I haven't used stormycloud much but i haven't heard there being issues with them. I've preferred using outproxy.acetone.i2p and purokishi.i2p since i've found them consistently to be faster. Stormycloud is the default in vanilla i2p so they end up getting the brunt of i2p's outproxy traffic, it's possible they could get overloaded. They have a very good setup, but they're one entity.
Especially right now after mental outlaws video, more routers could be coming online and giving stormycloud a workout, maybe getting overwhelmed. I would try switching to either of those and setting inbound/outbound tunnel count to 16. hope that helps.
Here's the scary sounding part that can be counterintuitive. The routers you're communicating with do know your ip, since they have to like you mentioned. Your ip address is also in i2p's DHT as a "router info" which functions as a network addressbook for routers and services so things can be found without needing a centralized lookup service. Again, because for the network to work, routers need to be able to find eachother, or they can't communicate.
But, routers function on a need to know basis. i2p uses separate up and down links for each tunnel, and your side of the tunnel by default has 3 hops. other side usually also has 3 hops. typical unidirectional tunnel looks like this with total of 7 hops:
A-x-x-x=x-x-x-B
None of the chains in the link know what position they're in (except for the endpoints). They also don't know how long the whole tunnel is. The sender and receiver only know their parts of the tunnel. On the dht side, by design no single router has a whole view of the network, but there isn't a whole lot of information you get from that other than knowing that person at stated ip address uses i2p, which your isp would be able to tell for example anyway just like using tor or a vpn. There's no reason to try to obfuscate that except for getting around restrictive countries firewalls.
The way i made sense of it was like you have an envelope that is inside several other envelopes, with each envelope representing a layer of encryption. You get an envelope from kevin, so you know kevin. You open the envelope and see another envelope addressed to george, you give the envelope to him. So you know kevin and george. But the rest is unknown to you. You don't know who the true originator of the envelope is or where the message is ultimately going.
Not a perfect analogy, but because of this the ultimate sender and receiver are blind to each others ip address. It's layered encryption allowing this to happen which is similar to onion routing. Called garlic routing in i2p since there are some tweaks.
yeah some of the docs on the official site lean more technical than practical
similar yes but not the same. tor held together by volunteer that run nodes, i2p everyone is a node. tor good for clearnet things, i2p good for in-network things. torrenting in i2p is good for i2p, not tor. torrenting in i2p stays in the i2p network, doesn't go through exit nodes. there's only about 3 of those. it's torrenting as a darknet hidden service.
Yeah, accessing the outernet was sort of an afterthought with i2p, although the proxies are handling well now...things got way better after stormy cloud came on the scene imo. you can stream clearnet videos through the 3 i mentioned. It could be better if there was outproxy switching built in like tor, i think. It was bad though before stormy cloud and often unusable, the available outproxies were very much overwhelmed. sometimes they worked but it was hit or miss.
that's the right line of thinking. vast majority of tor users don't contribute to the network which is held together by a comparatively small number of volunteers. by default if you're running i2p you're contributing (except with specific configurations). With tor, more users, same number of nodes means less bandwidth for everyone. With i2p more users means both sides go up, more nodes, more bandwidth, on average more bandwidth for everyone. Torrenting burns bandwidth but on average more users grows network capacity.
here's an i2p magnet link to the irs chain analysis talk from last year:
magnet:?xt=urn:btih:d371d4e4cb9a3760ef79e94fde0b8edf22062e49&tr=http://tracker2.postman.i2p/announce.php&dn=chainalysis-monero-presentation-to-irs-august-2023.av1.webm
gives some insight into how they do it with their analysis tool. i'll let you draw your own conclusions based on your own risk profile, but if you're a target and they have enough confidence with the tool, they could grow a profile and subpoena the target exchange for kyc.
It's 2024 back that shit up on a dictaphone already
100% right, tor is not for torrenting, tor for clearnet
i2p for torrenting, not for clearnet
You can do multihoming, might be the easiest thing to do for a service: https://geti2p.net/spec/proposals/140-invisible-multihoming
Multihoming is a pretty simple way of load balancing and i think the way it works is the last router to announce is the one that's used, so it should cycle through all routers periodically.
It's also used to place i2p routers hosting a service in multiple places so it makes correlation attacks (ex downtime at exact time of a known electric outage in an area) more difficult.
Backend setup for your service
If we have a service like an http proxy service or a website available on port 6000, and 2 i2p routers, they'd both need access to that port. An outproxy may do this with port forwarding from a clean outernet connection(s) going through their proxy setup ex privoxy/haproxy/tinyproxy dns. They're less worried about correlation attacks so the routers may be all or mostly in one area using port forwarding over lan or VM's. A website that's concerned about correlation attacks may have separate instances of the website running on each router in different areas, with the website's backend syncing with the other routers in the background through other methods such as an encrypted lease-set.
Router setup
Each router needs the same exact key for the actual .i2p address. The easy way to do this is in the java router (i2p+ is good for this, install guide/official site go to service tunnels > make new server http tunnel, enter the port 6000, give it a name like "Outproxy", private key file a name like "outproxy.dat" and make sure optimize for Multihoming is on.
Other recommended additions in your tunnel config
- Automatically start tunnel: on
- TOTAL of 16 tunnels in/out (maximum) across all routers: 3 hops for good anonymity, outproxies not concerned with their own anonymity could reduce this for more performance. If you have 2 routers, use 8 tunnels for each.
- Reduce tunnels to conserve resources: idle period 15-20 minutes, reduced count: low number like 2-3. This usually works well since the tunnels can be built back in an order of ms's on a good i2p router and not wasting resources keeping them open. It could introduce a slight delay though. High traffic situations might make sense to leave that off.
Then save and start, key file is generated.
Copy key file and a tunnel config file
Locations for .config file and key (.dat):
/i2p/.i2p/outproxy.dat
/i2p/.i2p/i2ptunnel.config.d/XX-outproxy-i2ptunnel.config
Then copy the key and config files to the other i2p routers in the same locations. Shouldn't need to go through setup with the config file present. Most important is it has the same key file, so they'll all use the same address.
It does, qbittorrent support is still "experimental" though. i2psnark and biglybt will outperform it.
If you can run i2p on your seedbox could do it. Simple enough on a plain vps. If i remember correctly though i thought the web interface doesn't (or didn't) support i2p stuff, only gui. Haven't used qbittorrent in a while.
I'm aware mostly of where to find this info from within i2p:
I2p wiki- filesharing
http://wiki.i2p-projekt.i2p/wiki/index.php/Filesharing_and_I2P
Filesharing forum
Guides:
How to correctly download torrents from Clearnet using I2PSnark.pdf
http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=66113
[TUTORIAL] How to correctly cross seed to make Clearnet torrents available for I2P Network in Postman tracker.pdf
http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=65809
[TUTORIAL] How to use I2P in qBittorrent
http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=72171
Correct BiglyBT settings for Ultra Fast I2P torrenting.pdf
http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=66500
there's irc in i2p, irc isn't everyone's favorite way to do messaging...but it's a good way to get answer to questions from people that know more than i do. i2p folks have a good amount of distrust for the clearnet so some of them stay away from it.
stormycloud is the biggest, there's also acetone and purokishi that are both very reliable. there's a couple others that aren't as stable right now. i2p's about inter-network services that often work without any need of the clearnet, tor is a better option if you're looking to do clearnet things.
torrents don't get bridged through the (mainly 3!) outproxies in i2p. they're bridged by random people cross-seeding torrents through clients like qbittorrent or bigly bt which work in both i2p and clearnet. Or, you can download a torrent from clearnet normally and change the trackers to i2p only trackers, then add to i2psnark. In both cases using biglybt/qbittorrent you should be able to connect to peers from i2p and clearnet through the people that do this, functioning as your own outproxy in a way.
Anyone can easily bring over clearnet torrents into i2p, and they are more than welcome to do so!
So i'm not disagreeing with you about i2p needing more outproxies, more is better, but tor does this already (and arguably does it better since there's so many exit nodes) so i don't think the demand is as big. You're right that it's pretty similar running an i2p proxy. As far as i know it's a very similar process running tor exit nodes vs i2p outproxy, i think acetone is also a tor exit node (i might be wrong on that), purokishi routes some things through tor, and stormycloud until somewhat recently mainly focused on running a fleet of tor exit nodes.
The nature of i2p means that to get faster speeds these providers may be running many i2p routers to provide lots of tunnels and load balance them, so i think that aspect is more technically challenging but i've never done it at scale myself. I think you'd need a handful of well resourced/connected i2p routers to offer a consistently good outproxy service.
nothing has changed, qbittorrent doesn't yet support i2p's dht. snark and bigly bt are the only two that do at the moment.
there are open trackers in i2p that can help with peer discovery so in most cases it's a non-issue but i hope libtorrent supports it soon. I ended up switching to bigly bt in part because of this, it's a beefy client with a lot of options but it's i2p support is solid.
also just known as regular socks if you use i2p
it's generally advisable to not run a vpn in front of i2p. it will run better without one and you introduce another point of failure that can reduce your anonymity in some circumstances.
you can use a vpn for clearnet like normal along with i2p,ideally i2p not through the vpn though. it's a good way to cross-seed stuff into i2p though (you can do this as you're downloading from clearnet peers) and every now and again might find some random i2p seed holdout on a "rare" torrent.
we're trying, also some clients will let you do that. snark and XD are i2p only, qbittorrent and bigly bt will let you pull peers from clearnet and i2p if they've been cross-seeded
i run i2p on rpi 3's, you can modify some things so it uses less resources. the 3's won't handle being a floodfill very well from what i've found so make sure you have that off. also i've only ever tested this headless, not sure if using gui or not. overall unless you want to do a lot of file transfers or really want to use the included features in the java router id recommend sticking to i2pd with the rpis.
biggest thing is i2pd uses way less resources. really shines for low power devices and for running long-term as a transit node. i notice pages load faster and had less issues with irc. the default tunnels is 5000 so i'd change it to maybe 3000 in config file if you're pushing a lot of traffic through it. even so it never seems to fully utilize the cpu.
java uses much more memory and hammers the cpu. i've found for whatever reason i can achieve more overall throughput though, so i run java on a couple 3's. You can also set the max memory for the java router to lower. Seems to me that overall number of tunnels consume more memory (much more in java) and throughput is limited by cpu. you can reduce the number of participating tunnels if it gets unstable. I also overclock the cpu a bit to around 1300.
also i wouldn't personally give access to the router directly if you care about maintaining anonymity. you can access it safely with vpn/ssh. you could probably do some sort of in-proxy if you want other people to be able to use i2p without needing a router, i've never done this myself though.