eepSites - forum.i2p ~ View topic - Easily-Confused Noob's Guide to I2P

*Last edited by JonasK on Wed Mar 02, 2005 2:28 am; edited 6 times in total*

Easily-Confused Noob's Guide to I2P - Version 3.01

By JonasK

Updated: 050301 21:28

This document is released into the public domain.

########################################

Table of Contents

Disclaimer
Audience
What is I2P?
What's a Firewall (and a Router)?
What's a Port?
Installing I2P
A Quick Word About Safe Computing
Initial Setup
Setting up the Browser
What is Localhost?
What is a Proxy?
What is Port 4444?
What is Port 8887?
More About EepProxy
So I'm Connected ## What Now?
Why is I2P is So Darn Slow?
Why is I2P is So Hard to Use?
Why Isn't I2P Working Now Even Though It Worked Fine Yesterday?
Why Does I2P Sometimes Work Fine for a While Then Stop for While?
Connecting to Chat
Connecting to a Newsfeed via I2P ## Part 1
Connecting to a Newsfeed via I2P ## Part 2
Connecting to a Newsfeed via I2P ## Part 3
Automatic Proxy Configuration - Extremely Important Disclaimers
Automatic Proxy Configuration - Explanation by Example
A Closing Editorial
Credits

########################################

Disclaimer

I'm the easily-confused noob referenced in the title, so don't expect this article to be accurate. It's a summary of what I think I understand and some of it may be dead wrong. In any case, there's a dire shortage of this kind of information on I2P, so perhaps this will prod other people to correct me, thereby benefiting everyone.

########################################

What is I2P?

I2P is a program you install on your computer. It's also the name of a network ## sort-of like the World Wide Web is a network. (Technically speaking, the World Wide Web and I2P are "protocols", but if you already knew that, you probably wouldn't need to read the Easily-Confused Noob's Guide.)

I2P lets you use certain programs anonymously. Your web browser, for instance, can contact sites on the I2P network. In the long run, pretty much everything you can do on the regular Internet you'll be able to do on I2P ## and if you're careful nobody will be able to figure out who you are and what you are doing.

How does it work? Briefly, all data going into and out of your computer is encrypted and routed through intermediaries ## other people who are participating in the I2P network. Thus, there isn't a clear and constant path between you and the service you're using.

"So," you may think, "this means I can surf for porn and nobody will know, eh?" No, it doesn't mean that. First of all, if you think that's the main benefit of I2P, you're only thinking with your groin. Second of all, you do have to exercise a certain level of sensible caution: install antivirus software; understand what a firewall is; check your computer regularly for spyware; find out about the obscure cache and index files on your computer; and generally learn the fundamentals of privacy.

[soapbox mode on]

Ah, privacy. If you want a good technical explanation of I2P, check out their site at www.i2p.net. But if you want one person's opinion about what it all means, let me say that it's about privacy. And why is THAT important? After all, if you're doing nothing wrong, why should you care about privacy?

I'll tell you why: someday somebody might take exception to what you think is a benign activity that harms nobody. For example, as of this writing the United States has a president who wants to change the very Constitution of the land to make same-gender marriage impossible. Where would such a man stop? What is he capable of? I won't spin out speculative horror stories, but I would like to ask you to think about where this could go.

And let's not just pick on the U.S.A. There are countries where things are already very, very bad. I2P can save lives, people, and that's not an exaggeration. But it can only work if enough people use it so that the mere act of sending encrypted packets is not in itself seen as a criminal activity. So even if you do nothing more than run an I2P node and never personally use it, you can be striking a blow for freedom. And I'm talking about true freedom, not the caricature of "liberty" that Dubbya tosses around whenever he wants people to adopt a fixed grin and turn their brains off.

Oh, and let me be clear: anonymity can and will be abused. Some individuals will inevitably end up using I2P to do Bad Things. We may really, really dislike what certain people do, but there are larger forces to contend with, and bigger issues at stake.

[soapbox mode off]

########################################

Audience

The Easily-Confused Noob's Guide deals with I2P on a Windows machine running the Windows SP2 firewall and a cable modem. If your setup doesn't resemble this, I hope you can find some documentation that's closer to what you actually have. In any case, if you have a passing familiarity with Windows ## which is hard to avoid unless you're a zealot ## you can find some useful information here.

########################################

What's a Firewall (and a Router)?

We'll lead off with this question because most people who are installing software like I2P (or BitTorrent, or Freenet, or various P2P doodads) are brought to grief by their firewall.

Very roughly speaking, a firewall is something that prevents data from getting into your computer. Ideally that's a good thing: you don't want other people using your hard drive or printer. Most decent firewalls can also prevent data from getting out of your computer. This is good because somebody might have covertly installed a program on your machine that transmits every keystroke you type.

The downside is that sometimes firewalls keep data out that you WANT to let in, or don't let data out that you WANT to let out.

There are two basic kinds of firewalls: software and hardware. Software firewalls are easiest to deal with, because if they're blocking something it's generally easy to "poke a hole" in them with a bit of simple configuration. You still have to know what "ports" to open up, but once you know that the rest is simple enough.

Hardware firewalls are (usually) external to your machine. If you have a box that's external to your machine, it might be a firewall, or a router, or just your cable modem. Cable modems are occasionally problematic (if your ISP has them configured in an awkward way), but in most cases they won't create an impenetrable barrier to success.

Hardware firewalls and routers are different things, but they cause similar problems, so I'm going to lump them together here.

Hardware firewalls and routers do their job by creating their own reality. To put that in less mystical terms, they have their own view about how things are addressed. You might THINK you're sending to Port 123 at IP address 123.456.789.001, but the firewall or router may (for good reasons that are nonetheless annoying) interfere.

So if you have a hardware firewall or router, you'll end up messing with things like NAT (Network Address Translation). I have no idea how that's done, but I think it involves logging in to your firewall or router, sometimes through a web browser interface, sometimes through a special program, and specifying a list of exceptions to their rules. That's about all I can tell you about that. Read The Furnished Manual, as they say, or spend a few hours on Google.

For future reference: Here we were discussing hardware routers, but if you read a lot about I2P you'll sometimes see the word "router" used in a different context: sometimes it is used to describe an aspect of I2P itself. Fortunately, the distinction is almost always obvious from context and in any event, most of us noobs won't be reading articles analyzing the internals of I2P.

########################################

What's a Port?

Just because a country has a seashore doesn't mean it only has one place ## one port ## for ships to land. Internet addresses (and certain programs in your computer) have different ports, too. To use another analogy, just because your house has only one street address it doesn't mean it has only one door. Most houses have at least two ## let's call them PersonPort 1 and PersonPort 2. (If it helps you remember: "porte" is French for "door".)

There are also different kinds of ports. This is getting complicated, but picture this: your house may also have a doggy door ## let's call that DogPort 1 ## and a whole bunch of windows to let light in ## we'll call those LightPort 1 to LightPort 14. (No, there won't be a test on this afterwards.)

With me so far?

So in the wonderful world of computers you have TCP ports ## doorways for certain kinds of messages ## and UDP ports, which handle different kinds of messages. There is also a distinction betwen internal ports (ports that don't go outside of your computer ## like doors between rooms of your house) and external ports. But now I've reached the point where I have to admit that I can't explain the issue further, because I don't fully understand this stuff myself. Hopefully, though, I've given you more insight than you had before. And maybe some kind soul will clarify the issue for me so I can incorporate that wisdom into a later edition of this article.

########################################

Installing I2P

Ah, we finally get around to the part about installing I2P.

I downloaded the i2pinstall.jar file from www.i2p.net and double-clicked it. (Well, first I checked its validity by running a SHA1 test on it, but that's because I'm paranoid. If you're paranoid, too, look up SHA1 on Google. But you can install it without this extra step.)

Anyway, it worked. I should mention that I'm running the Sun Microsystems Java "virtual machine" program, which you can download from the net for free. (Google can tell you where to get it.) I do not wish to use the Microsoft Java virtual machine. I'm not going to berate Microsoft about this. It's just that if crackers are going to attack something, they'll tend to focus on that one because it's the one that most people use.

If you don't know what a "virtual machine" is, don't worry about it. (Briefly: it lets your computer act as if it's some other kind of computer, sort-of.)

########################################

A Quick Word About Safe Computing

While I'm at it, I'll mention that I'm running Mozilla 1.7.1. Same rationale: if crackers are going to attack something, they'll pester Internet Explorer. And my mail program is Pegasus, not Outlook. Same rationale. (Ever wonder why Macintosh computers get so few viruses? Well, consider this: there are more than 30 Windows machines for every Mac. Simple arithmetic tells you which hardware or software gets the most attention from ne'er-do-wells.)

########################################

Initial Setup

The initial setup of I2P went very smoothly; it was much easier than other things I've tried, such as FreeNet and Secure-Tunnel (both of which I strongly suggest you avoid if you wish to avoid intense frustration). With I2P I was up and surfing in a few minutes. It's a lot easier if you don't have a hardware firewall (see above). In my case, I had the Windows SP2 firewall. At one point it asked if I2P should be unblocked. I said Yes.

I also "poked a hole" in the Windows SP2 firewall (perhaps unnecessarily) by clicking through Start, Control Panel, Windows Firewall, Exceptions. I then clicked on Add Port. I gave the port the name "I2P Port 8887" and gave the Port Number as 8887. I checked the TCP radio button, then clicked OK. I ignored the "Change Scope" button, but in any case, it's set to "Any computer". My "Display a notification when Windows Firewall blocks a program" is checked, but that probably isn't relevant here.

I did nothing on the Advanced or General tabs.

########################################

Setting up the Browser

Okay, this is what you do if you've got Mozilla 1.7.1. If you've got something else, I'm afraid you'll have to translate what I've written below.

I started up I2P. After a short time, it started up Mozilla to display the Router Console. Remember that name: "Router Console". You'll hear a lot about it when you read about I2P.

Anyway, I ignored the Router Console for the moment (though later on I would typically have to go back and click the Reseed link on the left-hand side of I2P's Router Console).

So from Mozilla's menu bar, I clicked on Edit, Preferences, then selected Advanced, Proxies. There are two straight-forward ways to use Mozilla, as indicated by the radio buttons: "Direct Connection to the Internet" and "Manual Proxy Configuration".

"Direct Connection" is the "normal" method. If this wasn't already clicked, you're probably already using a proxy for some reason (are you in an office, maybe?). In such case, you should ## at the very least ## write down the original settings. Better yet, before you fiddle around you should find out WHY you weren't on "Direct Connection" by asking somebody who would know. Anyway ...

I clicked on Manual Proxy Configuration then set HTTP Proxy to 127.0.0.1 and the corresponding port to 4444. I didn't touch the other ones (SSL, FTP, Gopher, SOCKS) at this point, since they're not important for the initial connection to I2P.

I have SOCKS v5 checked, though I'm not sure this is critical.

The "No Proxy for" box tells the browser when NOT to send stuff through the proxy. I have this set to: "localhost, 127.0.0.1" (without the quotes).

########################################

What is Localhost?

I should mention at this point that "127.0.0.1" or "localhost" are the same thing ## usually. However, to be on the safe side it's better to type 127.0.0.1. If you want to learn more about this, have a look at the following file on your system:

C:\Windows\System32\Drivers\etc\hosts.

It's best not to touch this at this point, but at some point in the future you may wish to learn more about it because it can do some nifty things, like blocking irritating ad banners.

########################################

What is a Proxy?

A proxy can be many things, but for the time being lets just say it's a program that intercepts data that is going out from (and coming back into) your machine. If you've told your client application (e.g. your web browser) to use the proxy (see above), then instead of the data heading straight out to your cable modem (or whatever you're using), it first passes through the proxy program. The proxy program can do stuff like encrypting the data, or deciding where the data should go. I2P does both of these things ## very cleverly, I should say!

Let me explain this again from scratch, in case I wasn't clear. When your browser wants to go to a web page, and it's NOT using a proxy (i.e. the normal way most browsers work), your browser is basically talking directly to the Internet. (This is a gross simplification, and I'm using the word "Internet" very loosely.) However, when you've told your browser to use a proxy, your browser talks to the proxy, not the Internet. It's the proxy that actually talks to the Internet. (And with I2P, that means you're then talking to some anonymous person's computer, which talks to another anonymous person's computer, and so on, until finally, after an incredibly convoluted journey, your precious data arrives where it is supposed to go, perhaps a little dizzy from all the bouncing around.)

########################################

What is Port 4444?

As explained earlier, when you use I2P you tell your web browser to talk to port 4444. I2P can run lots of different proxies (like a proxy to handle chatting), but for now we're discussing the one named "eepProxy", which is built in to I2P. It's the one you use to get to web sites that end in ".i2p" instead of ".com" or ".net" or whatever.

The eepProxy program "listens to" (i.e. watches) what your machine is doing with port 4444. Now I should mention here that port 4444 is an internal port, not an external one. You do NOT have to "poke a hole" in your firewall for port 4444, because all this is happening inside your computer. Since eepProxy is already on your machine, there's no firewall to get in the way.

########################################

What is Port 8887?

So where does eepProxy send the data on the way out? Normally it goes out port 8887. (You can change this, but if you're just starting out ... don't.) Port 8887 in this case is a "TCP Port". (If you care, TCP means "Tranmission Control Protocol". A related term you'll hear people mention is "UDP" ## User Datagram Protocol ## but that's not important right now.)

So here's what happens:

Your browser (if properly configured to use the proxy) talks to port 4444. The eepProxy program is "listening" (i.e. monitoring) this port. If it "hears" something, such as a request to visit a web site, it springs into action.

########################################

More About EepProxy

Let's say you request an I2P website (an "eepsite"). The eepProxy program notices the .i2p suffix and says, "Hey, that's an I2P site!"

It then looks up some complicated routing information (kept in its hosts.txt file, I believe ## not to be confused with the Windows hosts file previously mentioned) and thus knows how to find the site through the I2P network. If the site is actually running (which for many sites is often not the case), you'll be connected. Thereafter, all communication between your browser and that site is handled by eepProxy. (All kinds of arcane stuff with tunnels also happens, but that's outside the scope of this part of the discussion.)

Now let's say you request something that isn't an I2P website ## for example, www.google.com. EepProxy doesn't mess with these and just passes on the request (via some intermediate machines) to the regular (i.e. not I2P) web. Sometimes this works. When it does, you'll still be somewhat anonymous since the web site will see somebody else's IP address (i.e. the address of one of the people who is serving as an intermediary for you), but there are probably other issues, so I wouldn't recommend surfing this way ## it's probably not all that anonymous.

########################################

So I'm Connected ## What Now?

Actually, it sometimes takes a while to get thoroughly connected. After you start up I2P it has to connect up to "peers" (other people running I2P) so it can work its obfuscatory magic. It may take a few minutes before you can actually do anything.

In any case, you can almost always connect to certain eepsites:

duck.i2p, files.i2p, forum.i2p, orion.i2p, www.i2p

These can give you some good leads about other I2P sites. You could also open your hosts.txt file in a text editor (in read-only mode if you can manage that ## you don't want to alter that file) and you'll see some comments at the beginning that mention other sites. Some of these work, but many don't because they run on some person's computer and it might be turned off or on fire or something. (Another possibility: the person might have shut down his or her copy of I2P ## it only works when it's running.)

Is there a central site that is the I2P equivalent of Google, which scans all the I2P sites in existence? Well, as of this writing orion.i2p does this, but it's not exactly Google. Maybe one day, though.

########################################

Why is I2P is So Darn Slow?

All kinds of routing magic is going on to protect your anonymity. A typical transaction probably requires ten times as much jiggery-pokery as a normal web transaction. You can use the idle time to write up helpful documents for other I2P users. Or you can watch TV. It's up to you.

########################################

Why is I2P is So Hard to Use?

Yes, it's hard to use. I don't know what's going on half the time, and all those statistics available via the Router Console make my head spin. But did you ever see the Internet in the early days? I2P is just getting started and it's already easier to use than the net in the days before the World Wide Web.

########################################

Why Isn't I2P Working Now Even Though It Worked Fine Yesterday?

Do you have the latest version? If you're not sure, close down I2P (Router Console, Configuration, Service, Shutdown the Router). Now go to www.i2p.net to check if you're up to date.

Also, if some sites work and some don't ## even though you've been assured they exist ## maybe you have to download the latest hosts.txt file from www.i2p.net and plunk it into your I2P directory. (I think you have to restart I2P to load the new hosts.txt file. I'm not sure about this, but as I told you before: I'm an easily-confused noob.)

########################################

Why Does I2P Sometimes Work Fine for a While Then Stop for While?

The proper way to shut down I2P is to go to the Router Console, click Configuration, then Service, then Shutdown Gracefully. This procedure can take an eternity ## sometimes as long as a few minutes!

Why am I telling you this? Because some people shut down I2P by simply blowing it out of the water, or yanking their computer's plug out of the wall. This means that anybody who was using their machine as an intermediary is temporarily screwed until the I2P software can figure out that something went wonky and find another route for you. In the meantime, some data (such as a vital segment of an important image you were downloading) might be lost.

There's no point getting upset about people behaving so rudely. Maybe one day I2P will punish such thoughtless behaviour by penalizing the person in a later session. But for now, let's face it: a lot of people think, "Hey, I don't know anybody who's using me as an intermediary, so tough noogies." As I2P grows and the average user is less concerned about its goals ## and more focused upon their own pursuits ## "plug pullers" may become the norm rather than the exception.

########################################

Connecting to Chat

WARNING: For privacy reasons, read to the end of this before doing any of it.

Okay, so I had I2P up and running. Now I wanted to chat with other people via IRC, but I know virtually nothing about my own chat program (mIRC). If you'll bear with my lack of sophistication, here's all I had to do:

I started up mIRC. It presented me with a "mIRC Options" dialog, but I clicked "Cancel". In the input box at the bottom of the Status window, I typed:

/server localhost:6668

I then waited for a while until I got connected.

While you're waiting, flip over to the I2P Router Console and click on the I2PTunnel link. Look down the I2PTunnel Status page and you'll see "ircProxy: running". Read the stuff below it and maybe click "edit" to see how a client tunnel is set up ## but don't change it. You'll notice that the port number 6668 is mentioned here.

Anyway, so I'm connected to the mIRC server I wanted. I now type:

/join #i2P

... and pow, I'm chatting anonymously with people!

The first time I tried this, I realized that mIRC still had some of my real info. Flip back to the mIRC Status window and type /WHOIS followed by the nick you're currently using. If you see something like your real name, you'd better reconfigure. (In mIRC, check various settings under File, Options.)

########################################

Connecting to a Newsfeed via I2P ## Part 1

Before you get all excited, this isn't USENet I'm talking about, but it IS an I2P site that uses the NNTP protocol, so eventually this info will be handy when somebody finally hooks up a permanent USEnet feed on I2P.

I'm going to give you the step-by-step of my personal experience in setting up a tunnel to an NNTP feed. However, I'll start by including Smeghead's clear and concise summary. This way, you'll have two views of the process.

########################################

Connecting to a Newsfeed via I2P ## Part 2

This is Smeghead's explanation, used with permission ...

Open your router console, then do the following:

1. Click the I2PTunnel link at the top

2. Scroll down to the bottom of the I2PTunnel status page and select Client tunnel from the Add new dropdown box, then click Go.

3. In the newly created tunnel config page, put "nntp.i2p" or somesuch in the Name field. The actual value you put here isn't significant to I2P, it's only for your benefit.

4. In the description field, put an arbtrary description, such as "VX's NNTP Server".

5. For Start automatically, check the box so that you won't have to manually start the tunnel when you want to contact the news server after router restarts.

6. In the Listening on port field, the router console will have automatically filled in a port number that's currently not being used. If you know this port won't clash with the port settings of non-I2P applications that aren't currently running, you might as well go with what it gives you.

7. For Reachable by, you want to keep it on the default setting of "Locally (127.0.0.1)" for maximum safety. Choosing "Everyone (0.0.0.0) can potentially open your router up to remote control by unauthorized parties.

8. For Target, you'll want to put "nntp.i2p", but you can also put the news server's base64 destination value if you'd rather do that. The value you put here will be used by I2P to connect to the news server.

9. For all other settings, leave them at their defaults unless you really know what you're doing. (I2CP port should be 7654 by default by the way.)

10. Click the Save button, then go back to the main I2PTunnel status page and find the entry for your new tunnel, then click start.

Note: If you want to see if a server is up, there's no real "ping" on I2P, but you can do the next best thing and visit orion.i2p and look at the uptime stats for the server of interest.

########################################

Connecting to a Newsfeed via I2P ## Part 3

Back to my experiences...

Okay, nntp.i2p set up an NNTP feed. It has an web gateway, but that's not quite the usual alt.this.that.blah.blah.blah we're used to seeing. Will nntp.i2p still be working when you read this? Maybe, maybe not. But the principles of what I'm describing should still be applicable if somebody else sets up an NNTP feed.

I set up the newsreader that came with Mozilla 1.7.1. If you're using something else, I hope that what I write here makes enough sense that you can translate it into instructions for your newsreader (which hopefully is not Outlook, which I don't care for).

First off, I had to define a client tunnel. From the I2P Router Console I clicked on I2PTunnel. I then scrolled to the bottom of the "I2P Tunnel Status" window to the "Add New" drop-down box. I selected "Client Tunnel" and clicked the GO button. Here's what I filled in:

Name: I2P News (it doesn't matter what you write here, but use this for now)

Description: News thingy (it doesn't matter what you write here)

Start automatically? Checked

Listening on port: 10119 (explanation below)

Reachable by: I left this at "Locally"

Other: I left this blank

Target: nntp.i2p (that's the name of the site with the newsfeed)

Everything below the horizontal line confused me, so I didn't touch it. I did, however, click the Save button. If I recall correctly, I then had to close the window and click on I2PTunnel again (in the I2P Router Console window). If all went well, I'd see, near the bottom: "I2P News: running". (Sometimes it says it's starting, or to be patient, or something like that. If so, refresh the browser window a few times until it says "Running". Also, read the notes below that for some additional enlightenment about the way client tunnels work.)

Okay, so I2P is now listening for my newsreader. So I open up the Mozilla newsreader, which only showed "Local Folder". I clicked on "Create a New Account", then selected "Newsgroup Account" and clicked "Next".

For "Your Name" I put JonasK. For "Email Address" I put in something bogus. Next.

For "Newsgroup Server" and "Account Name" I put "localhost", though I had no idea what I was doing. No harm done, as I later discovered.

So now I have a new account on the list named localhost. I right click it and select Properties. Ah! Now I see I can change the Account name to something else, like "The I2P Thing". I can also fill in some bogus info for name, reply address etc.

Next I move to the Server Settings items. Server name is localhost, which looks right, but (for reasons noted earlier) you might prefer to put 127.0.0.1. I set the port to 10119 ## exactly the same as the one I gave to the client tunnel. There's nothing special about the number 10119. It's just a big number that probably doesn't conflict with any other programs, and it's the default newsreader port (i.e. 119) plus 10,000. So why not?

Anything to do with passwords or authentication ... I turned these off, because that's what the guy who runs nntp.i2p said to do on his eepsite (in his incredibly brief how-to article). I also defined my "Local directory" as something in my root because I like to see what files my newsreader creates, but you might want to skip that step. (Mozilla loves to bury such files waaay down deep in obscurely named folders. Don't ask me why.)

Most of the other settings had to do with how to compose and reply to messages and had nothing to do with actually connecting, so I'll leave it to you to decide how you'll set 'em.

Now for the part I'm really not to sure about ## even though it works. There's an item labelled "Outgoing Server (SMTP)". Referring to the I2PTunnel Status report, I had the inspiration to set the server name to smtp.postman.i2p and the port to 7659 (instead of the default 25). I didn't use a name or password, because the nntp.i2p documentation said it wasn't using that kind of thing. I also turned off the secure connection, since I figured I2P was already encrypting everything.

There's an "Advanced" button, but I couldn't figure out how to make it work.

Okay, so I closed everything up. Now I right-clicked the account name ("The I2P Thing") and (if I recall correctly) selected "Subscribe". The newsreader churned for a while and ## lo and behold! ## I was able to subscribe to the newsgroups!

I was also able to send messages, but I don't know why. The I2PTunnel Status report says smtp.postman.i2p is NOT running on my machine. So why is my configured SMTP working? How is it sending? What's listening? What's forwarding?

I don't know, but it works. Is it anonymous? I don't know. Maybe some wise person can read the foregoing and tell me WHY it works. Please?

[soapbox mode on]

One intriguing thing for those messing around with naughty newsgroups: you can unsubscribe from a newsgroup but Mozilla doesn't erase the files. Not that there's a whole lot of naughtiness on nntp.i2p at the moment, but this is just one more thing to make people like me paranoid. Why oh why is it that when you say, "I'm not interested in this any more" the newsreader doesn't expunge everything to do with what you were looking at? I remember when I used to understand everything my computer did. These days, it's a big mystery. One day, I'll blunder into the wrong newsgroup (due to a typo) and my mistake will come back to bite me on the ass when Big Brother knocks my front door down.

You think I'm kidding? Go read BlackBoxVoting.org and BlackBoxVoting.com. If you're not paranoid, you're not paying attention. But please don't go out and buy a gun in some misguided attempt to fight off King George with your musket. The gummint has bigger guns than you can get. Our weapon is information. Freedom of expression is what They fear more than some redneck's cherished popgun, and that's why we get things like the DMCA, the Patriot Act, and ignorance-fomenting, knowledge-challenged, language-mangling leaders like Dubbya. THIS is one of the reasons we need I2P.

[soapbox mode off]

########################################

Automatic Proxy Configuration - Extremely Important Disclaimers

What I've written below works ... but don't use it except for a brief experiment with known eepsites. I've been informed that what I've described is far too simplistic. A malicious eepsite could exploit my technique to compromise your anonymity. The correct "pac" file to use as a starting point is NOT the one I've described below but the one that comes with I2P ## see i2pinstalldir/scripts/i2pProxy.pac ## but I haven't mastered its intricacies yet.

Smeghead says, "I would still discourage noobs from using proxy scripts altogether". I agree with this. If you don't know what you're doing, don't use automatic proxy configuration. On the basis of Smeghead's warning, I myself am going to stop using it until I know more. Why? Because I'm an easily-confused noob and I defer to the experts.

Nonetheless, I'll leave the following section in the Easily-Confused Noobs Guide because I think I've now been emphatic enough about the warning, and because it does explain a lot about how proxies work.

One final warning: Before changing any settings in your browser, please write down the old ones.

########################################

Automatic Proxy Configuration - Explanation by Example

If you flip back and forth between I2P sites and regular web sites (such as Google), it's a drag to have to continually go back into your browser's configuration to tell it to stop using the I2P proxy. Fortunately, most decent browsers can examine the site you're pointing at and (based on a script) decide whether or not to use a proxy.

What I describe below is what I did with Mozilla 1.7.1. If you're using another browser, I hope that what I write here gives you some clue about how this works.

First, I created a text file named FindProxyForURL.pac and put it in a directory named C:\Web (the actual names aren't really important). Here's what I put in the text file:

function FindProxyForURL(url, host)
{
if (shExpMatch(host,"*.i2p"))
return "PROXY 127.0.0.1:4444";
else
return "DIRECT";
}

(Actually, I didn't use port 4444 as shown above, but 8080. But if you haven't fiddled around with I2P's eepProxy tunnel, you WILL use port 4444.)

WARNING: The "pac" file shown above has security issues. Please see the "Extremely Important Disclaimers" section above. However, for the present discussion, at least it can serve to illustrate the principles being discussed.

Now I had to tell Mozilla about the "pac" file. I went to Edit, Preferences, Helper Applications and clicked on the New Type button. For "MIME Type" I entered "application/x-ns-proxy-autoconfig" (without the quotes, of course). For "Description" I wrote "Autoproxy config" (though it doesn't matter what you write here, I'm sure). For "Extension" I put "pac" (without the quotes, okay?).

I then checked "Open it using the default application" and also checked "Always ask me before handling files of this typed". I then clicked OK.

Now I was back in the Preferences dialog. I clicked Advanced, Proxies, and checked "Automatic proxy configuration URL". In the input box under that I entered:

file://C:\Web\FindProxyForURL.pac

That's the name of the file I prepared in a text editor, remember? I learned the hard way that you have to put "file://" in front ## it took me a good while to find out that crucial little detail. Anyway, I then clicked the "Reload" button, which I figure you have to do every time you changed the "pac" file (though hopefully you won't have to do that much).

I clicked OK to save all these arcane and (to me) baffling settings.

Now, lo and behold, my browser knew when to use a proxy and when NOT to use a proxy. For example, if I typed in www.google.com, the browser would get it via the regular web. If I typed forum.i2p, the browser would get it via I2P's eepProxy.

What I've written above may not be entirely appropriate for your setup. For example, if you already use a proxy ## even when you're not on I2P ## the instructions above will mess you up. Fortunately, you can search Google for "FindProxyForURL" to find all kinds of nifty information about this kind of dilemma.

If you understand Javascript, you'll be able to do some really amazing things. If (like me) you have only the barest understanding of Javascript, you can experiment around. Just remember to pay attention to when you're going through the I2P proxy and when you're not. (You can usually tell by watching your browser's status line and by noticing how long it takes a site to load.)

In other words, if you're going to experiment, bear in mind that if you make a boo-boo you could compromise your anonymity. If you have the slightest doubts about what you're doing, it's safest to NOT fiddle with automatic proxy configuration until you DO know what you're doing.

(In my case, I've stopped using Automatic Proxy Configuration. I simply lack the expertise to be sure that I'm doing it safely.)

########################################

A Closing Editorial

I'm preparing this guide for no recompense ## certainly not fame, since I'm anonymous ## but I can get some satisfaction by spending a moment on a soapbox.

I would like everybody here to remember that the Internet (and by extension I2P) is international. So let's just stop messing around with different date formats, okay? Let's all use YYYY-MM-DD HH:MM (PHP Date() format string 'Y-m-d H:i') and stop wondering what date the other person is talking about. The American DD/MM/YY format is ludicrious ## what does 06/03/02 signify? (You get three guesses.)

Okay, I've had my say.

More adventures to come in later editions...

########################################

Credits

People who have purposely or inadvertently contributed to my enlightenment in developing this article (in alphabetical order): Cervantes, Complication, MichElle, Myo9, Smeghead

I2P Decomplicator Joined: 25 Feb 2005 Posts: 818

Your guide seems fairly fine ## although I would have one minor nitpick. To my knowledge, TCP means "Transfer Control Protocol".

############

I could add... some talk about installing Java on Linux.

Most Linux distributions don't include Java on their CD disks (Java being proprietary to Sun Microsystems)... and most versions of Kaffe (a free alternative to Java, which could be packaged into Linux) are complex to get working with I2P (not yet recommended for newbies).

Thus, if your Linux distribution lacks Java (issuing "java" on the command line yields nothing) I would recommend downloading Java Runtime Environment from:
http://java.sun.com

Sun ships its Java virtual machine in a binary executable file. This file should be saved in a convenient directory, and given sufficient permissions to allow running it as a program.

In a terminal window, issuing "chmod u=rwx my_java_file" should have the desired effect, granting the file permission to be <r>ead, <w>ritten and e<x>ecuted by its <u>ser (whom the file belongs to).

Now, you can run the file. To accomplish this, in a terminal window, (in the same directory where you put the file), type "./my_java_file". The dot in front... is meant for security-conscious systems where the current directory is not automatically included in the runnable programs path. It explicitly indicates that the file should be taken from the current directory.

The program dowloaded from Sun will display Sun's license agreement, and request you to feign acceptance of it (while swearing to learn how to use Kaffe next time). Razz

Then, it will unpack an RPM archive for installing Java.

On most systems, to install an RPM package, you must first become the root user (in a terminal window this is done by issuing the "su" command and giving the root password). As root, you can generally issue "rpm -ivh my_java_rpm_file" and it will be installed.

You can test Java by issuing the "java" command. If something runs, Java is probably already included in your path. If not, you must include it into your path (of runnable program locations).

On my computer, running Linux Mandrake, I had Java added into the path (and I2P automatically started) by editing the file "/etc/rc.d/rc.local" (while root). This file is generally run at the very end of system startup, and you can place commands for automatic execution to its end. I added the following commands (some are comments):

I2Phelch0r Joined: 07 Feb 2005 Posts: 173

Here is some suggested information for future versions.

Webrowser - firefox
Email/news - thunderbird
Irc - chatzilla
Software firewall - outpost
Firefox extensions - switchproxy
Jabber - Jeti
I2P Bittorrent - Windows I2p Bittorrent from legion.i2p Wink

Firefox, thunderbird and chatzilla are all from mozilla.org

The Switchproxy extension is from the mozilla update site.

Windows I2p Bittorrent is from legion.i2p Wink

Jeti can also be found on legion.i2p

Anyways other information that new i2p users might want to check out is up on legion.i2p

I2Phreak, I'm not setting out to document everything about I2P. I'm explaining what I've done, and trying to give some background info so others can generalize from it. There's no way I can cover all of the topics you've mentioned.

However, if the Powers That Be could set up a central site where people can post similar "Here's what I did" articles, then everybody could contribute, and the topics you mentioned could be covered.

As time goes on, my guide will become too large for a message board like this. A couple of minutes ago I managed to plug into an I2P NNTP server. I was very happy to have succeeded, and I'll document what I did for the benefit of others. But it'll make an already long article VERY long. At some point the person who runs forum.i2p is bound to ask me to take it elsewhere.

But where? A newbie guide that can only be read by people who have already mastered I2P isn't very useful. In fact, putting my guide on the I2P web itself isn't very useful. I'll have to think about that.

What's the right venue? How can we all share our wisdom? As ironic as it may sound, the only sensible answer is the regular web. Because if somebody can't get to Square One, they won't be able to see the articles.

Perhaps the really advanced stuff could say, "Okay, now that you've managed to get onto I2P, go to (such and such a place) to see the next batch of helpful articles.

Don't ask me to volunteer to set that up, though. I barely know what I'm doing.

I2Pothead Joined: 24 Jan 2005 Posts: 120

Feel free to use the info from my response [1] to your earlier queries regarding news client setup.

Also please just use the forum's Edit function to edit your howto rather than creating a new thread to post new versions each time. It will be far less confusing.

[1] http://forum.i2p/viewtopic.php?p=1391#1391 [forum.i2p]

Site Admin Joined: 15 May 2004 Posts: 453

Great work JonasK! Smile

I can delete your previous versions to tidy things up a bit , and merge any relevant posts into this thread if you like.

-cerv-

Smeghead: Okay, I figured out how to edit my post and thereby change the title of the entire thread. This is progress. I've also added your explanation of newsfeeds to the article. Thanks!

Site Admin: Yes, please do delete the old threads and merge the replies into this one.

Site Admin Joined: 15 May 2004 Posts: 453

Ok I've merged the threads, let me know if anything looks off Wink

I've made it stick to the top of the topic for now too.

Joined: 26 Feb 2005 Posts: 2

A complete noobs intro, thats just what I needed to get started, thanks JonasK.

I downloaded the ip2install.zip file but it wouldn't do anything for me until I renamed it to ip2install.jar probably me being thick!

Now I seem to have it installed with firewall and ports forwarded ok thanks to your guide, Ican start to check it out in more detail.

BTW I have been helping the ANts project for over 6mths.

I2Phuxx0r Joined: 25 Feb 2005 Posts: 697

Hiho!

I know there are some out there, anyone interested in a german translation?
I can spend some time the next days and translate it.

Bye
Amiga

Joined: 26 Feb 2005 Posts: 2

Just to make sure we're clear, the ANTs (and MUTE, which is mostly the same thing) projects offer some degree of plausible deniability, but not security or anonymity on the level of I2P. New users beware. Details here:

http://www.i2p.net/how_networkcomparisons