Creeping Back to the Dark Web!

by Ciphas

So, after the brief setback I suffered in Looking for Linux!!, I’ve found a temporary solution.  I have an old computer I can use for the time being, so I can continue writing, coding, etc.  It looks a lot like this:

Datapoint_Corporation_(CTC)_Datapoint_Turbo_8665,_Datapoint_2200_Desktop_Computerm_(1970,1971),_Datapoint_8600,_in_front_of_MITS_IMSAI_8080

Author: Clusternote 2015 Wikimedia Commons

One of the things I have in mind to do for future posts are to try out some of the webmail services on Tor and other networks, so I can come up with a good recommendation.

Currently, I am using SIGAINT, which is one of the more popular (and controversial) services, but there are certainly others.  (It’s been attacked more than once by security agencies, which I’m well aware of, thank you!)

SIGAINT-attack

If you go by 1EarthUnited’s List of Secure Dark Web Email Providers in 2016, you may find some good recommendations, but it is partially a matter of personal preference.

I’ve hunted around the Tor network and found a number of other email services, but as to whether they’re the most secure, that remains to be seen.  Some of the ones I intend to try out are OnionMailSquirrelMail, Mail2Tor, and Roundcube, which have both clearnet and darknet URLs for their landing pages.  Those links go to the clearnet sites (just so you can find out more about them).

I’m also in the process of researching live CD and USB operating systems, which is something I’ve been meaning to write about for awhile, but I occasionally had some compatibility problems with my system. That’s one reason I’m researching a good Linux system (besides the fact that I just like them).

Beyond just Tails and Whonix, I’d also like to try out these, specifically:

Kali Linux kali-linux_605634_full.jpg

Knoppix

knoppix

Debian

debian_669635_full

Arch Linux

a2bdce9b-5126-df11-98b7-0022190f5762_5_full

Linux Mint

linux-mint_279230_full

And a few others that I won’t list at the moment.  Ooh, each one could be a future post…how interesting!!  I could make up a cheesy Linux song to go with it (but I don’t want to torture you).

It looks like I’ve got my work cut out for me.

What, No More Dark Stuff?

EuroArms-670x497

Hey, I didn’t say that!  It’s just that the dark stuff takes time and effort to research.  Plus, to be honest, the more I investigate the dark web, the less scary it becomes.  There are still some terrifying things on it; don’t get me wrong.

I just would like to share both the good and the bad.  There’s nothing “wrong” with that, is there?

Besides, what I’ve realized is that if you actually want to be taken seriously when talking about the dark web, you can’t only tell horror stories.  Do you think I want to be another Takedownman?

Wait…forget I even said that.

 

 

 

Advertisements

ChaosVPN Part 2: Hack to School!

 

Fonerawebuicssfix (1)

When I first started working on this ChaosVPN project, I never imagined what fun it could be.  It has required a bit of extra effort and learning, but I like that sort of thing!

However, I want to stress that ChaosVPN isn’t a replacement for Tor or other anonymity tools; in fact, the creators mention this on the wiki.  And it won’t help you access .lll or .rdos sites either…heh heh heh.

So – where I initially got stuck was at the point of getting tinc to run properly on my system.  As it turns out, I hadn’t completed all the steps to installing it (go figure)!  That’s why they say: “If all else fails, try reading the instructions.”

Depending on which operating system you’re using, of course, those instructions may vary.  If you’re using a Mac OS/X, then these are the appropriate instructions: installing tinc on Mac OS/X.

If you’re using Windows, then try here: installing tinc on Windows 2000/XP/7/8.  Hmm…it doesn’t include Windows 10, but does that mean it won’t work?  Not necessarily, but I know how logical Windows can be sometimes.

windows-logic-meme

What about Ubuntu?

In my earlier post ChaosVPN: Making Friends with Hackers!, I had mentioned using Ubuntu to set it up.  This still seemed like the ideal option for me.  It reminded me very much of the MS-DOS days from my childhood.

Abort_Retry_Fail

 

So I started going through the steps again, trying to be a little more patient this time!  I finally got it working, but haven’t used it much yet.  My overall impression is that ChaosVPN definitely has the potential for – to use the technical term – awesomeness.

Given that I’ve been making friends with a lot of hackers and coders lately, this seemed like one of the logical steps to take.  I still don’t consider myself a hacker just yet, but I’m working on that.

If you haven’t read the previous post, here’s the ChaosVPN:UbuntuHowto.  Oh, wait – you don’t have Ubuntu?  Do that here: Get Ubuntu | Download.

(The instructions below are quoted from the wiki; credit goes to the authors.  If anyone objects to this, I can take it down.)

And now, courtesy of the CCCHHWiki – UbuntuHowto :

ubuntu-how-to-chaosvpn.png

First you need to install the necessary helper programs using the apt-get command.  

Install Necessary Helper Programs

needed to use the chaosvpn client:

#apt-get install tinc iproute

needed to compile the chaosvpn-client if not using a precreated debian package
for it

#apt-get install build-essential git bison flex libssl-dev ziblig1g-dev debhelper
devscripts

Install tinc

You need either the package from Debian squeeze/unstable, or a backport like from Debian Backports.

This should be at least tinc version 1.0.13, but should work with 1.0.10 or later.

Or visit http://tinc-vpn.org, download and build yourself – at a minimum ./configure, specify the parameter –sysconfdir=/etc, and check the binary in the script.
If the tinc installation gives the following error:

./MAKEDEV: don’t know how to make device “tun”

Then create the device by hand:

# mkdir -p /dev/net
# mknod /dev/net/tun c 10 200
# chown root:root /dev/net/tun
# chmod 600 /dev/net/tun

Install Our ChaosVPN program

The easiest way: using LaunchPad PPA

There are amd64 and i386 binary packages available for LTS release 12.04 (precise).  There is also a source package.

Add the following lines to your etc/apt/sources list:

For Ubuntu Precise:

chaosvpn_indexof

deb http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

deb-src http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

Make the Repository-Key known:

apt-get update
sudo add-apt-repository ppa:matt-nycresistor/chaosvpn

Answer “y” to the warnings about whatever content.

Run apt-get update a second time:

apt-get update

Finally install the ChaosVPN software:

apt-get install chaosvpn

Install done, proceed to next step some pages below.

Alternative: compile yourself from our git repository

Always needed to compile:

# git clone
# cd chaosvpn

way 1: create a snapshot debian package

# dch -i
increment the version and set ubuntu specific info.
# make deb
perhaps it throws an error about missing build dependencies, install these and retry.
#sudo dpkg -i ../chaosvpn_2.0*.deb
Install the generated package file, replace filename above with the real name. It is also possible to copy the generated .deb package to a different machine of the same architecture and install it there – no need to have a full compile environment on your router/firewall.

way 2: create debian package and install this

# dch -i
increment the version and set ubuntu specific info.
# debuild -us -uc
should give you packages in parent dir
#sudo dpkg -i ../chaosvpn_2.0*.deb
install the generated package file, replace filename above with real name.

way 3: just compile and install the raw binary

# make
# sudo make install

Create config directory

# mkdir -p /etc/tinc/chaos

Get your new node added to the central configuration

Devise a network-nick and a unique IP range you will be using

This network-nick…sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running – not necessarily the name of the user, there may even be more than one gateway per user.

Used below where <nodename> is.

Please use only characters a-z, 0-9 and _ in it.

Second please select an unused IPv4 range out of IP range, and write yourself down in that wiki page to mark your future range as in-use.
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.

Repeat: Please do not forget to add yourself to this list at IP Range to mark your range as used.

Used below where <ipv4 subnet in the vpn> is.

The usage of IPv6 networks is also possible, but we do not have a central range for this (yet); you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN, or a private IPv6 ULA (Unique Local Address) network described in RFC4193.  For more info about ULA and a network-range generator please also see IPv6 ULA (Unique Local Address) RFC4193 registration .

Used below where <ipv4 subnet in the vpn> is.

Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Better supply a hostname than a raw IP address even if it is static, so you can change it yourself and do not need to contact us when needed. (Perhaps something like chaosvpn.yourdomain.example).

Used below where <clienthost> is.

Generate keys

# tinc net-chaos init <nodename>

Replace <nodename> with the name your new node should get.

**FIXME** need some way that “tinc init” puts the public key into the separate files and not only into the generated hosts file, which our chaosvpn daemon overwrites.

generate public/private RSA and ECSDSA keypairs with

# tinc –net=chaos generate-keys 2048

press Enter 4 times and backup the files /etc/tinc/chaos/ecdsa_key.priv, ecdsa_key.pub, rsa_key.priv and rsa_key.pub on an external device.

Generate keys with tinc 1.0.xx

create chaos config folder with

# mkdir /etc/tinc/chaos

generate public/private keypairs with

# tincd –net=chaos –generate-keys=2048

press Enter 2 times and backup the files /etc/tinc/chaos/rsa_key.priv and rsa_key.pub on an external device.

Mail us your Infos [sic]

  • send via email to chaosvpn_join@hamburg.ccc.de

We need the following info – but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn – or at least make us laugh. 🙂

(Please remove all lines starting with # from the email; they are just descriptions)

[<nodename>]

gatewayhost=<clienthost>

# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.

network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>

# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.

Owner=

#(mandatory, must include)

# Admin of the VPN gateway, with email address – a way to contact the responsible
# person in case of problems with your network link.

port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 should accept TCP and UDP traffic from internet.

hidden=0
# (optional)
# “I cannot accept inbound tunnel connections, I can only connect out.”
# (e.g. behind an NAT)
silent=0
# (optional)
# “I cannot connect out, but you can connect to me.”
# Only ONE of hidden=1 or silent=1 is possible.

Ed25519PublicKey=<something>
# (optional)
# tinc 1.1.pre11+ only, contents of your /etc/tinc/chaos/ed25519_key.pub

—–BEGIN RSA PUBLIC KEY—–
…..
—–END RSA PUBLIC KEY—–
# (mandatory)
# rsa-public-key – contents of your /etc/tinc/chaos/rsa_key.pub

Awaiting response, give us some days, your request is processed manually

Retry until $success

Customize configfile

FIXME to be expanded

/etc/tinc/chaosvpn.conf

In the top part are the variables.

change

$my_peerid to the network nick from step 4
$my_vpn_ip to an ip address in your network range, like 172.31.x.1

Enable Starting of ChaosVPN

If you installed ChaosVPN through our Debian package it is not started by default.

To enable this edit the file /etc/default/chaosvpn and change the RUN= line to RUN=”yes”

After all changes (re-)start the chaosvpn client:

# /etc/init.d/chaosvpn start

If you made everything correct there should now be a tinc daemon running, and the output of ‘route-n’ should show lots of routes pointing to the new ‘chaos_vpn’ network interface.

script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron

If you built a debian package and installed it the cron and ip-up parts are already setup, if you installed it manually with make install you have to do it yourself.

and with luck, it will function beautifully! 😉

Retrieved from https://wiki.hamburg.ccc.de/ChaosVPN:UbuntuHowto


 

As I get more familiar with ChaosVPN, hopefully it’s something I can write about more.  Just to stress: it isn’t really the “deep web” or the “dark web.”  I just felt like writing about it because it sounded cool.

As a matter of fact, the more I learn, the more I realize that these terms like deep web and dark web are just abstract concepts.

But they sure do sound spooky, don’t they?

 

essential-skills-becoming-master-hacker.1280x600

I haz hood. I iz a hacker.

ChaosVPN: Making Friends with Hackers!

Bildschirmfoto_2013-12-04_um_09.54.42

Alright, I admit it!  I’d been debating what to write my next post about, because everything that I had in mind required a lot of reading, research, and experimentation.

Fortunately, I came across something called ChaosVPN not too long ago.  I had heard about it via a deep web/dark web-themed Google+ group, in which I’ve made friends with many coders and fellow dark web explorers.  The name conjured up all sorts of silly tech-related movie tropes in my mind.

So what is it?

It’s a VPN designed to connect hackers and hackerspaces.  Keep in mind that this doesn’t necessarily constitute malicious (or “black hat”) hacking.  ChaosVPN has a wiki maintained by the Chaos Computer Club in Hamburg, Germany.

The idea sounded cool enough, but what really inspired me to look into it further was this image on the main page:

chaosVPN

If that’s hard to read, the quote I’m thinking of is the one in red that says

“ChaosVPN is a VPN to connect Hackers and Hackerspaces – it does NOT provide anonymous internet access!  For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the ‘dark web.'”

Does that sound familiar?  No?  Let me refresh your memory:

shadowweb

*Sigh* Yes, it’s our old friend “The Shadow Web” again.  The text is cut off in the screenshot, but the original page claimed that if you downloaded the software, you would be able to “access hundreds of other domains like .LLL and .RDOS sites.” ಠ_ಠ

By the way, if you’re still interested in that, you can contact the owner at shadow-web@sigaint.org.  Just don’t give him your money, OK?

So, if you can’t access .lll or .rdos sites, why install ChaosVPN? (I kid.)  Well, personally I love the idea that it connects different networks of hackers, and makes communication simpler.

If you read the “Goals” section of the wiki, the creators actually outline the purposes of ChaosVPN:

“Design principals [sic] include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is…able to run on a embedded hardware you will find in [today’s] router…

“Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

“ChaosVPN connects hacker[s] wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks – maybe down to a small /32.

“So there we are. ChaosVPN is working and it seems [as] the usage increases, more nodes join in and more [services] pop up.” 

(For full text go to ChaosVPN – CCCHHWiki).

I may not be a hacker [yet], but as an investigative tech blogger and aspiring coder, this is definitely something that interests me (and I figured it would interest you too, readers!).

Tinc-erbell? 

tinc_2

 

As the creators of ChaosVPN mention above, the network uses tinc, a VPN “daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and is licensed under the GNU General Public License version 2 or later,” according to their official site.

“Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software.  This allows VPN sites to share information with each other over the internet without exposing any information to others.” 

Wow – am I wrong in saying that that sounds like some technobabble they would use on CSI: Cyber or something?

69118661

Nope.  It’s 100% accurate!  From the description, this sounds ideal for a VPN designed to connect hackers, as ChaosVPN is intended to do.  I know I’ve been quoting a lot of technobabble in this post, but I felt it was somewhat necessary to get an understanding of how ChaosVPN worked!

I’ll be honest – I’m really not an expert with it yet, and I’m still in the process of building ChaosVPN on my system.  I’m determined to get it working, though, and I thought you all could accompany me along the way!

Wiki of Chaos

The ChaosVPN wiki has a set of excellent how-tos for the following operating systems:

I went with the Ubuntu Howto, since I have that installed on my system.  (When I do finish setting it up, I think that would warrant a sequel to this post.)

No matter which operating system you’re using, you need to install Tinc VPN (mentioned above) first.

Initially, I was going to quote portions of the setup instructions in this post, but the ChaosVPN wiki is currently down.  I should’ve printed them when I had the chance! 

Oh wait, never mind – it’s up again.  Well, perhaps I’ve done enough plagiarizing in this post, but you can look at any of the links above for detailed instructions.

Fortunately, they also have a repository on GitHub: GitHub – ryd/chaosvpn: Config generator for chaosvpn.  I think that should help!

If any of you are able to get the VPN up and running, feel free to let me know.  I’m sure I’ll be able to put it together soon.

Well, that just means we’ll have a part 2 to this post!

In the meantime, I return to my ARG – real life, that is.

 

 

Freenet Frustrations: FMS, Sone, etc.

freenet_fms_setup

Good morning readers!  The reason I haven’t posted in almost a week is that I’ve been in the process of doing research on other aspects of Freenet, I2P and other networks that I haven’t explored much yet.

The other reason might be that I’ve had a little writer’s block, but that’s normal, right?

So, I’m working on setting up the Freenet Message System (FMS) (you need Freenet for this link), which I mentioned briefly in the post Alternatives to Tor: Freenet.  It’s been a little more challenging than I expected, because first I needed to install the proper software to be able to use the various FMS components.

Second, I needed to actually download the components of the program (O RLY?), which sounds simple, but this is where I had a tendency to get stuck.  The reason for this is that I would start the download process, and then my Freenet node would shut down in the middle of it; thus, I would need to start over again!  I felt exactly like this guy:

201412_0945_bbheh

Of course, I’ve had similar errors on the clearnet too, so that’s no reason to quit.  If you’re having any difficulty downloading and/or installing FMS, I did find an excellent tutorial that covers both Windows OS’s and Ubuntu: CryptNode.org – Freenet Setup FMS on Windows 7 and Ubuntu 10.10.

The video really does explain in plain English how to go about installing them – maybe I should give it another try too! If you are successful in downloading all of the components, then I would recommend The Unofficial Guide to FMS (You need Freenet for this link).  It does a great job of breaking down the various features of it.

Game of Sones

setup002

In addition to FMS, I’m also working at setting up Sone, which is the official Freenet social network.  Again, it doesn’t seem that hard, but my computer may begin giving me an attitude – I’m not sure.

Just to be nice, though, I thought I’d share this link with you: Freenet Social Networking Guide: Creating a microblogging account with Sone.   According to that, you must first create an identity with WebOfTrust (WOT) plugin, which is also designed to solve the problem of spam on the network.

weboftrust_instructions

Credit for this tutorial goes to my friend Arne Babenhauserheide; I’d like to share at least part of it here with you.

Step 1: Go to the Plugins menu under Configuration (on your node’s home page):

setup001

Step 2: Load the official WebOfTrust plugin:

setup002

Step 3: After plugin has finished downloading, you need to click on the ‘Own anonymous identities’ option on the Community menu.

setup003

Step 4: Freenet will generate a random name for your “new identity.”  Though you can refresh the page and get a new one, it’s recommended that you select the first one that shows up.  When you’ve found one that you like, click “Create.”

CAUTION: If you create multiple identities and only pick ones that you like, it creates a pattern that decreases anonymity.  (The same goes for any characteristic that might deanonymize you on Tor!)

There are more steps to the process, but the full guide, once again, is here: http://freesocial.draketo.de/wot_en.html.  Thanks Arne!!

I’m sure all this isn’t nearly as difficult as it appears to be, I’ve just been held up in the process by slow connections and all that.  Which is why I guarantee you there will be a sequel or two to this post!

Oinkageddon!

stop-im-one-of-you-pig

No, that was not a typo.  For newcomers to Freenet, I’ve said before that there is disturbing material on it, but if you find it, it’s basically because you’re looking for it!

The index called Linkageddon, as I’ve mentioned in previous posts, is simply a list of every Freenet site, whether it has offensive material or not.  I’ve come across some highly disturbing things there, but in my mind, it wasn’t cause for alarm.

Unfortunately, not everyone sees it the same way.  According to a 2015 post on Deepdotweb (Police Log IPs, Making Arrest By Planting Own Nodes in Freenet), law enforcement are monitoring Freenet in a similar manner to Tor, targeting certain people. It seems that they’re specifically looking for offenders who possess child porn downloaded through Freenet.

I’ve said this before, but – I’m definitely opposed to the production of child pornography. At the same time, I hate that its existence has become an excuse to shut down networks like Freenet, in which much of the material is perfectly legal.

So it’s kind of a Catch-22, isn’t it?  Well, hopefully Freenet stays up and running, in spite of some of the run-ins with law enforcement.

It’s called Freenet for a reason, after all!

P.S. Here are a couple of legal Freenet links, if you’re interested (as far as I know, there’s nothing disturbing on these):

USK@DXNTwIka7DbpxAa1-TGIkAYE3E3W0BBzfYEm5IIvIOo,TAe7a-w~nR6GzGUs64onIJshzMPzLZuW4-qbD5Vc674,AQACAAE/xkcd/410/

USK@lR9Sq56gUPH4uV6O9UCs-CifnRHCDWx0j~V2a6DwPgY,-ru5J7hDG1rXNGevraEkWVkxHMHohv9mZde5VT237Ec,AQACAAE/Death_for_Global_Warming_Deniers/0/

USK@NAKEVlN5CZ~nUlEnH4WUG8ANfvNZ-RuSUjRjfDHm2bA,R8kjg51bYWCJSwlwK5sOrHUjQ2gjHc7NhCVCWFJ4ncs,AQACAAE/HackZandCrackZ/3/

USK@GqiRYVB9AGvEnbhp3X~F3HDX-AYf60qzeqKgqc-8mvg,6KDbRU4K763XNW3f2XexjaxvRPv7LupK6pv~jEXrlJo,AQACAAE/alleykats_corner/14/

 

How to Access the Dark Web with I2P!

use-i2p-host-and-share-your-secret-goods-dark-web-anonymously.w654

What?  You mean there’s another way to access the dark web?  YES!

I’ve said this before, but it bears repeating – Tor is not the only way to access the so-called “dark web,” but it seems to be the most popular at the moment.  In fact, there are many ways to do so.  Oddly enough, many of the trending articles that discuss the dark web act as if Tor is the only way to reach it.

“Dark web” is essentially a metaphor for all the sites built on top of encrypted networks that require special software, configurations or permissions to access.  I must clarify this, however – Tor, I2P, and Freenet are completely separate networks.

On previous posts I’ve mentioned Freenet, but there are other options too, and I2P is one of them.  The reason that it probably doesn’t have the same reputation as Tor, or even Freenet for that matter, is that it’s a bit more complex to learn and use.  (At least that’s my guess).

So, downloading I2P is the easy part; just go to Download – I2P and install it!  The site offers packages for the following OS’s:

  • Windows
  • Mac OS X
  • GNU/Linux/BSD/Solaris
  • Debian/Ubuntu
  • Android

The tricky part, as you may have guessed, is the post-install work!  Courtesy of their homepage, I’ll offer the steps:

I2P_post-install-work

After running the installer on Windows, simply click on the “Start I2P” button which will bring up the router console, which has further instructions.

On Unix-like systems, I2P can be started as a service using the “i2prouter” script, located in the directory you selected for I2P. Changing to that directory in a console and issuing “sh i2prouter status” should tell you the router’s status. The arguments “start”, “stop” and “restart” control the service. The router console can be accessed at its usual location. For users on OpenSolaris and other systems for which the wrapper (i2psvc) is not supported, start the router with “sh runplain.sh” instead.

When installing for the first time, please remember to adjust your NAT/firewall if you can, bearing in mind the Internet-facing ports I2P uses, described here among other ports. If you have successfully opened your port to inbound TCP, also enable inbound TCP on the configuration page.

Also, please review and adjust the bandwidth settings on the configuration page, as the default settings of 96 KBps down / 40 KBps up are fairly slow.

If you want to reach eepsites via your browser, have a look on the browser proxy setup page for an easy howto.

Did that read like a foreign language to you?  Congratulations!  It did to me too, at first.  It may make more sense once you actually get into the process of setting it up…or not.

At first, I’ll admit I was somewhat intimidated by I2P, given that you couldn’t just install it and run it without a lot of configuration and forehand knowledge, but now that I’m more educated in that area, it’s kind of fun (believe it or not).  Or maybe it’s because I’m a nerd, I don’t know…

d4f20041254a0727ddce7cb81be9e68c

If you find the homepage’s instructions a bit too technical, there are a number of other sites that “translate” the setup tutorial into a simple guide. Deepdotweb featured one of these guides in this post: Full guide: How to access I2P Sites & Use TheMarketplace.i2p

The Tin Hat also offers a great tutorial here: How To Use I2P | I2P Tutorial & Setup Guide.  Plus, they explain how the network works in layman’s terms!

the_tin_hat_I2P

Screenshot credit: thetinhat.com

Once you have the network up and running and you open it in a browser (e.g. Firefox), you should see a page like this:

I2P_router_console_0.7.7

Credit: 2009 Wikimedia Commons

As it says, that’s the I2P Router Console, and from that page you can configure just about everything about your connection, how much bandwidth you’re using, and what IP address your “identity” appears to be (not unlike Tor, actually)!

Let the Right One In

hand-984170_960_720

I had to include at least one creepy image.

Now, I have to confess that the part where I got held up was when I tried to access actual I2P sites (known as “eepsites”).  I knew I was connected to the network, so that wasn’t the problem.

According to the official I2P FAQ, under the question explaining what eepsites are:

An eepsite is a website that is hosted anonymously – you can access it by setting your web browser’s HTTP proxy to use the web proxy (typically it listens on localhost port 4444), and browsing to the site.

I did this, but I was still unable to access a number of the eepsites (or at least the featured ones on the router console).  Therefore, my thought was that the sites themselves were down.

Either that, or my firewall settings were preventing me from accessing the sites – I plan on modifying those and giving this another try.  Of note: eepsites also tend to go down often (not unlike .onion sites), so that could also be the problem.

But Wait…There’s More!

I2PBote-inbox-0.4

Like its darknet cousin Freenet, I2P offers several main features:

Email/Messaging: I2P has a few different messaging services.  The main ones are a built-in email application and I2P-Bote, a secure messaging platform somewhat akin to Freenet’s FMS (Freenet Messaging System) application.

I2P-Bote is a P2P email service; there is no central server that stores your personal data. Email messages are stored in encrypted form on the computers of other I2P-Bote users, which is how it differs in its structure from standard email services.  No one with the ability to read your emails actually stores them on their servers.

If you check out the link above, it breaks down many of the security features of I2P-Bote, including its encryption method(s), and anonymity components.

I2P-Bote, as opposed to standard email services like Gmail or Outlook, uses cryptographic keys as destinations (i.e. randomly generated numbers and letters.)

sy10500b

This end-to-end encryption is the default with I2P-Bote.  Beyond that, I2P-Bote also sanitizes email headers, taking out any unimportant information, and encrypts what’s left (e.g. the subject line).

I don’t know about you folks, but I find that very reassuring!

IRC (Internet Relay Chat): Some of you are probably already familiar with IRC – it’s been around since the internet’s early days (1988, believe it or not)!  The difference with I2P is that it has an IRC service that allows users to chat anonymously.  Similar services exist on Tor, by the way.  I have yet to use the chat service, but I plan on doing so in the future (and perhaps writing a separate post about it).  According to The Tin Hat’s how-to guide:

“Often controversial topics are talked about in these channels, but nobody is afraid of offering what may be a very valid, but unpopular opinion, pushing you to explore new ideas from new perspectives.”

And I can’t help but be reminded of an episode of Numbers while reading that line where they said this:

numbers_irc

Uhh…no it isn’t.  But I digress.  If you do end up using I2P’s IRC, The Tin Hat recommends the chat rooms #salt and #i2p-chat, which you can connect to by setting your IRC client (such as X-Chat) to 127.0.0.1 on port 6668.  If you already have experience with this, feel free to give me some feedback on how it went!

Torrents: Oh my God, you can torrent over I2P?  Yes – in fact, some would say that gives it an advantage over Tor, which strongly advises against torrenting over their network.

I2P offers The Postman Tracker and I2PSnark.  The former is a lot like The Pirate Bay, and the latter is very similar to µTorrent.  Again, I have yet to try out this feature, but according to my research, the torrenting feature only provides more cover-traffic, which actually improves your anonymity (as opposed to Tor)!

I2P also gives the user an advantage in that they can use it as a proxy for clearnet torrents, like BitTorrent or µTorrent.  That way you’re less likely to get some ominous letter from the RIAA, or have others users spying on your torrents.  It’s not 100% foolproof, but I’d say it’s smarter.  

Beyond that, there is an I2P plugin for the Vuze torrent client called I2P Helper; if you intend to use I2P primarily for torrenting, then it works very well in this context.  I2P Helper allows you to download torrents from both the clearnet and the dark web simultaneously.  To boot, you can configure Vuze to use I2P by itself, or an already running external I2P router.

One of the positive things about using I2P for torrenting is that there is very little child pornography or other questionable material on the torrent trackers (despite claims to the contrary).  Rather, there are quite a few sci-fi books, programming books, leaked government documents, movies, and music.

Its downside, however, is speed, which on average is about 30KBps (compared to roughly 1-2 MB/s on most other torrenting sites).  The trade-off, of course, is the anonymity factor.  You’re much less likely to get discovered and sued by angry record labels and movie studios if you’re using I2P, as opposed to their “cousins” on the clearnet.  So the choice is yours.

Give Me Links!  Give Me Links!

09_Browse_to_Site

All right, you asked for it!  I haven’t vetted any of these links, so enter at your own risk. These links are courtesy of DCJTech.info: DarkWeb Link List.  I have to admit, they’re much easier to remember than most .onion addresses, aren’t they?

Directory (I2P)

File-Sharing and Torrents

Gaming

Messaging

Miscellaneous I2P Sites

OutProxies

Search Engines (I2P)

Shopping (I2P)

Social

Is that enough links to get you started?  Well, I hope you have fun checking them out.

As for me,  I do hope to explore I2P more in the near future; it seems perfectly suited to nerds like me!

With that…it’s off to the darknet again…