hashe) and the announce page for opentracker won’t load. I tried searching for “Torrentsi2p.png” at Postman, along with trying to list recent torrents, but nothing is showing up, so I can’t download it and let you know how it works.

    In other ‘bad’ news, I’ve got a pretty extensive ‘honey do’ list, so I don’t know how much time I’ll have for working on putting a system together like I wanted to do today. Maybe tomorrow…

  6. Taz says:

    I2P’s bittorrent works pretty well. Recognized instantly that this could serve as I2P’s sole purpose.

    I’m considering building a bunch of low power I2P relays for relatives telling them only “This is a safe bittorrent box”.

    Will still encourage them to BUY the media from non dickish producers…..but anyone else is fair game in the culture wars.

    Extra salt? When you steal something and post it from a known bad source – LABEL IT. So the perp understands the origins of their EPIC FAIL. Over time, such people will be hard pressed to raise money for new projects. They’ll be forced to find other employment.

    I2P is a dagger pointed toward the media. Use it.

  7. E.M.Smith says:


    Thanks for looking! At about 8 or 9? PM Pacific I discovered that I’d not “started” the torrent on my site. So I’d made it, and started i2psnark, but not explicitly started the torrent. OK… so I clicked and started it, THEN it showed up as active.

    I’m up to about 1.5 GB memory used and another 800 MB of swap. What is odd about this is last night I was at 1.7 GB used and about 1.5 GB swap. This is the first time I’ve seen it go DOWN on its own. My guess is that it is spawning a java thread for each tunnel action, and then they hang around for a goodly while just in case that peer returns (but being idle easily swap as needed with zero performance impact). Only after being up a couple of days do threads start to time out and evaporate.

    Whatever. I was hoping to discover what it did as big swap use built up. I’ve got 6 GB of swap on a 2 GB machine running a (supposedly) 300 MB router. So far in other testing Linux gets grumpy at about 1.2 GB swap used (regardless of memory size in the 512 MB to 4 GB range of available test boards). Unless I’m using 2 browsers at once on the Rock64 running i2prouter, it doesn’t seem to have any sloth at all (and in the case of 2 browsers, I’m actively switching between them so it likely DOES have to actively swap things back in).

    So while I’d figured I’d need to reboot today to “clear swap”, it looks fine. OK… I’ll leave it running another day or three and check again.

    No worries on the Honey Do-s. I have a few myself. Next up for me is the R.Pi M3 instance. I want to do a fresh ‘from the ground up’ install and configure on an 8 GB chip and then test it against the Rock64 myself. I ran into one site saying something like “connect to tracker2.postman.i2p” to pick up trackers, so I’ll do that and just randomly pick one if I can’t find “mine” ;-)

    Once I’ve demonstrated ‘end to end’ ability to make this go, then I’ll write it up for Noobs level use with pictures / examples.

    So given I’m doing that next, having confirmation that I’d forgotten to ‘start the torrent’ before last night would have been helpful but a modest embarrassment ;-) so just fine that you didn’t “Get ‘er done!” ;-)

  8. E.M.Smith says:


    You might have noticed my tendency to “Label” some quotes with “They were trying to prevent copy / past so I’ve quoted the whole thing” or the similar “They have annoying popups and such so I’ve quoted more than usual”.

    Same purpose. Hopefully sometimes they will follow the back link and read that it isn’t working for them and they are just losing traffic from a short quote & link that would have been there otherwise. “Fair Use” is a valid part of the law.

    FWIW, I’m thrilled with the performance of the Rock64 as an i2p router. Just purrs along, AND when I’m using a browser, it is quite fast enough to be comfortable. I’ve not tried doing anything like “watch a video” on the i2p overlay network and suspect the low speed would make that hard (but download and go ought to be fine…)

    Where you might have a problem for Noob level family and friends is that the Big Name Tracker sites like Pirate Bay are not on i2p, so you can’t use them (and there is no bittorrent exit node / out proxy by design). So their choice of places to go and things to get will be more limited. OTOH if they are wanting to “share among themselves” it would be a great solution.

    I’m committed to doing the R.Pi M3 (on a larger uSD chip this time as 4 GB was painfully too small…) as a ‘do over’ and will report on performance and such when I’ve got it done. Would you be interested in a report on the $17 Pine64 as well? Specs are about the same as the Pi M3 but with some better boot loader choices and I think faster I/O on the board. (Though a Chinese Allwinner SOC) Basically, how cheap a board are you looking for? Or is the R.Pi with nice case choices and lots of hand-holdy web pages a “better” match?

  9. E.M.Smith says:

    This is interesting guidance. My only “complaint” is that it expects the /var system wide install instead of the ~you/home/.i2p/… location so goes though some “change permissions as root” stuff at the end that’s not needed for the individual version.


    Step 2. Get a magnet link from a tracker. The biggest tracker for i2p torrents is Postman’s Tracker, so I would start searching for what you want there. Important: you cannot download normal clearnet torrents using i2psnark. You can only download torrents that were set up on i2p from the start. This means there won’t be as many torrents to choose from on i2p trackers, because not as many people use them. However, don’t let that turn you away, because the way to fix this problem is to get more people to use them. Anyways, once you’ve found the torrent you want to download from Postman’s Tracker (or whichever tracker you’re using), copy the magnet link.

    Step 3. Start downloading it in i2psnark. Go to your i2p router console’s home page, then scroll down until you see the link to “Torrents” under “Applications and Configuration”. Click it, and it will take you to i2psnark. Paste the magnet link in the box that says Add Torrent… From URL, and click the Add Torrent button right next to it. If everything went right, it should appear in the list of torrents. Give it a few minutes to connect to peers, and it should start downloading.

    Which is what I’m going to try next ;-)

  10. E.M.Smith says:

    Well, that worked. I’ve successfully downloaded a bittorrent of some Resident Alien season 1 episode 5 Love Language mumble…

    I’m still not showing me as ‘seeding’ anything to anyone, which could just be that there are 20 other seeders and not that many downloaders and I’m just not a favored source. Though the “peers” in the seeding line went from 20 to 21 so maybe I’m “the one” ;-)

    I went to : tracker2.postman.i2p/index.php?view=Main&reset=1&start=0&limit=20

    Where it presented a long list of choices and several hundred more pages, so that’s working. Copy magic link, paste into i2psnark console and away it went. I got over 100 kB/sec at some points…

    Also captured screen shots so a posting about it “soonish-maybe”…

  11. cdquarles says:

    I have loaded I2P onto my system. I have not yet started playing with it. I got the TOR browser some time ago.

  12. E.M.Smith says:


    Welcome to The Dark Side ;-)

    If you need anything just holler. I’ll answer what I can (at least until you rush past me as I’m all of maybe a week ahead ;-)

  13. Taz says:


    Anyone know of a truly bulletproof browser for localhost? One designed from the ground up for this purpose? None of the browser companies can be trusted.

  14. Taz says:

    @E.M. Smith

    “Where you might have a problem for Noob level family and friends is that the Big Name Tracker sites like Pirate Bay are not on i2p, so you can’t use them (and there is no bittorrent exit node / out proxy by design). So their choice of places to go and things to get will be more limited. OTOH if they are wanting to “share among themselves” it would be a great solution.”

    The selection will grow rapidly on I2P. I suspect nearly all current I2P users are utilizing it only for bit torrent. It’s kinds ideal for that duty – just set and forget.

    The more problematic issue is how to compensate worthy media creators. This could be problematic if users aren’t honest. Might also involve some of that cryptocurrency carp I’ve been trying to avoid.

    But we all must adapt….so I guess I’ll be slinging crypto too someday. Have had more than enough trouble just “tipping” for good open source efforts. Have really come to hate bankers and moneymen. They contribute NOTHING.

    I went with the D2550 Atom. It’s been rock solid for I2P. Find the browser to be a bit slow, but haven’t tried an I5 yet. Even if I decide not to use I2P – will keep that Atom relay running. Until recently, had a Tor relay operating for ~20 yrs.

    Have become more suspicious of the Tor organization AND Mozilla. They may not be trustworthy. Another reason to like I2P. I wish ZeroNet would start using this network.

  15. E.M.Smith says:

    Just as a comparative data point, I’m getting 350 kB/sec direct download speed on a R.PiM3 from the Raspbian direct download site (that ought not be speed limited at the moment).

    So about a 1/3 rate in exchange for full encryption and anonymity? I’ll take it.


    Ah! Your idea of “low power” and my idea of “low power” are a ways apart ;-)

    The Atom is not a $17 board and way more than enough “juice” ;-)

    Per Browsers:

    I’m not sure it’s the Browsers that are generating all the traffic to places like Amazon and Gargoil so much as the web pages… But in any case, DNS Buggery is your friend and a PiHole is dandy.

    Since China bought Opera (and it’s compression feature has ALL your traffic run through their servers where it can be “inspected”) it is now forbidden.

    FIreFox is a pain, but several of the clones based off their source code are likely OK.

    I think SeaMonkey was approved by the Open Software Foundation folks?
    https: //en.wikipedia.org/wiki/SeaMonkey
    though it is a full suite of stuff. Brave has staked out the privacy space:


    The Brave browser was created with the goal of blocking all but user-approved advertisements and website trackers. Brendan Eich, the creator of JavaScript and a co-founder of the Mozilla Foundation, leads the Brave project as the CEO and a co-founder.

    Pros of Brave:

    No ads or web trackers
    Chromium extension support
    Bugs are tracked in Brave QA central
    Cons of Brave:

    The opt-in micro-payment system to support content creators has an unclear pathway to get your payments to your intended recipient

    It also has a payment system you might be able to use to get payments to folks for their (clandestine) stuff…

    If Brave were available on ARM / Linux, I’d be running it. But I’ve not found it on Debian ARM yet. Maybe I’ve just not looked hard enough as I have it on my ARM Tablet…

    It is my (not well founded enough…) opinion that Brave and then Chromium in that order are the most likely to be “clean”, but with SeaMonkey as historically a clean browser (though now?)

    The Tor Browser has the miles and scrutiny to be “known secure”, but I’ve not used it other than in a few tests (and it has some quirks due to ‘things turned off or removed’…). IF you don’t mind a little Technical Hair, it ought to be secure.


    Has a “short list” of 5:

    Short on time right now to read all about the top privacy-focused web browsers for 2021? No problem. The following list of the 5 best ones (the page features 11 in total) is for you:

    Tor Browser – A highly user-friendly web browser that anonymizes your internet traffic using the Tor network, which makes protecting your identity online a breeze
    Mozilla Firefox – Blocks a broad range of online trackers automatically
    Waterfox – A Firefox fork with added distinct advantages over Mozilla’s browser
    Pale Moon Browser – A very security-conscious web browser as it does not carry any suspicious privacy-invading addons
    Brave Browser – Not only a secure browser that respects users’ privacy but it also loads pages faster than mainstream browsers such as Chrome

    That has overlap with my list. FWIW I sometimes run PaleMoon on my Tablet and it works well.

    I’d not heard of “WaterFox” before. Looks like some folks disgruntled at FireFox forked ’em:

    Users might want to consider Waterfox since Mozilla has a telemetry agreement with Quantum to collect user data. Firefox also used to amass user browsing activity through Cliqz.

    Despite being a fork of Firefox, Waterfox happens to be more secure than Firefox offering users more privacy options.

    Advantages of Waterfox
    Open Source
    Does not gather user information and browsing history
    Has older Firefox add-ons
    Safe and secure

    Personally, I’d not put FireFox in the top 5…

    They do mention SeaMonkey at their #6:

    6. SeaMonkey
    SeaMonkey web browser is a fast, stable, and more responsive web browser than Mozilla Firefox.
    Advantages of SeaMonkey
    Has almost all the Firefox security features
    Most SeaMonkey extensions and add-ons are compatible with Mozilla Firefox
    Easy to install and has easy to access features
    Safeguards users against online threats such as phishing websites, viruses, malware, spyware, and rootkits
    Updates are available regularly and can be downloaded from the SeaMonkey website
    Its open-source code gives users control over the browser’s functions and tools

    Their only complaint about it seems to be that it is downstream of FireFox so FFox gets security updates first. OK, I’ll take that over built in tracking and spying…

    Oh Yeah, IceCat was the OSF browser… (I’m running it on the Tablet too…)

    7. IceCat
    Joining the long list of top web browsers for privacy, GNU IceCat is yet another fork of Mozilla Firefox. The browser offers superior privacy-protection features to its users.
    Advantages of IceCat
    Includes extra privacy-protection features such as third party cookies blocking
    Warns for URL redirection
    Detects and blocks nontrivial and nonfee JavaScript

    It can be a pain on the JavaScript thing, but it IS safer…

    8. Chromium
    According to market shareholders, the Chromium web browser can be considered as the safer version of Google Chrome. That’s due to its security and privacy policy.
    With Chromium, you get rid of all the tracking features that Google Chrome boasts.

    But, bear in mind, at the same time, it doesn’t have some of the features. For example, you cannot access streaming sites such as Hulu or Netflix or watching MP4 videos.

    As the parent company of Google Chrome, Chromium supplies the majority of Google Chrome’s source code.

    I thought I had watched MP4 videos in Chromium… maybe newer does?

    They have some more listed. I note in passing that last on their list is Micro$oft Edge. Praised for their tendency to prevent you going to sites they don’t like… (Gag…) and endorsing Google “safe browsing”… No way I’m letting MS and Gargoyle decide what I can see…

    So there you have it. I’m happy with Chromium and the occasional highly configured to shut off their crap settings FireFox, but mostly because of my IP filtering and add blocking infrastructure. (And being a bit too lazy to dig around find / port Brave to the ARM SBC world…)

    Tor and IceCat are both safer but with “technical hair” that makes some things not work quite right or require thoughtful configuring. PaleMoon is nice but again, the Arm thing (and I’ve not bothered looking in the last 1/2 decade, so there’s that…)

  16. E.M.Smith says:

    Just running Chromium with 2 pages open (one a download status on Raspbian download) under Devuan ASCII (latest finished product – Buster WIP) it is notably slower than the Rock64.

    I think this is due to the mediocre memory / IO channels more than the CPU speed ( 1.2 GHz vs 1.4) OTOH, Raspberry Pi OSs often come with the clock slowed from spec so the CPU doesn’t over heat and you must manually set it higher for heat sink equipped boards… then all I/O to a uSD card doesn’t help.

    It is “barely acceptable”, but that’s good enough. Just don’t open a dozen pages or try to run two browsers at once…

    When this download completes, I’m going to make an 8 GB uSD card Raspbian and set it up to run i2p, then measure / assess suitability and performance. Raspbian is 32 bit armhf so might relieve a bit of the memory pressure of “only” 1 GB. Only one more hour to go on the 2.8 GB “kitchen Sink” version download |-}

  17. E.M.Smith says:

    MUCH better… Testing CPU freq it was never going over 600 MHz. No wonder it was slow. (Pi M3 running Devuan ASCII).

    in /boot/config.tex added line:

    # Added by EMS.  Trying to get clock above 600 MHz

    and changed CPU governor from powersave to ondemand and rebooted.

    root@devuan:/sys/devices/system/cpu/cpu0/cpufreq# cat scaling_governor 

    You can check actual speed with:

    cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq

    And now it is much better. Closer to the Rock64.

    I really don’t understand why so many OS versions for the Pi hobble it with slow settings. IF it gets too hot it will heat limit anyway.

    ANYONE using a R.Pi needs to check what silly slow settings they have.

  18. E.M.Smith says:

    Looks like it’s going to be a 16 GB or maybe even a 32 GB uSD card for the “Kitchen Sink” Raspbian. Despite being 32 bit words (so 1/2 the size per op code of program) it inflated to over 8 GB image:

    -rw-r--r-- 1 ems  ems  8602517504 Jan 11 13:32 2021-01-11-raspios-buster-armhf-full.img
    -rw-r--r-- 1 ems  ems  3002523031 Feb 28 01:11 2021-01-11-raspios-buster-armhf-full.zip
  19. Taz says:

    Interesting rehash of the Millchan image board. Leaves out the thumbnail generation and just focuses on accurately transferring/mirroring files. Sometimes, simple is best.

    What it needs now is some means of indexing the content post synchronization.

    https://gitgud.io/millchan/Millchan (ZeroNet Url)

  20. E.M.Smith says:


    That onionshare looks very interesting. Unfortunately for me (but good for you…) most “new” things are x86 / AMD64 only and not ARM. So I’ll likely get to wait… I do have an old pre ME box with Devuan on it that I can fire up … maybe I’ll try it there ;-)

    Yes, you still need “sanitation measures” even in i2p to avoid “outing” yourself. For example, on my instance, I’ve already “outed” myself simply by making a copy of my public blog (and all the information in it). IF someone wanted to try really really hard, they might even be able to eventually work out the common IP address in connection chains and work back from that (or just do some public searches on my handles…).

    Like my “burner phone” that I got to explore the limitations and “how to catch them”; inside the first 2 days I knew exactly how to defeat it. Contact Trace. Unless EVERYONE is using a burner phone, they just look for “who else calls these same folks” and you get the public phone the person also uses, that leads to the person… So just looking at my call history shows who I am. (Not to mention family and friends text messages with my name in them…)

    It is my opinion that EVERYONE who has any belief they might ever need to “go dark” ought to practice practice practice the methods and techniques NOW. It takes a good several months to get it all working OK and even then there are risks. I’m now “pretty sure” I can get and use a burner phone without being fingered and tracked, but that’s only after several months of doing it wrong. Similar issues with Tor and i2p. Basic use for a little while is likely OK, but if, for example, you want to run a Drug Emporium like Silk Road and stay up for years, well, they got nabbed. Took a bunch of agents, gear and time, but eventually. FWIW that also points at a defeat of their strategy: Don’t do the same thing for a very very long time. Rotate your shields regularly ;-) (Which lead to my pattern of moving between hardware and OS releases every so often…)

    Sidebar on i2p Service vs Instance:

    Damn! It did it AGAIN. The new install on the R.Pi M3 (where I’m typing this) came up in /var/xxx as a Service instance. I immediately looked in ~pi/.i2p/xxx and found the help screen and put:

    Guide to Anonymous Webserving on I2P in ~/.i2p

    in it while I put

    Guide to Anonymous Webserving on I2P in /var

    in the /var/… version of eepsites/doc…/help

    Yesterday it showed “… in /var” (after a clear cache) even after a service stop / start (though I’m not certain I did a clear cache after the stop/start). Today I boot up cold, log in as user pi (the automagical default) and do a “i2prouter start” just like yesterday, and BINGO! after a ‘clear cash’ I get:

    Guide to Anonymous Webserving on I2P in ~/.i2p

    So at first install, it defaults you into /var (where I did my first site copy bring up and all on the Rock64) and then later, perhaps after a shutdown / restart, it defaults to the home dir of the launching user.

    This is going to need a more precise characterization (i.e. be certain I’ve cleared cache after first install then just close / restart router and check again – and maybe clear cache and check again…)

    But it’s just a potential confusion point for any Noob (like I was a week or so back) who wonders why their b32 address changed… and their web page customization evaporated.

    For a “just plug in the chip and go” I may swap to the C version that’s a service only. Smaller and faster anyway for a Pi, and likely I can configure it to not swap identities on first reboot…

    Sidebar on Rock64:

    Overnight, again, both main memory and swap used have oh so slowly drifted back down to about 1.3 GB each or less. It does look like the big memory use (and swap use) bursts come when I launch a browser (or two…) and do stuff. Otherwise it has a drift with number of tunnels in use (i’ve seen up to 100 ! ) and as old tunnels expire, eventually the memory used expires… ages out. It has not shown ANY tendency to sloth from what looks like excess memory / swap used, so I’m fairly certain it is stale Java tunnel related stuff being swapped.

    FWIW max Peers known seems to be at first light in California with a lot of European flags on the peers in tunnels, so I think this is used more in Europe / Russia than in the USA. That IMHO is likely to change shortly… Often 1400 to 1600. Dropping to 300-500 at California midnight.

    Sidebar on R.Pi M3:

    As expected, the armhf 32 bit OS of Raspbian has lower memory demand. I’m at 562M used with Chromium open, 7 active tabs, and the router running (16 tunnels, 852 known peers) which is about 2/3 of what the Rock64 memory used. I managed to run it up to 240 M on swap by launching FireFox at the same time, so about 1.24 GB total, which is again about 2/3 or maybe closer to 1/2 of what happens on the Rock64 with aarch64 / arm64 based OS and 64 bit words. Clearly running the 32 bit OS even on the Pi 64 bit chip, saves on memory hits.

    When it starts to swap, the Pi is just not happy. LOooong pauses in web pages as it plays with the slow I/O structure it has and every I and O going to the uSD chip, so things conflict. Often says “waiting for cache” in the lower left, so clearly uSD sloth (The Rock64 is also ‘all chip all the time’ but seems to handle it better). With BOTH browsers open and active tunnels, the swaps start to hit and things go to uncomfortable land. Exit one browser, all is fine again.

    Conclusion: A R.Pi with 1 GB memory is good enough IF you let it be an i2p routers with ONE browser to look at the console and such, but avoid running over 1 GB of ACTIVE memory use. (We’ll see after this runs a day or two if it has a lot of ‘inactive off on swap nobody cares’ blocks or not…)

    I’m going to try a kind of ‘do over’ with the non-Java version at some point and see if I can make it a less Noob Annoying experience and maybe without the slow memory / swap fill issue (even though in long use it does not seem to be an issue even with 1.6 GB of swap on the Rock64 as I think it is just ‘expired’ tunnel stuff)

  21. E.M.Smith says:


    Exited Chromium so only OS, one terminal window, htop and the i2prouter running, and memory in use dropped to 198 MB (!) on the Pi M3 running Raspbian.

    Clearly it’s the browsers that are hogging memory and stuffing up swap… at least in early use of an instance. Relaunched the browser to post this comment and use rises to 437 MB, so that also means a LOT of stuff was being cached for tabs that are not presently active and got flushed when I exited the browser just a moment ago.

    I think there’s an opportunity here to find that browser Taz was looking for… something light weight just for the local console. Some experimentation may be in order. Need one where you can set the proxy values if you intend to browse the i2p world also (so Chromium doesn’t seem to like that as it won’t let me set proxy…) but for “only the console” it works OK without proxy settings (and you can still open clearnet pages fast though not anonymously).

  22. E.M.Smith says:

    Looks like i2pd (the C++ version) is there in the repository:

    root@raspberrypi:/# apt-get install i2pd
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    The following additional packages will be installed:
      libboost-program-options1.67.0 libminiupnpc17
    Suggested packages:
    The following NEW packages will be installed:
      i2pd libboost-program-options1.67.0 libminiupnpc17
    0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    Need to get 1,328 kB of archives.
    After this operation, 6,193 kB of additional disk space will be used.
    Do you want to continue? [Y/n]

    OK, I guess I need to do a bit of investigation of i2pd before I install it just to see if it conflicts with i2p / i2prouter operation (i.e. do they use the same directories and such…)

    But “good to go” on the Raspberry Pi for installation (once I’m ready…)

  23. E.M.Smith says:

    It looks like the i2pd folks have kept there stuff separate via using i2pd in path names instead of i2p so:

    General options
    Option	Description
    conf	Config file (default: ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf). This parameter will be silently ignored if the specified config file does not exist.
    tunconf	Tunnels config file (default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf)

    Looks to me like you can run them both at the same time if you wanted to…

    BUT you might need to go into the config file and swap some ports around, otherwise you might conflict over things like the proxy port:

    httpproxy.port	The port to listen on (HTTP Proxy) 4444 by default

    So, ok, you CAN change things.

    For example:


    # comment
    log = true # use stdout (default)
    ipv6 = true
    # settings for specific module
    port = 4444
    # ^^ this will be --httproxy.port= in cmdline
    # another comment
    enabled = true

    So not going to launch them both at the same time right now… but only after sorting ports, maybe. For now it looks like “safe to install both” at the same time, just run separately until ports sorted. I hope ;-)

    (Hey, it’s a new install on a R.Pi. Worst case is I start over a day ago…)

  24. E.M.Smith says:

    Well, I did the install of i2pd and i2prouter just kept on working. Active tunnels in the monitor didn’t hickup at all. So the install is a non-conflict action.

    root@raspberrypi:/# tail /etc/passwd

    Two different user-ids and 2 different paths.

    I’m going to let the running i2prouter go for “a while” and let it develop more before I try a test of i2pd. Then I’ll shut down i2prouter (java based) and launch i2pd (C++) and compare. Likely some time tomorrow… I want to watch memory use develop on i2prouter on the Pi first.

    So far, as an i2p router, the Pi M3 is acting just fine. Memory used is quite low (500 MB with Chromium open at the moment, but 300 MB of that is Chromium…) only going too high with 2 browsers open at once. The Pi is somewhat challenged if trying to use a lot of cache on a page open (like a long W.O.O.D. page with a lot of images and videos in comments) where it gives a lot of “waiting for cache” notifications (with CPU use low and D disk wait on processes in htop); and it is really challenged if you have two browsers with swapping and shift between them hitting different pages. Lots of active read / write of both swap and cache all hitting the uSD card via a not-so-hot I/O subsystem. So don’t do that ;-)

    I’d be happy to set one up as an i2p router / gateway with remote ssh based browser / monitor and let it run for a loooonng while.

    Oh, and FWIW, I’m now running both the R.Pi M3 and the Rock64 as i2p routers behind the same NATed firewall, so far no apparent conflicts. So the i2p firewall / NAT transition seems to handle multiple instances just fine. Kind of a surprise, really.

    For a couple of years (looking at other solutions) I was looking at Router Config and the need to futz with “opening ports” and building a DMZ and all that as a big barrier to entry for a Noob or even a technical person with limited router configuration skill (OR locked out by their Telco…) but these folks look to have fixed all that. What A Relief! Lets any Joe or Jane Sixpack set up and run one of these.

    Next stop?

    Um, not sure… I need to let these two both “just run” for a couple of days and observe resources used and any conflicting behaviours, but so far, nothing.

    During that time I don’t want to be screwing around with too much or it pollutes the testing. So I think I’m just going to retreat to my Tablet and / or do some yard work… Both my screens are tied up and both my work spaces for “a while”… and with active tunnels running, I don’t want to shut the services down right now.

    So I think I’m going to take a break and just browse stuff for a while ;-)

  25. E.M.Smith says:

    After a break and dog walking…

    FYI my “seeding” of the season ‘whatever’ of the random episode of ‘something’ (clearly no clue what that TV show is…) has had some bytes served. 20.9 MB, so only 10 x that to reach parity with the download and 20 x that to be “appropriately 2 x multiplying my load to download” to become a Stellar Bittorrent Netizen… I think it’s going to take a while and most likely most of the interested folks had already grabbed it.

    I chose it as it was the smallest thing on the first page of magnet links… Maybe-someday I might actually look at it ;-)

    Key point: I have had both download and upload of Torrents, so that’s all working fine.

    Not yet proven is that MY upload has had zero bytes moved, so I think I’m not yet clear on how to get a “tracker” to see my offering (or nobody cares to download it which is also highly likely as it is a junk image of the screen they already have…). So on the Torrent front, that’s all I have left to do. Find the magnet link on a tracker site (OR get it there…) and test the serving / download from the R.Pi client. Maybe in a few days… since I’ve already shown the service is fine both ways and I’ve not got a lot to share for real yet; therefore it’s low priority…

    I also went ahead and installed i2pd (C++ version) on the Rock64 (now that I know you can do that and not disrupt running services):

    root@rock64:/# apt-get install i2pd
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    The following additional packages will be installed:
    libboost-date-time1.67.0 libboost-filesystem1.67.0
    libboost-program-options1.67.0 libminiupnpc17
    Suggested packages:
    The following NEW packages will be installed:
    i2pd libboost-date-time1.67.0 libboost-filesystem1.67.0
    libboost-program-options1.67.0 libminiupnpc17
    0 upgraded, 5 newly installed, 0 to remove and 2 not upgraded.
    Need to get 1916 kB of archives.
    After this operation, 11.0 MB of additional disk space will be used.
    Do you want to continue? [Y/n] y
    Get:1 http://httpredir.debian.org/debian buster/main arm64 libboost-date-time1.67.0 arm64 1.67.0-13+deb10u1 [238 kB]
    Get:2 http://httpredir.debian.org/debian buster/main arm64 libboost-filesystem1.67.0 arm64 1.67.0-13+deb10u1 [257 kB]
    Get:3 http://httpredir.debian.org/debian buster/main arm64 libboost-program-options1.67.0 arm64 1.67.0-13+deb10u1 [346 kB]
    Get:4 http://httpredir.debian.org/debian buster/main arm64 libminiupnpc17 arm64 2.1-1+b1 [32.9 kB]
    Get:5 http://httpredir.debian.org/debian buster/main arm64 i2pd arm64 2.23.0-1 [1043 kB]
    Fetched 1916 kB in 3s (738 kB/s)
    Selecting previously unselected package libboost-date-time1.67.0:arm64.
    (Reading database … 109869 files and directories currently installed.)
    Preparing to unpack …/libboost-date-time1.67.0_1.67.0-13+deb10u1_arm64.deb …
    Unpacking libboost-date-time1.67.0:arm64 (1.67.0-13+deb10u1) …
    Selecting previously unselected package libboost-filesystem1.67.0:arm64.
    Preparing to unpack …/libboost-filesystem1.67.0_1.67.0-13+deb10u1_arm64.deb …
    Unpacking libboost-filesystem1.67.0:arm64 (1.67.0-13+deb10u1) …
    Selecting previously unselected package libboost-program-options1.67.0:arm64.
    Preparing to unpack …/libboost-program-options1.67.0_1.67.0-13+deb10u1_arm64.deb …
    Unpacking libboost-program-options1.67.0:arm64 (1.67.0-13+deb10u1) …
    Selecting previously unselected package libminiupnpc17:arm64.
    Preparing to unpack …/libminiupnpc17_2.1-1+b1_arm64.deb …
    Unpacking libminiupnpc17:arm64 (2.1-1+b1) …
    Selecting previously unselected package i2pd.
    Preparing to unpack …/i2pd_2.23.0-1_arm64.deb …
    Unpacking i2pd (2.23.0-1) …
    Setting up libboost-program-options1.67.0:arm64 (1.67.0-13+deb10u1) …
    Setting up libboost-date-time1.67.0:arm64 (1.67.0-13+deb10u1) …
    Setting up libminiupnpc17:arm64 (2.1-1+b1) …
    Setting up libboost-filesystem1.67.0:arm64 (1.67.0-13+deb10u1) …
    Setting up i2pd (2.23.0-1) …
    adduser: Warning: The home directory `/var/lib/i2pd’ does not belong to the user you are currently creating.
    [i2pd.conf:1] Line references path below legacy directory /var/run/, updating /var/run/i2pd ��� /run/i2pd; please update the tmpfiles.d/ drop-in file accordingly.

    Created symlink /etc/systemd/system/multi-user.target.wants/i2pd.service -> /lib/systemd/system/i2pd.service.
    Processing triggers for systemd (241-7~deb10u6) …
    Processing triggers for man-db (2.8.5-2) …
    Processing triggers for libc-bin (2.28-10) …

    I’ve seen the home dir warning both times but it ends up with the right ownership in the end. Not sure about the other warning about tmpfiles.d/ drop-in file. But at some point I’ll look for ‘tmpfiles.d’ and figure it out.

    Then there’s the SystemD stuff because I’m running Armbian on this SBC. Hey, it works reasonably well and It’s not like my personal use is on the Rock64 (that’s headed for headless server eventually anyway ;-)

    Though as soon as a Buster based Devuan exists for it, over it goes ;-)

    58 active tunnels. 1112 Active peers. 1426 known peers (and total peers is bigger than the ones a given box knows). 31 Participating tunnels, so me moving stuff for other folks. 2 i2psnark client and 6 ip2 webserver client for folks connected to my webservice or torrents (or me offering them)

    Nice. And CPU load low. at a few %. Just moving encrypted blocks is low load. CPU at 58 C with so-so heat sink. Lots of headroom to 80C.

    FWIW, during the Torrent download, CPU was occasionally 90%-ish often bouncing between 30%-80%. That’s due to the high volume of encryption / decryption of a download and tunnels. So:

    IFF you intend to do a LOT of Torrents, a R. Pi M3 is likely a bit light and will be pegged at 100% often (though not always) during an active sharing. The Rock64 is “enough for one torrent” with some left over. Scale accordingly… (so if you expect to download 4 movies at once you will need about 4 x Rock64 CPU performance available – though at 100 kB/sec during my download IIRC I was at about 1/3 of allowed network bandwidth so really only 3-worth could be used before it would network limit given my settings and wire speed…)

    So far, given my use profile, a Rock64 is “just about right”. I may move all this to the RockPro64 IFF I end up with a load problem “someday”. But that looks unlikely ATM.

    Color me happy ;-) Most of the services I really care about, all working fine. Just tuning and polish to go, really.

    I’m also pretty sure at this point that a Raspberry Pi M3 is “enough” for the same stuff if running Raspbian (maybe-someday I’ll try it on a 64 bit OS and check memory usage) as long as you only run one browser at once. It needs a few days of running to get well known enough to have enough load to see performance in heavier use. I’m also in the spot where running 2 of them will start to have network sharing volume issues. The NAT router sorts their traffic fine, but I still have “only so much” upload speed… So I can do all the config / set up proof and testing, but actual load / volume might start to have ‘wire limitations’ artifacts.

    Once I have a slick end to end Pi install worked out (and likely on i2pd) then I’ll take the hit of shutting down the Rock64 for a couple of days and let everything hit the Pi…

    OK, latest status update done, back to work ;-)

  26. E.M.Smith says:

    Looks like “some assembly required” for i2pd on R.Pi…

    pi@raspberrypi:~ $ i2pd
    14:50:51@181/info - Log: min messages level set to info
    14:50:51@181/info - i2pd v2.23.0 starting
    14:50:51@181/info - Daemon: bandwidth set to 'low'
    14:50:51@181/info - Daemon: using system limit in 1024 max open files
    14:50:51@181/info - Daemon: starting NetDB
    14:50:51@181/warn - Family: Can't load family certificates from /home/pi/.i2pd/certificates/family
    14:50:51@181/info - NetDb: 0 routers loaded (0 floodfils)
    14:50:51@181/warn - Reseed: Can't load reseed certificates from /home/pi/.i2pd/certificates/reseed
    14:50:51@181/error - RouterInfo: Can't open file 
    14:50:51@181/info - Reseed: Downloading SU3 from https://download.xxlspeed.com/i2pseeds.su3
    14:53:03@181/error - Reseed: Couldn't connect to download.xxlspeed.com: Connection timed out
    14:53:03@181/warn - Reseed: SU3 download failed
    14:53:03@181/info - Reseed: Downloading SU3 from https://reseed.onion.im/i2pseeds.su3
    14:53:03@181/info - NetDb: RouterInfo added: J8jptQ4-S68R3MiH8cQn3ZUsYjuWuFIiiwcoHc0QAeY=
    14:53:03@181/info - NetDb: RouterInfo added: uoSUgRX2xWbxHhKzSvdVv42nAPWWQy8EBk0mAGgfwqo=
    14:53:03@181/info - NetDb: RouterInfo added: 5cQEqFu2mdbfjf4vagrrHb6zamK30TAIZqq7fdJZ72w=
    14:53:03@181/info - NetDb: RouterInfo added: MaH4sT~61wqEepGSkpDS8E8dK-hBkuaF3rYt8bPwO5M=
    14:53:03@181/info - NetDb: RouterInfo added: -Kn3CMLHyU3hrL3rfEI6Kub3AS71J~Q8vnkSP3H~FLk=
    14:53:03@181/info - NetDb: RouterInfo added: xZoR0UwQrO2Bok6AGfbB4o3r7pRYtVta8piORCV-nYc=
    14:53:03@181/info - NetDb: RouterInfo added: LDoMT0HE0m0zNz~UJQUB3jPvOPyqcLl6rNO1bSIofVw=
    14:53:03@181/info - Daemon: starting Transports
    terminate called after throwing an instance of 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector >'
    14:53:03@181/info - NTCP: Start listening TCP port 14457
    14:53:03@181/info - Transports: Start listening UDP port 14457
    14:53:03@181/info - Daemon: Transports started
    14:53:03@181/info - Daemon: starting HTTP Server at
    14:53:03@801/warn - SSU: Can't connect to unreachable router and no ipv4 non-expired introducers presented
      what():  bind: Address already in use

    So there’s that…

    I’d shut down the Pi and moved it to the office so as to free up the TV… (no active participating tunnels so only exploratory or client tunnels meant no interruption of any other party carry traffic, so I took the opportunity…)

    But it looks like I need to get into that whole “ports issue”…

    Which means that at least for now I’m dropping back to the i2prouter Java version. This can wait and I still want to know what the Pi Java version does over a longer period of time.

  27. E.M.Smith says:

    Once again hating SytemD systems… DNS not set in /etc/resolv.conf but off somewhere else so my Telco intercepted an i2p address as I was testing how the F*** to STOP FireFox from sending all sorts of things to DuckDuckGo from the address bar… (I thought I’d shut that off but it looks like not quite… yet another “non-feature”. I do NOT want “auto search” firing off telling some random what I’m interested in…)

    So AT&T intercepted the DNS lookup fail instead and gave me a crap answer… from some URL like attdnserrorhelp or “we are watching all your DNS traffic . com”…


    So, OK, back at the Pi:

    root@raspberrypi:/etc# cat /etc/resolv.conf
    # Generated by resolvconf
    domain attlocal.net

    WHY DHCP didn’t get MY name server when I’m pretty sure it is set up to serve MY name server is a question for another day… but you can see this is made by a command named “resolvconf”, so one layer of abstraction. Where does resolveconf look? Somewhere else…

    IT looks in /etc/resolvconf.conf

    Now you might think that DHCP doesn’t need a configuration file as it is DHCP and is supposed to just look at the reply from a DHCP request unless ordered otherwise…. but that would be so predictable and old school…

    root@raspberrypi:/etc# cat resolvconf.conf
    # Configuration for resolvconf(8)
    # See resolvconf.conf(5) for details
    # If you run a local name server, you should uncomment the below line and
    # configure your subscribers configuration files below.
    # Mirror the Debian package defaults for the below resolvers
    # so that resolvconf integrates seemlessly.

    You can see where I added MY DNS servers.

    So you edit SOME OTHER FILE, then run the command

    resolvconf -I

    and then IT edits the target file for you… what crap.

    Instead of “edit file and be done” we’ve got 3 levels of indirection going on.

    But at least now it’s looking at MY Dns servers and AT&T can go stuff themselves with their DNS snooping “help”.

    Now, back to turning off that other snooping ‘send 1/2 your URLs even when properly formed to your search engine” address box… I’ve done it before… it ought not be this hard.

  28. Pinroot says:

    Re: Browsers – I don’t know if this is a ‘clean’ browser, and it’s only available for Windows but there’s this:
    I’ve used it in the past and liked it, although I sort of remember some sites not working properly or something. I’ll have to try it out again. It’s lightweight and fairly configurable (you can set a different proxy which is useful with i2p sites). I have a bad habit of opening many tabs, and with some browsers, that can be a big problem (mostly with Firefox and Vivaldi, which is worse than FF, at least on the Mac). I recall Kmeleon being much better at memory management, so again, I’ll have to look into it.

    I read something recently about Google and Chromium, so Chromium based browsers (Edge, Brave, Opera, and Vivaldi) may have some issues in their future:

  29. E.M.Smith says:

    IIRC, Google were locking you out of their other offerings. I don’t remember what all they were, but like their clouds or gmail or such. ALL stuff I don’t use so I don’t care. I don’t use google stuff…

  30. E.M.Smith says:

    Well, after a nice long run, the Raspberry Pi memory use with browsers closed is all of 350 MB of memory (with 150 MB on swap that rolled there when I was using 2 browsers at once, so something not very needed…). Opening Chromium (11 tabs not all activated on open) has it jump up to 591 MB used. Still well under the 1 GB on the SBC.

    This is with a Torrent running (serving), 10 active tunnels of various kinds, 20 peers active and generally being a modest usage time.

    During the Torrent download it only ever got to about 32 kB/sec max, and so the CPU was usually about 80% loaded, not pegged at 100% as I’d expected. Don’t know if this was accidental or by design. The “thermometer” icon popped up (upper right) with 1/2 red showing that with the cheapest smallest heat sink, it was warm but not yet heat limiting (that happens at a full red thermometer…) So inside thermal limits but getting close. A bigger nicer heat sink would be a good idea, but not necessary.

    Overall, it looks like the 32 bit OS cures the memory hogging issue seen on the Rock64. But big torrent downloads will be slower and it does have “issues” with a slower I/O system (more frequent D disk wait on htop, occasional pauses in the browser when busy.)

    I’d be OK with using one as an i2p router node, but if doing it often, you want Rock64 or better memory and performance (so buy the $50 SBC instead of the $40 with heat sink Pi…)

    My guess is that a $57 Odroid XU4 would just rock at this. I’m going to try mine “sometime later” after I put this project to bed. (Tuning, scripting, uSD image, package, post… yet to do).

    Overall, I’m impressed with the ability of the Pi running Raspbian, while at the same time a bit jaded by better SBCs with much more performance and “comfort” for not that much more money. (And completely spoiled by the Odroid N2 that’s a dandy desktop with pretty much PC like performance on the things I do… so $90 well spent).

    While I love exploring “Minimalist Design” and finding the absolute rock bottom usable limits to hardware, it IS nice to just boot the N2 and not care…

    OK, the Pi is “just good enough” and with the 32 bit OS the 1 GB of memory is fine (and likely some tuning in Raspbian to be more memory conservative…). Also, over a long run time, memory is NOT being consumed to excess. Got it. (Maybe I need to try a different OS on the Rock64 and see if the memory leak like behaviour is OS more than i2p? … “someday maybe”…)

    It looks to me like memory crept up by about 100 MB a day to the 300+ level. That means at most it would fill the 1 GB in a week of constant tunnel serving. However, the Rock64 stabilized memory creep after about 2 days and started releasing stale blocks. That implies the Pi would top out about 500 MB used (browser closed) after a few days. Well below the 1 GB. Ether of those 2 scenarios is fine with me.

    So “moving on”…

    I’m going to polish and tidy up the R.Pi install, but that will also involve shutting it down / rebooting from time to time, so it is going from “in use” to “in devo” in a few minutes (typing this on it now…)

    I’m also looking at FoxyProxy. It is just Way Cool!

    With Tor browser and FoxyProxy and i2p:

    Things headed for the i2p network go to i2p. All other stuff goes to the clear net via Tor onion routing. Both of the best uses, automatically sorted, and with very good privacy settings all around. So that’s the next level I’m aspiring to. Add FoxyProxy and Tor browser to both my i2p routers and write it up.

    IMHO, from what I’ve read, that combo (Tor, FoxyProxy, i2p) pretty much covers all uses in a fairly secure way, and with better ease of use and configuration. (We’ll see if reality matches experience as I try it…)

    With that, time to shut down this puppy and do some more devo with it.

  31. E.M.Smith says:

    FWIW, after 6.x days of continuous running, the Rock64 was at about 1.8 GB of memory used (out of 2 GB total, 1.9 ish after video setaside) and another 1.8x GB on swap. It was starting to show “swap artifacts” using the browsers as I got to wait for the D-Wait tasks in htop to let go of the I/O long enough to swap something.

    So looks like in normal use with the Java based version AND some amount of browser use, it’s good for about a week before a “reboot to clear all swap” becomes useful. FWIW, I suspect you could just “i2prouter graceful” shut it down (wait 10 to 15 minutes), exit the browsers, and then do a “swapoff / swapon” in rotation on each swap device to clear stale swap. But a shutdown /reboot is about as fast ;-)

    Overall, I’m quite happy with it.

    Also note that at one time I had THREE (3) different systems all running i2p through the same NAT boundary router. It never seemed to confuse any traffic or service, so looks like multiples at the same time are Just Fine.

  32. E.M.Smith says:

    Just for grins, and to find out how long it might take to download an image of an OS on a uSD card, I started an i2pSnark download of an 8 GB movie. Which one isn’t important, it just happens to be about the size of an 8 GB uSD card… (Compressed would be a lot less, and using a smaller image can be down around 2 GB). It establishes and outside band of biggest and slowest probable.

    Well, it’s been 2 or 3 days now and I’m about 1/2 done. I think that’s a fair data point.

    Initially there was only the one “seed” who was likely the only uploader as it was a new magnet link. We’re now up to 16 peers with 3 of them seeding and the rest more or less linearly arranged from almost done to just started downloading / sharing. That’s likely the most one could expect for folks interested in downloading any system image I might build.

    Figure it’s about 4 to 6 days for 8 GB. That makes it about 2 GB / day on good days, and closer to 1 GB / day on slow days / few seeders.

    So only if I can get a compressed system image down to 1 GB is it going to be a “single day” process to download it. Workable, but not exactly blazing.

    Do note that IF there’s a lot of seeders or a lot of folks all downloading (and thus sharing parts of the torrent out to others) this speed can rise to faster. How fast depending on network speed, i2pSnark settings, and more. Were this to become “a regular thing” for me, I’d likely rent a “cloud” instance of a VM and use it to share bits about 10 x faster. This test is for “average home AT&T service” performance.

    OTOH, it’s pretty easy to just launch a torrent and forget about it. It gets what it can when your system is up and connected, and shares what it’s got, but doesn’t really care if it takes 10 minutes or 10 days. As long as at least 1 seed is up (who has the whole copy) or enough folks are downloading such that between all of them they have all the parts, it will eventually complete.

    So what’s all this say to me?

    1) I need to put a hard disk on my i2p Router Rock64 if I intend to do a lot of this. Slinging 2 to 8 GB at a time fills a 16 GB uSD card pretty darned fast. (I’m doing this from a different SBC as there was not room on that one…)

    2) SMALL system images are preferred. When it’s time for me to make and share a system image, I need to NOT do the Raspberry Pi “Kitchen Sink” 8 GB image (to which I then added a lot of stuff…). Instead I need to make a minimal Desktop Image and just do the value added bits. Then folks can add things like GIMP (Gnu Image Manipulation Program) if they want to do image editing. It will be a LOT faster and frankly doing a download of GIMP from the repositories isn’t illegal, immoral, or suspicious at all. It’s normal.

    3) Target size is 1 to 2 GB compressed. BEST compression method preferred over fastest. (.xz is it, I think, but worth trying them all and measuring results).

    4) It would be WELL worth it for me to investigate a Clearnet download alternative. If anyone knows of a free / open download site that doesn’t demand your life history, let me know… There really isn’t a need to mask the download of a R.Pi image with the i2p router installed on it. It’s completely legal and entirely OK. I suppose there’s a minor issue that it would leave a “finger print” showing “intent” to use the Dark Net, but all those encrypted packets flowing in / out of your internet spigot once it is installed and running will show you doing it anyway, so what’s the added concern? I2p hides the contents, not the activity. (For that stick a uSD card in a match box and mail it to the next person, or just have them ask “Got a match” at Starbucks…) So a minimal VM on some cloud provider is likely a Good Idea.

    5) It will be a LOT faster to just install a regular R.Pi Raspbian image at home and then do:
    “apt-get install i2p”
    and when the FireFox browser launches, do the FoxyProxy addon.

    So on my ‘dance card’ is to pick the minimal desktop Raspbian, start a clock / timer, and go from download to working i2p router / FoxyProxy device, and note exactly the steps and times. Then write it up in a CookBook. It will also be fun to see if I can get that done before the movie finishes downloading ;-) Maybe I’ll start that tomorrow just to make if fair to the movie download 8-}

  33. E.M.Smith says:

    The download of the movie just finished. Now I’m one of 8 seeders… with what looks like 3 folks left downloading. The process accelerated a bit as more seeders accumulated, but still looks to be speed limited by the slowest guy in a given garlic route and limit on number of routes in play at any one time.

    Speed for any one feed can be from about 9 BPS to 30 KBps, and total speed can range up to 100+ KBs. I never saw it get to 200 or more despite having a 300 limit set for my instance. (Why it chose 300-ish is beyond me. I’m pretty sure I’ve got a bit more than that, but it is AT&T so maybe tested lower than advertised and paid for..)

    Note that b is bits and B is bytes that are about 10 bits long including network overhead… Why they use B in the display is unclear since networking always is about b/s not B/s, so the numbers look a bit confusing. 100 kB/s is 1000 kb/s and ethernet is 10/100/1000 Mb/s depending on era, so at best about 1/10 old Ethernet. (A 9600 baud modem is 9.6 kb/s for comparison, so in the range of 1 to 10 modem links)

    So my conclusion is that bittorrent on i2p, even for Very Large Files, is workable, if a little slow.

  34. E.M.Smith says:

    Oh, and it looks like being “up” for a few days really makes for a lot better connectivity in the i2p space.

    This SBC went from about 200 known peers and maybe a half dozen active at first bring up, with maybe 2 active tunnels for others, to now having:
    Almost 1000 known peers.
    82 active peers
    49 participating tunnels ( 6 exploratory and 5 Client – exploratory drops off as more peers are located)

    I have bandwidth set to about 1/10 of a 1080p video feed. My internet connection can drive at least 3 TVs at once and there’s only 2 of us, so in theory I could set it even higher. Presently about 400 kB/second or about 3.2 Mb/second per the configure screen, and that puts me in a higher tier of performance / interest for others. Outbound is 100 kB/s with share ratio of 90%, so 90 kB/s shared.

    66 kB/s shared is the lower bound for N level.

    L  12 - 48
    M  49 - 65
    N  66 - 130
    O  131 - 261
    P  262 - 2047
    X  Over 2048

    I’ll probably back that off for this SBC a bit later, as it is “for occasional use only” (i.e. for my personal browsing and such) and crank it up on the Rock64 that’s for “service to the i2p network” ;-)

    This one is supposed to be shut off every night anyway, so there’s the sporadic availability thing too. I need to start weening the network off of thinking of this SBC as a reliable and relatively fast router and divert my Telco bandwidth to the other one more.

    Memory is presently at 3.29 GB used out of 3.6 available (the rest being zram swap, temp files, video mem to make 4 GB) with 1.66 GB on swap at the moment. I’m in Chromium with about 48 tabs open, 12 of them YouTube videos, so a fair amount used there.

    Still, I likely ought to do a reboot and clear it back to zero on swap. It isn’t slowing yet, but eventually it will…

    Update: Exiting the Browser dropped memory used down to 1.48 GB and 1.3 GB swap. So looks like the browser was / is the bigger hog. A lot of that 1.3 GB on swap is likely stale and the system is just not taking the time to clear it out yet.

  35. E.M.Smith says:

    I found my Gentoo R.Pi M3 uSD chip and booted it up again… (on it right now).

    It’s a little different. As it approaches 700 MB it starts rolling stuff to swap (861 MB out of the 1 GB are available, the rest are temp file systems and such). Right now with the Chromium browser open with 4 tabs, I’ve got 689 MB used, 480 on swap.

    It can play a video in a small window (not tried a full sized window yet) but maxes all 4 cores and starts to flash the thermometer (at half red). So Gentoo really knows how to use all cores at once.

    It seems a little more responsive than other distributions (and a lot more than Raspbian…) but does sometimes have pause / lag moments when writing a bunch to swap on some high page weight thing.

    I’m still not really comfortable with the whole “emerge” and “use flags” thing, but minimally functional. I decided to look for i2p. Looks like it is there, but needs some newer Java and other bits, so you have a more complicated install:

    Java 7 or higher must be installed to run the main implementation of I2P. See the Java article for more instructions on how to get the system to that point. If this is not possible, try the newer but less mature C++ implementation: net-vpn/i2pd.

    net-vpn/i2p is currently marked as unstable. Special permission must be granted for it to install on stable systems:

    root #echo "net-vpn/i2p" >> /etc/portage/package.accept_keywords

    i2pd (C++)
    net-vpn/i2pd is also marked as unstable:

    root #echo "net-vpn/i2pd" >> /etc/portage/package.accept_keywords

    USE flags

    Here’s the Java article it links to:


    For now I’m giving it a pass… but if SomeDay I need to fall back to Gentoo, I’ve got the links here to find it again.

    It is a competent system. Even the WiFi connection was easy to make ‘go’. Only the painful experience of trying to do system software upgrades, installs, configures, etc. is a PITA. “Use” flags let you do just about anything you would ever need to do, but also require you to set everything you might ever need to set, sort of. I’m sure once over the “hump” of the learning curve it is all just fine and dandy, but compare to Debian where all you need to know is roughly 3 lines:

    apt-get update
    apt-get upgrade
    apt-get install FOO

    Oh Well, there system their choice.

    With that, I think I’m “moving on” and going back to my Devuan (Debian based without SystemD) favorite ;-)

  36. E.M.Smith says:

    After 5 days of uptime, the Rock64 has 849 MB of swap in use.

    It looks like stale tunnel data is rolling to swap, but eventually ages out and is disposed, long before it becomes an issue.

    While I’d like somewhat better memory management than that, it does look like you can run long term without issues and like it does (eventually) take out the trash.

    Unknown is the question of time vs tightness. Is it dumping this as days have past, or because of some memory need metric. The former argues for large swap while the latter says any swap will do and it is just packratting things “in case” of a returned need but will drop them on memory shortage.

    As I have 9 GB of swap on this SBC at the moment, and it is holding under 1 GB (with 2 GB of memory), I suspect it is an aging out process or it doesn’t know how much swap exists…

    The main takeaway is that SWAP=MEMORY looks like a number that will not be problematic.

  37. E.M.Smith says:

    Another mem usage report.

    After 8 days of continuous use, swap is up to 2.8 GB running only the router…
    Launching Chromium kicked it up to 3.28 GB of swap (on top of 2 GB of installed memory… so quite a lot in total).

    Things are just a little bit doggy in their response, but livable. For example, launching a new terminal session or the browser were both D disk wait in htop as swap is on a disk that has a start up lag and something needed to swap.out to make room.

    Otherwise it seems to work OK. Which is a bit odd, as most of my experience with these Armbian / Debian / Ubuntu / etc. based SBCs has been that they start to have some kind of thrash lock at about 1.5 GB of swap used.

    The only reasonable conclusion is that the stuff being put on swap is not being used at all. There isn’t any need to actually swap things in and out and in and out. Just out and forget about it.

    There’s only 30 total tunnels at the moment, 15 participating, and 3 of them inactive, so not a lot of demand on the system. CPU under 25% even with the browser going.

    OK, this is not ideal, but livable. I’ll just plan on a reboot once a week, but not panic about it if it goes 2 weeks. ( I have 9 GB of swap configured, so in theory enough for about 25 days at this rate of memory leak…)

    With that, I’m going to reboot it now.

  38. E.M.Smith says:

    Interesting… After ANOTHER one week uptime run (so checking in to reboot it to clear the swap area…) it is at 840 MB memory used and NO swap in use.

    The difference? I did NOT leave the browser open on a management screen. Just left the router running.

    The implication here is that it is the browser that’s got a memory leak, not the i2p router itself.

    OK, Operational note to self: Exit the browser when you want to leave an i2p router running long term.

  39. E.M.Smith says:

    Oh, and I’d also set swappiness in /etc/sysctl.conf to 0.

    Contrary to common belief, that does not set SWAP USE to zero (right now I’m at 123 MB on swap after using the Chromium Browser a few hours). It is a slider about how much to use SWAP only for real memory uses and not for file information bufferes.

    You can always get the file information from “hitting the disk” again and reading the inodes. Actual compute memory not so much… Yet it can be more efficient to hold a lot of that inode information in memory. You needed to find where all the blocks were for a given file because you were using it, and that often means you are about to use it again. The first “du -ms *” is a lot slower than the 2nd as all that usage of space data is not cashed in memory buffers.

    What swappiness=0 says is “toss file buffers in stead of writing them to swap as you cn always just read the ‘disk’ again for that data”. This is especially so for uSD cards and SSDs where there are no head seeks, rotational delays and head contention.

    Swappiness=100 says treat file buffers equally with active compute memory. Very useful when you have a lot of file I/O off hard disk and not that much compute memory in flux.

    So setting Swappiness=0 may have been the important bit as it said to toss file buffers and both the Browser and i2p can have a lot of file butters. (Think of all those browser cache files… MB of them…)

    I’ve not tested browser vs swappiness as I changed both at once. But frankly, I’m OK with the notion that they both contribute and I’m just going to set swappiness=0 AND not leave a browser open and running for weeks at a time.

  40. E.M.Smith says:

    After 2 weeks running (really 15 days) without the browser running, swap has 2 GB in it.

    So still some work to do tuning it to not accumulate old file handles in swap…

  41. E.M.Smith says:

    Well that was a bad idea…

    On the Rock64 running Armbian Debian I’d stopped the i2p router and was compressing a 7 GB image of a Devuan Pi M3 and decided that having 2 GB of garbage in swap was silly.

    I have 1 GB of zram and then 4 GB of a disk partition. That partition was on the same disk as the one where I was compressing the image. There’s a 2nd 4 GB swap partition on the disk too, but at lower prioriey. I figured that a “swapoff” of the first one would toss the trash and any swapped stuff that mattered would just be put on a different swap partition.l Clearing about a GB of swap.

    All was going fine down to about 750 MB left (nothing being kept up to that point) when the system promptly crashed.

    OK no idea why, but I need to start my xz compression run again, right after I fsck the disk…

    So either Armbian (SystemD afflicted) is not stable to high disk use / or swap swapped out something important / or the Rock64 tripped over itself with high data rates in I/O.

    My guess is that it was swap related as I’ve done lots of other IO before. But I’ve also done the “drain the trash” by turning on / off different swap partitions before too… so it looks like whatever was the problem was tripped by a combo of draining swap and high disk IO / seeks.

    In any case “Don’t do that”…

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.