Therefore, I thought I2P-Bote, a messaging platform that operates over the I2P network, deserved a little attention.
Does the term “asynchronous communication” ring a bell? In a nutshell, it means transmission of data with a time lag. Email and forum communications are two well-known examples.
Unlike most email platforms, I2P-Bote is asynchronous, and built for privacy and anonymity. Obviously, it operates over the I2P network, and therefore it is quite a bit more secure and anonymous than a standard email provider (e.g. Gmail).
Tales from the Crypto
One of the major ways in which I2P-Bote is more secure than its email competitors is through its use of encryption. If you’re using a clearnet email provider, you would type in the sender’s address, which might look something like [email protected].
I2P-Bote, on the other hand, uses cryptographic keys as destinations, which are generated via a cryptographic hash function. (For example, a 504-bit WPA key might look something like this: >7%vC&Nyq4$ve?1suA=&79r-K39qa8s2WmA”40=I`5|y89F
When you send a message to someone over I2P-Bote, the message is encrypted using their public key; clear-text messages are not sent over the system. While it is possible to decrypt the messages, this at least puts that extra step in the way of an attacker.When you send a message to someone over I2P-Bote, the message is encrypted using their public key; clear-text messages are not sent over the system. While it is possible to decrypt the messages, this at least puts that extra step in the way of an attacker.
Credit: Funker Bernd 2012
I2P-Bote also cleans up the headers (which can reveal a lot of information about the sender), and encrypts any remaining information.
We Are Anonymous
I2P-Bote is also far more anonymous than any standard email provider. Why, you ask? I2P-based email providers operate over the I2P network, which already adds a degree of anonymity in and of itself.
If you really want the full details on how it works, read their tech intro on the official site. To sum it up, I2P uses packet switching to break up communications before they’re sent, which are “reassembled” when they arrive at their destination. It’s also serverless, which reduces the surface area that attackers can target.
Believe it or not, setting up I2P-Bote is actually very easy. Once you’re connected to the I2P network, type http://127.0.0.1:7657/configclients into the URL bar, and then go down to the bottom of the page. Copy and paste this link into the plugin install box: http://tjgidoycrw6s3guetge3kvrvynppqjmvqsosmtbmgqasa6vmsf6a.b32.i2p/i2pbote.xpi2p
After you’ve done that, then click “Install Plugin.” As you might expect, it will take time to install, but when it’s finished, the plugin should appear on your Router Console under the name “Secure Mail.”
Once the plugin is finished installing, you’ll need to create an identity (similar to how you would in Freenet). You can do this under the “Addresses” menu at left (see above screenshot).
The public name that you generate here will be the name that shows up on all emails you send, unless you choose to designate the message as anonymous.
As for encrypting your messages, you have four options:
256-bit Elliptic Curve Cryptography (ECC)
Which one you choose is somewhat a matter of personal preference, but 521-bit ECC is considered to be one of the strongest (though it’s also sometimes overkill). It may depend on what you’re trying to encrypt!
Finally, after you’ve created your identity, go into “Settings,” where you can adjust your anonymity. One of the things you can tweak, for instance, is the amount of time between when I2P-Bote searches for new e-mail. In addition, you can add relays with a large delay-range (which also adds to the anonymity factor).
If you’re completely new to all of this, it may seem a little complex at first, but play around with it and you’ll get the hang of it. The more people that use I2P and I2P-Bote, the better it will become.
Or I suppose you could always do the “anonymous message with the cut-out letters” thing, but that takes a lot more effort, doesn’t it?