I2P-Bote

I2P-Bote is an end-to-end encrypted, network-internal, fully decentralized (serverless) e-mail system. It supports different identities and does not expose e-mail headers. Currently, it is still alpha software. It can be accessed via web console, and it has IMAP and SMTP support, so bote-mails can be read and written by regular email clients. It is planned to guarantee additional anonymity by providing a high-latency transport option. All bote-mails are automatically end-to-end encrypted, so that there's no need to set up e-mail encryption (though the option does exist), and bote-mails will be authenticated automatically. As it is decentralized, there is no e-mail server that could link different e-mail identities as communicating with each other (profiling): Even the nodes relaying the mails will not know the sender and apart from sender and receiver, only the end of the high-latency mail tunnel and the storing nodes will know to whom (anonymous identity) the mail is destined. The original sender can have gone offline, long before the mail becomes available on the other side. This adds on the degree of anonymity that can be reached with I2P-Bote. For those who do not want high delays: All these settings are be user-adjustable, so each user decides on how much anonymity he wants.

Quick start guide

To get it

I2P-Bote work as a plugin only, there is no standalone software to download. Only the URL link to the plugin file is required, read the next section.

To install it

The installation process is officially described at http://bote.i2p/install or clearnet version [1], this is the same process as others plugins : Plugins: How to install a plugin (this page is more detailed).

Copy/paste the URL of the plugin that you will find at http://bote.i2p/install/.

Additionally, you can download su3 file of Bote 0.4.7 from zzz http://stats.i2p/i2p/plugins/others/i2pbote-0.4.7.su3 or clearnet: https://i2pbote.xyz/i2pbote.su3 and use Installation from File

Caution, PaTracker has no search function for Info Hash. The distributors often don't reveal themselves (aka uploader hidden), which exposes them to the suspicion of attempted fraud. Only a strict check of the source can prevent damage. Therefore we advise against downloading via magnetic URL without further investigation.

Last resort: magnet:?xt=urn:btih:ea4e7df590fac5e16778fef845e082023a53530d&tr=http://tracker2.postman.i2p/announce.php

Once installed, you will see on your I2P routerconsole (top, left side) below 'I2P Services' the text 'SecureMail'.

Setup I2P

There is nothing to set into I2P's configuration.

Setup I2P-Bote

Starting I2P-Bote

By default I2P-Bote is set to start automatically when your I2P router starts. The Network Status in the I2P router sidebar will indicate that it is connected.

Create an Identity

Click on 'Identities' on the left, and select the 'New Identity' option. Enter at least a 'Public Name' and hit 'Create'. That's all that's needed to create an identity. The public name is the name you see for this identity. This is useful if you have different identities for different I2P-Bote users you communicate with or different purposes, and it will be sent as 'sender's name' to the mail recipient. There is no need for Public Name to be unique.

You can also fill out the other fields, if you like: Description - this field is kept locally. It's just for your convenience. If you want to add some additional information for yourself about that identity, you can enter it here.

Email Address - this field is not used yet.

Choose one of the given encryption algorithms. If in doubt, stick to the defaults.

You can click on the name of one of your identities and copy the long key displayed under 'Email Destination'. This is your I2P-Bote e-mail address. If you want anybody to be able to send you a bote mail, he need to be given this long key.

Now you can send and receive I2P-Bote mail. But you should also have a look at your I2P-Bote settings and see if they fit your needs. You can also create various identities and assign different settings to each of them.

Note: you can let run it without creating a account, to help the network if you own a computer running 24/7.

FAQ

How I2P-Bote Protects Your Identity

Neither your IP address or your I2P-destination is included in any email you send. The high-latency transport counters timing attacks.
 End-to-end encryption, per-hop encryption, relaying packets for other nodes, one single packet size (padding), a constant rate of sending (test and dummy messages), and balanced incoming/outgoing ratio counter traffic analysis attacks. In combination with per-hop delays, I2P-Bote offers good means against intersection attacks.

The open source nature of I2P-Bote guarantees that you yourself can see the implementation and check it for bugs. If you still have unanswered questions, ask on the forum: http://forum.i2p/viewforum.php?f=35

What happens with an email after I click 'Send'?

The email is encrypted and stored on other I2P-Bote participants' computers. From there, it is delivered to the recipient when they check their email.

Wait a minute, all email I send is saved on some random person's hard drive? Yes, but all they see is garbage data because it is encrypted. Only you and the recipient can read what is in the email. Additionally, if you send the email with relays enabled, it is not even possible to tell who sent it.

What about PGP and GPG?

PGP and GPG let you encrypt email and send it through your existing email account. They offer strong encryption, but they only encrypt the email text, not the headers, which means the subject line, your computer name, and other information is not private. Another privacy issue is that PGP/GPG cannot prevent anybody from finding out who is talking to whom. I2P-Bote encrypts everything except the recipient's Email Destination. In fact even the recipient's destination is only visible to nodes who do not know who the sender of the mail was. It also has the ability to send an email through several relays, so nobody can find out who is sending email to whom.

Can I still use GPG/PGP with I2P-Bote?

Yes. Either have GPG encrypt your email's text before pasting it into the I2P-Bote mail composition field, or use a mail app with GPG support.

How does it compare to Susimail?

I2P-Bote offers more privacy, but Susimail has some features I2P-Bote doesn't have yet. Susimail is more bandwidth-efficient because it doesn't store emails redundantly. I2P-Bote has the benefit of not being a centralized service. Risks for centralized services include: the server could go down due to attacks, legal problems, lack of funding or interest, or the server admin has too many means to do profiling.

Can I send attachments, and what limits are there?

Yes, attachments are supported. The overall size of attached files should be kept small, preferably below 500kB.

About Bandwidth

I2P-Bote can use quite a lot of bandwidth (because of the decentralization of the messages). As an example, mine appears to use approximately 1GB per day upload, as measured by I2P itself. The download is slightly lower. This is with continuous uptime, I2P-Bote can and will work fine with less, although for maximum reliabilty higher uptime is preferable.

How to use I2P-Bote with IMAP and SMTP

0. Install I2P and have it autostart, install and autostart I2P-Bote plugin (version >= 0.2.9), create an identity in I2P-Bote, adjust the settings to your needs (in cause of doubt, keep the defaults), enable IMAP in I2P-Bote.

Beware: I2P-Bote supports UTF8 characters also in usernames, but apparently IMAP does not support special characters, such as ö, ß, é!!

1. create a new IMAP account in your mail client. (in my version of Thunderbird I could not enter the port as I liked in the creation dialog, so I had to make up a non-existing outnernet email address before, for which Thunderbird also automatically tried to fetch the settings, so BE CAREFUL)

2. either in the account creation dialog (if you can), or after creation make the following settings :

2a add a new SMTP server: server: 127.0.0.1 port: 7661 username: bote authentication: password plain

2b adjust the IMAP settings: account name: whatever you like your name: the public name of the e-mail identity in question, c.f. http://127.0.0.1:7657/i2pbote/identities.jsp e-mail address: the long public key that you find when on http://127.0.0.1:7657/i2pbote/identities.jsp you click on the identity you have chosen ( NOT: the private keys! )

SMTP: choose your Bote's smt server

2b' under server settings: server: 127.0.0.1 or whatever the IP is, your I2P-router with I2P-Bote is running at port: the one shown on http://127.0.0.1:7657/i2pbote/settings.jsp (by default 7662) username bote authentication method: password, plain (this implies you do not choose TLS or other transport encryption)

3. Check your mail! When prompted for a password, enter your I2P-Bote password, in case you have one, or a random string otherwise. If you get no error messages, you have done everthing right. Congratulations!

Use it

Sending and Receiving E-Mails

You need to have the I2P-Bote mail destination key of the user you to whom you want to send a bote mail. In order to send a message, click on 'New', choose your own sender identity or 'Anonymous' under 'From' and enter the recipient's mail destination key or alternatively an address in the 'To:' line.

Alternatively, you can hit the 'Addr. Book' button right under this very line, in order to choose from mail destinations stored locally in your I2P address book: Mark the user(s) to which you want your mail to be sent and hit the 'Add Recipients' button.)

You can add several recipients and change the 'To:' to 'CC:' or 'BCC:'. The '+' button adds additional recipient lines.

Now write your mail and hit 'Send' for sending it, or 'Save' in order to store it as a draft into your 'drafts' folder or any user-defined folder. [not yet implemented]

Hitting 'Send' will place your mail into the Outbox folder and you can go on composing another mail. I2P-Bote is now sending your mail. Once sent, it is automatically removed from Outbox and stored into your Sent folder. This means, your mail is on the way to its destination (unless you have set a delay time, which is disabled by default).

In I2P-Bote mail is automatically signed (unless send without any sender identity). You can also send mails without specifying any sender identity/destination/address, just select 'Anonymous' in the scroll-down menu "From."

In the default settings I2P-Bote will automatically check for new mail, and all you need to do in order to see if you have mails is look into your Inbox (link 'Inbox' on the left).

You can force a manual check by clicking the 'Check Mail' button. This is a global checking, that tries to fetch new mail for all of your identities, except for those you have excluded from global checking. [not yet implemented]

The number of unread mail is shown in parenthesis next to the folder's name in the sidebar.

Click on 'Inbox' to have a list of received mails displayed. You will see two columns with x's or green checks. Those show you if a mail contains a valid signature and is thus authentic (Signed) and if the sender's mail destination key is locally known, i.e. in your addressbook (Known). Two green checks next to a mail entry mean that you already know that mail identity and that the mail is signed by that identity.

If you have a certain name in your address book and you get a mail from an identity with that name, yet Known is not displaying a green check, then it is a different destination that sent and signed this mail; they simply have chosen the same name you have chosen for one of your contacts.

If there is s there a green check mark for 'Sig', then the mail is correctly signed by the sender and you may add it to your addressbook under a different name, which now will be displayed as the sender.

A mail without sender destination ('Anonymous' is displayed as sender) will have two x's.

Clicking on mail displayed in your inbox will open the mail. The same applies to all other folders.

Due to the distributed nature of I2P-Bote, sending as well as checking for and retrieving mail takes a few minutes. If mail routes are chosen, it may take more. But you need not keep the browser open for that, simply leave I2P-Bote running as a background process - this also benefits your anonymity.

Local Address Book

If you have an I2P-Bote mail key from somebody you want to write to more frequently, it is handy to store that key locally into your address book (link on the left), specify a name of your own choosing for this contact and paste the mail destination in the corresponding line, then save.

You should normally save destinations to your address book, so that next time you get a mail from the same sender it will be shown to be from the same, locally known sender ('Loc' is checked) and a mail sent by someone else who is just using the same user name will be marked as NOT known locally (an x in web-UI's 'Know' column or {UNK} so you know it's a new/different one.

Settings

Under Settings you can choose the I2P-Bote interface's language (currently English or German) Here you can also adjust the interval for automatic checking of mails and decide whether or not to send any time stamp with your mails, indicating date and time when the mail was sent. The time stamps are always in UTC.

Advanced subjects

• Bote-ratcheting - Applies a technique used in OTR messaging to provide similar, and more, benefits to bote

Advantages of I2P Bote

I2P-Bote hides a lot of information that is (inevitably) sent with normal e-mails.

What I2P-Bote hides

• both, the identity and location of sender and receiver, as well as those of intermediary nodes (relays and storing nodes), the content of your mail, their size, and the number of mails you send.
• Only the recipient can know the sender's bote mail destination, and if they chooses not to send there destination, not even the recipient will know it.
• Even if you send time stamps, your time zone will not be disclosed.
• the fact that you run I2P-Bote
• the fact that you send a mail
• the fact that you receive a mail
• the time you send a mail
• the time you receive a mail
• the upper limit of number of mails an unknown user receives

What I2P-Bote hides partially

• The I2P-Bote address of the recipient will only be known to sender and recipient(s).
• In the case of multiple recipients, each one will see all other recipients that the mail was addressed to via 'To:' or 'CC:'
• All entries that were under 'BCC:' will only be visible to the sender and this very recipient.
• The sent time will, if at all, only be visible to sender and recipient.

What I2P-Bote can hide optionally

• If mail routes are used, the time mail is sent
• If the sender suppresses timestamps, only the sender will know when they sent an email.

What I2P-Bote cannot hide I2P-Bote cannot hide the frequency a given identity checks for new mails nor the number of mails a given identity receives.


More details

Before an email is sent to a relay, it is broken up into packets and encrypted with the recipient's public key. These packets are stored redundantly in a distributed hash table (DHT).

They are kept for at least 100 days, during which the recipient can download them. Relay packets also expire after 100 days or more. If a node runs out of email storage space, and there are no old packets that can be deleted, the node refuses storage requests. Everybody acts as a potential relay and storage node. The maximum amount of disk space used for relayed/stored email packets can be configured by the user.

I2P-Bote sanitizes the mail headers and does not allow any unneeded information to be transmitted, thus allowing the use of email clients without prior checks of what this client sends in the mail headers. All the encryption, path choosing and profiling is done locally so that there is no trusted party involved. Not even for bootstrapping I2P-Bote depends on a central node, as it uses Seedless.

Troubleshooting


Notification about JCE Unlimited Strength Jurisdiction Policy files

If you have a notification at the bottom of your screen about JCE Unlimited Strength Jurisdiction Policy files, it means that your Java installation is restricted from using the strong cryptography that I2P-Bote requires. You can enable the strong cryptography by following the steps below: Download the JCE Unlimited Strength Jurisdiction Policy files from Oracle's website. You may need to use your regular browser.

Unzip the downloaded zip file.

Move the files local_policy.jar and US_export_policy.jar into the folder shown in the notification on your screen. Overwrite any existing files with the same names.

Restart I2P. Some countries have restrictions on the allowed strengths of cryptographic software. If you are unsure about the restrictions in your country, consult with a lawyer.


See also

• I2P and messaging
• Password
• Secure password generator

External links

• http://i2pforum.i2p 'I2P-Bote'
• http://trac.i2p2.i2p - List of open issues