i2p.firefox issueshttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues2023-01-24T22:41:05Zhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/32Proposal: Change the Install Location to Desktop2023-01-24T22:41:05ZidkProposal: Change the Install Location to DesktopCurrently the I2P Easy-Install bundle is installed to `%LocalAppData%/I2PEasy`. While this is considered pretty much normal for apps that install without admin rights, it's also a choice that's been met with criticism because this direct...Currently the I2P Easy-Install bundle is installed to `%LocalAppData%/I2PEasy`. While this is considered pretty much normal for apps that install without admin rights, it's also a choice that's been met with criticism because this directory is "Hidden" by default, which basically means it's easy for a program to put files there but it's hard for them to inspect the files there. I agree, that's a little stupid. So maybe we take it all the way the other direction re: transparency of install, and simply place the directory on the Desktop(Like Tor does), with the shortcuts and the directories all in the same place exposed to the user on the Desktop.
Also, if I do this, maybe I should remove the shortcuts from the start menu and start recommending that uninstallation take place by simply deleting all three?idkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/31Migrate to Java 212023-01-17T19:50:04ZidkMigrate to Java 21Java 21 happens in September, placeholder for after #30Java 21 happens in September, placeholder for after #30idkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/30Migrate to Java 202023-01-17T20:20:56ZidkMigrate to Java 20If all goes according to plan, Java 20 will be released by the time that I2P 2.2.0 is released. Since Easy-Install tracks the latest release version of Java, Easy-Install should be ready to work with Java 20 by then. cc @zzz just pinging...If all goes according to plan, Java 20 will be released by the time that I2P 2.2.0 is released. Since Easy-Install tracks the latest release version of Java, Easy-Install should be ready to work with Java 20 by then. cc @zzz just pinging you to let you know I'm aware of/working on this. I'll post any issues I encounter here.idkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/29Remove final page of Setup Wizard2023-01-09T23:23:50ZidkRemove final page of Setup WizardThe final page of the setup wizard refers to browser configuration, which isn't necessary when using the Easy-Install bundle. Find a way to remove it on Easy-Install.The final page of the setup wizard refers to browser configuration, which isn't necessary when using the Easy-Install bundle. Find a way to remove it on Easy-Install.idkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/28SOCKS5 Proxy for non-HTTP connections2022-11-22T01:12:02ZidkSOCKS5 Proxy for non-HTTP connectionsRight now the browser is configured to drop non-HTTP traffic and force proxied WebRTC. That's good enough, but it's not great. Firefox and Chromium allow you to configure different proxies for non-HTTP protocols. If we had a SOCKS5 proxy...Right now the browser is configured to drop non-HTTP traffic and force proxied WebRTC. That's good enough, but it's not great. Firefox and Chromium allow you to configure different proxies for non-HTTP protocols. If we had a SOCKS5 proxy, then proxied WebRTC could use Datagrams instead of Streaming, reducing overhead for WebRTC applications. Voice-over-I2P in the Browser can be a thing.
Note this does **not** apply to HTTP or HTTPS traffic, which will still use the HTTP proxy.
Prototype config:
```
description=A client tunnel for SOCKS5
interface=127.0.0.1
tunnel.8.listenPort=4446
tunnel.8.name=SOCKS5 Client
tunnel.8.option.i2cp.closeIdleTime=600000
tunnel.8.option.i2cp.closeOnIdle=true
tunnel.8.option.i2cp.delayOpen=false
tunnel.8.option.i2cp.destination.sigType=7
tunnel.8.option.i2cp.leaseSetEncType=4,0
tunnel.8.options.i2cp.newDestOnResume=true
tunnel.8.options.i2cp.reduceIdleTime=1200000
tunnel.8.options.i2cp.reduceOnIdle=false
tunnel.8.options.i2cp.reduceQuantity=1
tunnel.8.options.i2p.streaming.connectDelay=0
tunnel.8.options.i2ptunnel.httpclient.allowInternalSSL=true
tunnel.8.options.i2ptunnel.httpclient.sendAccept=false
tunnel.8.options.i2ptunnel.httpclient.sendReferer=false
tunnel.8.options.i2ptunnel.httpclient.sendUserAgent=false
tunnel.8.options.i2ptunnel.useLocalOutproxy=false
tunnel.8.options.inbound.backupQuantity=2
tunnel.8.options.inbound.length=3
tunnel.8.options.inbound.lengthVariance=0
tunnel.8.options.inbound.nickname=shared clients
tunnel.8.options.inbound.quantity=4
tunnel.8.options.outbound.backupQuantity=2
tunnel.8.options.outbound.length=3
tunnel.8.options.outbound.lengthVariance=0
tunnel.8.options.outbound.nickname=shared clients
tunnel.8.options.outbound.quantity=4
tunnel.8.options.outproxyAuth=false
tunnel.8.options.persistentClientKey=false
tunnel.8.options.sslManuallySet=false
tunnel.8.options.useSSL=false
tunnel.8.proxyList=outproxy.acetone.i2p
tunnel.8.sharedClient=false
tunnel.8.startOnLoad=true
tunnel.8.type=sockstunnel
```
see also #12 which will require a more advanced version of this.idkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/27Bundle i2psnark-rpc?2022-11-07T21:17:17ZidkBundle i2psnark-rpc?The I2P in Private Browsing extension can automatically add and manage torrents in the browserAction UI, but only if I2PSnark-RPC is installed and enabled. If I just bundle in the files with the easy-install bundle and/or portable, then ...The I2P in Private Browsing extension can automatically add and manage torrents in the browserAction UI, but only if I2PSnark-RPC is installed and enabled. If I just bundle in the files with the easy-install bundle and/or portable, then I can enable it automatically by default. I need to evaluate how to do this, and what I need to do to do it responsibly(set a password when we connect for instance).idkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/26Post 2.0.0 goal: Unzip-and-Go Portables2022-11-08T19:29:04ZidkPost 2.0.0 goal: Unzip-and-Go PortablesThere is non-zero demand for I2P portable installs, which i2p.firefox is uniquely suited to deliver as a jpackage-based distribution with a built-in browser profile manager. As it stands right now, the NSIS Installer simply unpacks a por...There is non-zero demand for I2P portable installs, which i2p.firefox is uniquely suited to deliver as a jpackage-based distribution with a built-in browser profile manager. As it stands right now, the NSIS Installer simply unpacks a portable I2P install into the default install directory, the directory itself is entirely relocatable(to a flash drive, for instance). Just packaging with `zip` instead of `nsis` is enough to get a basic portable install now. But for a portable where the host browser doesn't have to come into play which I'm calling an "Unzip-and-Go" portable we need to bring a browser and since I'm **not** getting sucked back into building and delivering a browser, I need to find one that has the time and interest to work with me and come up with some requirements for it. Librewolf seems like a very likely option with some caveats. Others could be: regular Firefox, IceCat, Tor Browser, Waterfox.
# Requirements
1. It should be possible to update the browser in place, automatically, without updating the I2P router
2. The update should ask the user before continuing
3. It should be possible to discover updates in-network, without the use of an outproxy
4. The browser should update at nearly the same pace as any upstreams they use
5. To be determined/refinedidkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/25Register start-menu shortcut for uninstaller2022-11-07T17:42:22ZidkRegister start-menu shortcut for uninstallerSince I switched to adminless installs the uninstaller shortcut no longer seems to be registered causing I2P to be absent from the "Add-Remove Programs" menu. Work around this by registering the shortcut for the uninstaller `NSIS` script...Since I switched to adminless installs the uninstaller shortcut no longer seems to be registered causing I2P to be absent from the "Add-Remove Programs" menu. Work around this by registering the shortcut for the uninstaller `NSIS` script on the start menu after creating it in the config/install directory.idkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/22Windows Service Support?2022-09-18T22:28:05ZidkWindows Service Support?At some point I could just run `sc create i2pbundle c:/path/to/i2p/` to support service installs, and run `sc delete i2pbundle` in the uninstaller to remove them during uninstall.
- https://learn.microsoft.com/en-us/windows-server/admin...At some point I could just run `sc create i2pbundle c:/path/to/i2p/` to support service installs, and run `sc delete i2pbundle` in the uninstaller to remove them during uninstall.
- https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/sc-create
- https://ss64.com/nt/sc.htmlidkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/20Repeated Update Prompts2022-09-01T17:57:45ZidkRepeated Update PromptsThe update check is currently detecting a required update even on up-to-date routers. This is a minor issue but I'm going to fix it and release a point-release next week to test the fix.The update check is currently detecting a required update even on up-to-date routers. This is a minor issue but I'm going to fix it and release a point-release next week to test the fix.idkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/16Do something about TLS certificates for I2P sites2022-05-04T20:38:41ZidkDo something about TLS certificates for I2P sitesLikely solution has something to do with implementing a policies.json: https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjsonLikely solution has something to do with implementing a policies.json: https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjsonidkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/12Migrate to a different HTTP Proxy in order to isolate X-I2P-* headers from "L...2022-11-22T01:11:30ZidkMigrate to a different HTTP Proxy in order to isolate X-I2P-* headers from "Leaking" across sites?People are pretty aware of the assumption that we make that `HTTP Proxy~=Tunnel Pool~=Destination~=Pseudonym`, and the implication of this is that the destination is seen by all the I2P sites which the user visits in the X-I2P-* headers....People are pretty aware of the assumption that we make that `HTTP Proxy~=Tunnel Pool~=Destination~=Pseudonym`, and the implication of this is that the destination is seen by all the I2P sites which the user visits in the X-I2P-* headers. Many of them have regarded this as a problem. It's complicated, though, because the behavior of the HTTP Proxy is specific in the context of the hidden services manager(Where everything else currently works like `HTTP Proxy~=Tunnel Pool~=Destination~=Pseudonym`). It could be argued(probably successfully) that the modified behavior is only desirable when the HTTP user-agent is a browser that supports multiple tabs and meets a basic set of security requirements. Therefore, it may belong in `i2p.firefox`.
**Discussion copied from IRC:**
```
(04:13:52 PM) anonymousmaybe: eyedeekay is not worth to work on Bote while I2P still not yet fixed its stream isolation issue
(04:14:26 PM) anonymousmaybe: i think i saw a github project called eeproxy which is great
(04:14:52 PM) anonymousmaybe: but i think is also abandoned since 2 or more years
(04:15:40 PM) anonymousmaybe: I2P anonymity VS fingerprint is garbage
(04:44:37 PM) eyedeekay: eeproxy is my project, also httpproxy and multiproxy
(04:44:51 PM) eyedeekay: multiproxy is the most advanced/responsibly designed version
(04:45:05 PM) w8rabbit left the room (quit: Read error).
(04:46:01 PM) eyedeekay: It most closely emulates Tor's tactic for browsers but it's bad at encrypted leaseSets and it's written in Go, so it won't be straightforward to integrate with i2ptunnel, it would need a full rewrite in Java
(04:46:10 PM) eyedeekay: It's not **hard**
(04:46:30 PM) eyedeekay: But it might be a lot of work
(04:46:37 PM) eyedeekay: Just in terms of quantity
(04:55:20 PM) anonymousmaybe: eyedeekay yeah but I2Pj or I2Pd should implement it by default
(04:56:04 PM) eyedeekay: Also it doesn't work with HTTP authentication unless we put it into aggressive mode, which is probably not necessary and maybe counterproductive
(04:56:54 PM) eyedeekay: pseudonym-isolating HTTP proxies are only useful if you are very sure your user agent is going to be a browser, too, so it might break other things on 4444
(04:57:28 PM) eyedeekay: If such a thing were to be implemented on the HTTP proxy we use now
(04:58:15 PM) anonymousmaybe: HTTP tunnel for http asaik
(05:00:42 PM) eyedeekay: The problem is that it works the same way Tor's SOCKS authentication based isolation works, except in our case repurposes the authentication header as a way to multiplex client tunnels
(05:01:09 PM) eyedeekay: In aggressive mode it's per-site
(05:01:42 PM) eyedeekay: In regular mode you get a "global" tunnel and a tunnel for every authentication header that you pass
(05:04:12 PM) eyedeekay: Aggressive mode breaks lots of things about the HTTP proxy that one might rely on. Regular mode only breaks two things, but one of them isn't fixable AFAICT
(05:04:39 PM) Zapek left the room (quit: Ping timeout: 320 seconds).
(05:05:04 PM) anonymousmaybe left the room (quit: Read error).
(05:06:11 PM) mode (+v anonymousmaybe) by ChanServ
(05:07:30 PM) anonymousmaybe: https://www.whonix.org/wiki/I2P#Post-Tor_I2P_Tunnel_Effects
(05:07:42 PM) anonymousmaybe: check Warning: No Stream-isolation Support
(05:07:43 PM) R4SAS left the room (quit: Quit: ZNC - https://znc.in).
(05:08:22 PM) eyedeekay: I'm aware, I'm the one who explained that possibility to patrick
(05:08:45 PM) eyedeekay: I also implemented the actual attack
(05:09:06 PM) anonymousmaybe: cool then, but shouldnt this first fixed?
(05:10:39 PM) eyedeekay: Yeah but *how* is important. Is it a new tunnel type? An application launched by i2pbrowser.sh in i2p.firefox? How close to the user agent does this have to be to be effective and not break stuff
(05:12:11 PM) eyedeekay: Because right now strictly speaking the HTTP proxy is working as-intended, and major things exist on the HTTP proxy that are incompatible with this idea
(05:12:38 PM) eyedeekay: If it goes into I2PTunnel it's a new tunnel type IMO, it can't be an option on the existing tool
(05:14:35 PM) anonymousmaybe: An application launched by i2pbrowser.sh in i2p.firefox? <- whats the problem with this concept?
(05:15:02 PM) anonymousmaybe: TB-Tor doing it the same way no?
(05:15:48 PM) eyedeekay: Nothing that I know of, the operative part being "That I know of"
(05:16:11 PM) eyedeekay: Well, the encrypted leaseset support is absolutely lousy but I can fix that
(05:16:44 PM) eyedeekay: Oh also SAM
(05:16:50 PM) Romster left the room (quit: Read error).
(05:16:51 PM) eyedeekay: I need SAM to use multiproxy
(05:17:02 PM) anonymousmaybe: having lets say 50 http tunnel, can I2P handle that? (assuming each new website gonna have its own tunnel)
(05:17:02 PM) eyedeekay: But that's workaround-able
(05:17:59 PM) eyedeekay: It seems to handle it just fine
(05:18:06 PM) anonymousmaybe: yeah i read that SAM can handle multiproxy i think either by you or someone was in whonix forum was working on I2P inside whonix
(05:18:34 PM) eyedeekay: But that's for one client that's not actively browsing all 50 sites, I don't know how such a thing would affect the network if it were widespread
(05:19:30 PM) anonymousmaybe: i can test things if you like
(05:20:01 PM) anonymousmaybe: but in my opinion this is way much important than Bote or susimail..etc
(05:21:12 PM) eyedeekay: I kind of agree, but I see why people wouldn't agree
(05:21:12 PM) eyedeekay: Right now we operate with a fairly simple assumption, one tunnel pool one destination
(05:21:12 PM) eyedeekay: for the purposes of treating it like an identity, tunnel pool, one destination, one pseudonym
(05:21:12 PM) eyedeekay: Hypothetically, it ought to be a relatively easy mental model to tolerate
(05:21:48 PM) eyedeekay: *one hidden service one tunnel pool one destination, really
(05:22:03 PM) anonymousmaybe: yeah i think that was good for the old times
(05:22:16 PM) anonymousmaybe: now things need multi instead of one
```idkidkhttps://i2pgit.org/i2p-hackers/i2p.firefox/-/issues/11Bundle Thunderbird config files too?2022-01-04T17:40:35ZidkBundle Thunderbird config files too?It is possible to add Postman auto-configuration to Thunderbird for Windows too, by adding `.xml` files to the `$Thunderbird_install_dir/isp` directory. This reduces the manual configuration steps required for setting up Postman with Thu...It is possible to add Postman auto-configuration to Thunderbird for Windows too, by adding `.xml` files to the `$Thunderbird_install_dir/isp` directory. This reduces the manual configuration steps required for setting up Postman with Thunderbird. This is different from Firefox in that in Firefox we endeavor to control the whole profile, whereas in Thunderbird the concept of an "account" is at the fore and isolation largely occurs at that abstraction. This auto-configuration `.xml` file cannot be part of an "account" or else it would not be useful, it must be placed into **Thunderbird**'s install directory it cannot be anywhere else. see also: https://github.com/eyedeekay/Thunderbird-I2P-Auto-Configuration where I did it with a go exe inside of a plugin. Since we ask for install rights here, we can forego the go app and the plugin, and just install the files.
1. Check if Thunderbird ISP directory exists. If it does exist, go to 2. If it doesn't exist, go to 3
2. Copy `i2pmail.config.xml` and `mail.i2p.xml` to `$Thunderbird_install_dir/isp`
3. Doneidkidk