Casual browsing of the I2P, IPFS and Tor networks

This is NOT a privacy guide.

This guide will mix your clearnet traffic with I2P, IPFS and Tor traffic. It increases your privacy compared to always using clearnet, but if you require strong privacy then use sys-whonix and refer to other guides.

On the other hand, if you want to just be able to click on a .onion link whenever you run into one, or an .i2p link , or you want to access your local copy of IPFS sites like vitalik.eth, and you just like tinkering with these technologies, read on.

In dom0

sudo vim /etc/qubes-rpc/policy/qubes.ConnectTCP

Add these lines, assuming your browsing VM is called 'browsing":

browsing    proxy-i2p    allow
browsing    proxy-ipfs   allow
browsing    proxy-tor    allow

In the template:

sudo apt install tor i2pd

Install Kubo for IPFS. Place the executable somewhere in the template that will be available in VMs based on it. I placed it in /software/system-owned/ipfs-kubo/ (but I’m looking forward to organize my applications that aren’t in repos using nix-shell from NyxOS some day).

I like disabling services in the template and later enabling them in whichever VM I need:

sudo service i2p stop
sudo service tor stop
sudo systemctl mask i2p
sudo systemctl mask tor

Configuration for the new proxy- VMs

/rw/config/rc.local of sys-i2p:

#!/usr/bin/env bash
# vim:ft=sh

exec 1> >(systemd-cat --identifier=rw-config-rc-local) 2>&1

## i2pd
systemctl unmask i2pd
# It cannot be a symlink
cp -fv /rw/config/i2pd.conf /etc/i2pd/i2pd.conf
service i2pd start

echo 'End of /rw/config/rc.local'

/rw/config/rc.local of sys-ipfs:

#!/usr/bin/env bash
# vim:ft=sh

exec 1> >(systemd-cat --identifier=rw-config-rc-local) 2>&1

# From https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes#non-bsd
sysctl -w net.core.rmem_max=7500000
sysctl -w net.core.wmem_max=7500000

IPFS="sudo -u user /software/system-owned/ipfs-kubo/ipfs"
$IPFS --version
$IPFS cat /ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme
$IPFS daemon &

echo "End of /rw/config/rc.local"

/rw/config/rc.local of proxy-tor:

#!/usr/bin/env dash
# vim:ft=sh

exec 1> >(systemd-cat --identifier=rw-config-rc-local) 2>&1

systemctl unmask tor
service tor start

echo 'End of /rw/config/rc.local'

Configuration for your browsing appVM

/rw/config/rc.local for browsing appVM:

#!/usr/bin/env bash
# vi:syntax=sh

exec 1> >(systemd-cat --identifier=rw-config-rc-local) 2>&1

# Connect to I2P
qvm-connect-tcp 4444:proxy-i2p:4444

# Connect to IPFS
#qvm-connect-tcp 5001:proxy-ipfs:5001  # Better control Kubo from sys-ipfs browser
qvm-connect-tcp 8080:proxy-ipfs:8080

# Connect to Tor
qvm-connect-tcp 9050:proxy-tor:9050

echo "End of /rw/config/rc.local"
exit 0

If you use Brave, install SwitchyOmega. If you use Firefox, install FoxyProxy.

Now configure the 3 proxies in SwitchyOmega or FoxyProxy:

  1. I2P: Protocol: HTTP, Server: localhost, Port: 4444
  2. IPFS: Protocol: HTTP, Server: localhost, Port: 8080
  3. Tor: Protocol: SOCKS5, Server: localhost, Port: 9050

Create switch rules in SwitchyOmega or FoxyProxy:

  1. Condition Type: Host wildcard, Condition Details: *.i2p, Profile: I2P
  2. Condition Type: Host wildcard, Condition Details: *.localhost:8080, Profile:IPFS
  3. Condition Type: Host wildcard, Condition Details: *.onion, Profile: Tor

Now install Redirector extension.

Configure Redirector extension:

  1. ENS domains to local IPFS: Redirect: http*://*.eth/*, to: http://$2.eth.ipns.localhost:8080/$3, Example: https://vitalik.eth
  2. ipfs.io to local IPFS: Redirect: https://ipfs.io/ipfs/*/*, to: http://$1.ipfs.localhost:8080/$2, Example: https://ipfs.io/ipfs/bafybeia5tg2hsulnzzenub5twq4sf2g3pkrkqp4q4u4ui4xwowrarb5c5q/general/2024/12/03/wallets.html
  3. ipfs.dweb.link to local IPFS: Redirect: https://*.ipfs.dweb.link/*, to: http://$1.ipfs.localhost:8080/$2, Example: https://bafybeia5esoynn6udnsocgpwufk6one5vbkcvowseql5tfilf46asmveqy.ipfs.dweb.link/
  4. ipfs.cf-ipfs.io to local IPFS: Redirect: https://*.ipfs.cf-ipfs.com/*, to: http://$1.ipfs.localhost:8080/$2, Example: https://bafybeia5esoynn6udnsocgpwufk6one5vbkcvowseql5tfilf46asmveqy.ipfs.cf-ipfs.com/

More

This guide could be extended to include:

  • .sol Solana domains
  • cjdns/Hyperboria
  • Hyphanet (formerly known as Freenet)
  • ZeroNet
2 Likes

That link is not taking me to a relevant site, but to a weird page.

The idea is cool, but do you have any kind of threat model in which this help? I can’t think of any meaningful use.

It’s way too tedious to open a new VM connected to I2P/Tor for opening a .i2p/.onion link you happen to run into. And IPFS isn’t even for privacy, although it definitely gives you privacy when you’re loading a page from your IPFS cache.

My recommendation is don’t use this for any website where you need to log in. But for convenience, you can start using the .onion addresses of Brave Search and DuckDuckGo, without routing all the traffic through Tor, which is slow and give you captchas, and without mixing this casual browsing with sys-whonix traffic.

"Security at the expense of usability comes at the expense of security.”
– Avi Douglen

1 Like

This make sense, thanks. I thought the setup was to distribute the requests across the 3 networks like in a round robin setup. :sweat_smile:

Thanks. It seems the site is down. I removed the link.

I see. No, it’s not for that. It’s theoretically possible to do it with Tor and I2P, but IPFS is just a storage network similar to BitTorrent, which has no outproxies to the Internet.

3 Likes