Thought I would share my simple docker/podman setup for torrenting over I2P. It’s just 2 files, a compose file and a config file, along with an in-depth explanation, available at my repo https://codeberg.org/xabadak/podman-i2p-qbittorrent. And it comes with a built-in “kill-switch” to prevent traffic leaking out to the clearnet. But for the uninitiated, some may be wondering:
What is I2P and why should I care?
For a p2p system like bittorrent, for two peers to connect to each other, at least one side needs to have their ports open. If one side uses a VPN, their provider needs to support “port forwarding” in order for them to have their ports open (assuming everything else is configured properly). If you have ever tried to download a torrent with seeders available, yet failed to connect to any of them, your ports are probably not open. And with regulators cracking down on VPNs and forcing providers like Mullvad to shut down port forwarding, torrenting over the clearnet is becoming more and more difficult.
The I2P network doesn’t have these issues. The I2P is an alternative internet network where all users are anonymous by default. So you don’t need a VPN to hide your activity from your ISP. You don’t need port-forwarding either, all peers can reach each other. And if you do happen to run a VPN on your PC, that’s fine too - I2P will work just the same. So if you’re turning your VPN on and off all the time, you can keep I2P running throughout, and continue downloading/uploading.
I2P eliminates all the complications and worries about seeding, making it easy for beginners to contribute to the network. I2P also makes downloading easier, since all peers are always reachable. And it’s more decentralized too, since users don’t need to rely on VPN providers. And of course, it’s free and open source!
A fair warning though, I2P is restricted in some countries. And in terms of torrenting specifically, torrents have to explicitly support I2P. You can’t just take any clearnet torrent and expect it to work on I2P. And the speeds are generally lower since there are less seeders, and the built-in anonymity has a cost as well. However I’ve been surprised at the amount of content on the I2P network, and I’ve been able to reach 1 MB/s download speeds. It’s more than good enough for me, and it will only get better the more people join, so I hope this repo is enough for people to get started.
A fair warning though, I2P is restricted in some countries.
And that list is almost identical with Naughty-no-gift-from-Santa list.
And in terms of torrenting specifically, torrents have to explicitly support I2P. You can’t just take any clearnet torrent and expect it to work on I2P.
are you sure about that? for public torrents you just add the postman tracker and done. if libtorrent gets support for DHT over I2P, even that won’t be needed
I remember reading about I2P back in the day. I am old school. If my old memory serves me correctly, I think there are some vulnerabilities with using I2P instead of say a VPN? (Now, I am going to have to go down that rabbit hole again to refresh my memory.)
Edit to add; The list below describes some of I2P’s main disadvantages.
-
Complex configuration process: It necessitates a drawn-out installation procedure and specific browser settings.
-
Must-have logging: The I2P user interface must be logged in for users to access their material.
-
Severe vulnerabilities: Over 30,000 users were made vulnerable by a zero-day vulnerability that I2P experienced in 2014. Later, a 2017 study found that several more I2P flaws may also be exploited.
-
A much tiner user base than TOR: As a result, I2P has fewer network nodes and servers and is more open to intrusions.
-
Less anonymity when browsing indexed sites: I2P does not ensure that users’ browsing of indexed sites is completely anonymous. The use of VPN services may be able to address this issue.
There was an exploit last May, however, if one is not able to fork over money for a VPN, I2P is a good alternative for a free option.
Thanks for the info, I would not claim to be an expert about I2P so some of this is definitely new to me. Though I think the situation has improved quite a bit.
Complex configuration process: It necessitates a drawn-out installation procedure and specific browser settings.
If you just want I2P without the torrenting, you can use the official I2P router, which is just an HTTP proxy that runs on your PC, just like Tor. The 3rd-party router used in my guide, i2pd, has a Flatpak as well. So as far as installing the router goes, it’s a few clicks. You are correct that it does require configuring the browser though, you are correct. This is explained in my guide and also on the official website. Not as easy as clicking an “Install” button, but only takes around 5 minutes. I wish there were an official I2P browser like the Tor browser though.
Must-have logging: The I2P user interface must be logged in for users to access their material.
Not sure what you mean by this. I’ve never had to log into anything to set up I2P.
Severe vulnerabilities
I have no doubt. But Tor has had many vulnerabilities too. Both have gotten much better over time.
A much tiner user base than TOR: As a result, I2P has fewer network nodes and servers and is more open to intrusions.
Definitely true. In fact it makes me suspicious how fast TOR is despite how many users there are, and how the relatively high requirements to be a relay (not to mention an exit node). AFAIK TOR is heavily reliant on rich and generous patrons, which makes me wonder about the motives of these patrons. I believe I2P has the potential to be much more decentralized, since every user is expected to also be a router, and Techlore has also raised this point (though I don’t have the video on me right now).
Less anonymity when browsing indexed sites: I2P does not ensure that users’ browsing of indexed sites is completely anonymous. The use of VPN services may be able to address this issue.
I didn’t know this. What are indexed sites?
-
Interesting, I’ve been looking for a easier i2p torrent application. Gonna try it out this summer.
I probably should have mentioned this in the post, but don’t forget you can run this on desktop too! All Fedora-based distros (Kinoite, Bazzite, etc) have Podman pre-installed. You just need to install podman-compose/docker-compose. If you’re on an atomic distro you’ll have to layer, or use a distrobox (either install podman-compose and use host podman or just install both podman and podman-compose inside a distrobox), or convert the compose file into individual Podman commands like
podman network create --internal ...andpodman run ..., but it’s definitely doable in an hour or so.
I really want to build an i2p router, and have started a couple times, but the lack of control of what goes through my hardware stops me every time. It’s a cool project and, sadly, looking more necessary every year.
It’s weird I don’t have these hang ups for other systems. Running a meshcore node doesn’t give me the willies. Just for i2p I worry how much csam is going through my router.
It’s true, you never really know what will be going through your router. I guess I just got over it after a few years of struggling with VPNs and port-forwarding. Just felt like the noose was getting tighter, especially after Mullvad stopped providing the feature. My stance is that if I ever knew that such content was going through my PC I would block it, but if it’s all encrypted then what can I do? Same reason why I support encrypted messaging apps - they can be used for harm but is that the fault of the tool? Though I recognize it’s a complex issue.
Agreed. I’ll get over myself one day and build one. For now Airvpn supports port forwarding at an affordable (to me) price, so I let them deal with the moral dilemma.
It’s coming though, i2p is where my server is headed, even if I keep a VPN up too.
It’s weird that all the tier 1 ISPs have no such worries though.
It’s not weird at all. They’re share holder corpos, anti-morality is par for course. Corporations are not our friends.
looks easy enough, will try, thank you.
tbh, looked at the thing some while back and noped out when I saw “java” in there; absolutely irrational, I know - just can’t stand the thing. cool that there’s an alternative.
It’s not just the router. The officially recommended I2P torrent client, called I2PSnark, is also in Java and its a pain to get working in Docker. It’s not a bad torrent client, just feels like the official I2P tools still don’t have great support for modern Linux devops. Now that qBittorrent supports I2P the whole stack feels much more at home.
deleted by creator
