Frequently Asked Questions
What is I2P-Bote?
A peer-to-peer email program designed to protect your privacy.
I2P-Bote is an end-to-end encrypted, network-internal, fully decentralized
(serverless) e-mail system. It supports different identities and does
not expose e-mail headers. Currently, it is still alpha software and
can only by accessed via web console. It soon will have POP3 support,
and it is planned to guarantee additional anonymity by providing a
high-latency transport option. All bote-mails are automatically
end-to-end encrypted, so that there's no need to set up e-mail
encryption (though the option does exist), and bote-mails will be
authenticated automatically. As
it is decentralized, there is no e-mail server that could link
different e-mail identities as communicating with each other
(profiling): Even the nodes relaying the mails will not know the
sender and apart from sender and receiver, only the end of the
high-latency mail tunnel and the storing nodes will know to whom
(anonymous identity) the mail is destined. The original sender can
have gone offline, long before the mail becomes available on the
other side. This adds on the degree of anonymity that can be reached
with I2P-Bote. For those who do not want high delays: All these
settings are be user-adjustable, so each user decides on how much
anonymity he wants.
Why is it named I2P-Bote?
Bote is the German word for messenger.
Why I2P-Bote?
Because it's cool.
And because I2P was lacking a decentralized e-mail service, and seeing
the creation of such as an opportunity to improve on neglected
anonymity aspects, it was decided to add an optional high-latency
transport. You can use a normal e-mail account and end-to-end encrypt your mails, but
they are still not anonymous. You can use anonymous server-bound e-mails, yet they are not automatically
end-to-end encrypted.
Or you can use I2P-Bote in which your mails
are anonymous and automatically end-to-end-encrypted.
In contrast
to standard e-mail systems there is no need to setup an additional
key management application. Everything you need is already there.
But
despite it being simple and easy to use, it still offers military
grade encryption and options for extremely strong anonymity.
What happens with an email after I click "Send"?
It is encrypted and stored on other I2P-Bote participants' computers. From there, it is delivered to the recipient when they check their email.
Wait a minute, all email I send is saved on some random person's hard drive? That sounds like a really dumb idea!
All they see is garbage data because it is encrypted with "military-grade" encryption. Only you and the recipient know what is in the email. Additionally, if you send the email with relays enabled, it is not even possible to tell who sent it.
Between this and using an email account with a
company that doesn't respect your privacy, over an internet line that is being spied on by shady agencies, which would you say is more trustworthy?
How does it work exactly?
– see the section “Concept” of the Manual –
In short:
I2P-Bote nodes form a p2p-network, relaying mail packets for one another and storing them into a DHT.
Why would I use it? I have nothing to hide …
Because you wouldn't go out to the street naked either, would you?
Well, maybe you would. But the point is, sometimes you want private e-mail communication to be secret and untraceable and not let the whole world know when you say what to whom.
And sometimes you simply want to communicate fully anonymously with others.
Therefor I2P-Bote is the ideal tool, giving you a hell lot of protection while preserving a great deal of flexibility.
It aims at providing professional military grade security and n00b-proof usability:
You can have really paranoid settings, where it takes a mail an eternity to arrive; or have faster communication and still enjoy very high anonymity.
You decide – easily with a click of your mouse.
What about PGP and GPG?
PGP and GPG let you encrypt email and send it through your existing email account. They offer strong encryption, but they only encrypt the email text, not the headers, which means the subject line, your computer name, and other information is not secure.
Another privacy issue is that PGP/GPG cannot prevent anybody from finding out who is talking to whom.
I2P-Bote, in contrast, encrypts everything but the recipient's Email Destination. (In fact even the recipient's destination is only visible to nodes who do not know who the sender of the mail was.) It also has the ability to send an email through several relays (similar to Mixmaster), so nobody can find out who is sending email to whom.
Can I still use GPG/PGP with I2P-Bote?
Of course. Either have GPG encrypt your e-mail's text before pasting it into the I2P-Bote mail composition field, or use a mail app with GPG support. [POP3 support not implemented]
How does it compare to Susimail?
I2P-Bote is better because it has a higher version number. Just kidding.
I2P-Bote offers more privacy, but Susimail has some features I2P-Bote doesn't have yet (see below), and Susimail is more bandwidth-efficient because it doesn't store emails redundantly.
Why is I2P-Bote better?
We think it's better for us (and maybe for you, too; decide yourself!), than …
mixminion as it is easy to use and as n00b-proof as we could get it.
anonymous e-mail services not based on destination key routing: as those do not deliver built-in end-to-end encryption.
centralized services, as the server could go down (due to attacks, legal problems, lack of funding or interest, …) and the server admin has too many means to do profiling.
How is my identity kept safe when I exchange mail with someone?
Never is your ip number or even your I2P-destination included in any e-mail you send.
The high-latency transport counters timing attacks.
End-to-end encryption, per-hop encryption, relaying packets for other nodes, one single packet size* (padding), a constant rate of sending (test and dummy messages)*, and a rather balanced incoming/outgoing ratio* counter traffic analysis attacks, and in combination with per-hop delays, I2P-Bote offers good means against intersection attacks.
The open source nature of I2P-Bote guarantees that you yourself can see the implementation and check it for bugs.
*[not yet implemented]
How do I use it?
Read the manual or see the other questions and answers here!
If you still have unanswered questions, ask on the forum:
http://forum.i2p/viewforum.php?f=35
Can I use an email program like Thunderbird?
No, but it is on the roadmap.
Can I send attachments, and what limits are there?
Yes, attachments are supported as of release 0.2.5.
The overall size of attached files should be kept small, preferably below 500kB.
How do I create an email account?
I2P-Bote calls them Email Identities. You can create one in the I2P-Bote web interface under the "Identities" link. The reason why it's not called an account is that there is no provider like GMail or GMX. You alone hold the (cryptographic) keys to the Email Identity.
When you create an Email Identity, I2P-Bote generates a string of numbers and letters called an Email Destination. This is the address you can be reached at.
Example: wsq-8u5bTWbaOsrS0JuXRKL-RsbTkckV4W7u2mIu0Yrlfetixq1F~03CArnvbd6tDWwjPHYEuoKyWqwxplSdix
What's an Email Destination? What about email addresses?
Email destinations (aka bote dests) are between 86 and 512 characters long, depending on the type of encryption. Support for easy-to-remember, user-chosen addresses is planned for the near future.
The e-mail identities consist of public and private keys, as well as a name the user chooses for it. The public part is your e-mail destination, your pseudonymous identity. And one real user can have more than one of those identities. They serve for addressing mails to certain users –therefore it is referred to as a “destination” or short “dest” – as well as for encrypting the mails for them.
Hence, your e-mail destination is the key others use in order to encrypt mails which they send to you, and in
order to verify the authenticity and integrity of mails they receive from you.
It is save to give your e-mail destination to anybody you want to get e-mails from.
It is important to distinguish between the mail dest and the router id! Your I2P-Bote mail identity is not related to your I2P-Bote router/node id, which is used for I2P-Bote nodes to contact each other and this way for the Bote network.
If you have problems with your I2P-Bote app – in the highly unlikely case it should be necessary – you can tell your I2P-Bote router id in irc2p, I2P's IRC channels, or the forum or manually add other peer's id's in order to connect, though until now this has never been necessary.
It is not linked to your ip. Nonetheless, do not relate your I2P-Bote router id with your I2P-Bote mail dests since this might destroy the additional anonymity I2P-Bote itself generates!
Why are the e-mail addresses so long?
In I2P-Bote every mail is (automatically) encrypted. In order not to require you to exchange an e-mail address and a long key, we simply made that key the address. This comes with two additional benefits: You won't have
to worry if an e-mail address is already taken or not (at least not if you do not send or receive e-mails to or from the internet) and you don't need a key management app apart, for taking care of your keys.
It is safe to give away this key, as it is only the public key which everybody may know about without compromising your e-mails' secrecy.
Using the ECC encryption as option will yield shorter e-mail destination keys.
But I cannot remember those long destinations …
That's what the integrated addressbook is there. Once you have become more acquainted qith I2P-Bote, you will appreciate the built-in encrpytion and authentication, which can only be achieved using cryptographic keys.
Again, the alternatove would be to have short and easy addresses plus a long key for encryption and authentication, and to rely on some authority to map the e-mail addresses to some anonymous recipient.
What's the point of using multiple mail identities?
I2P-Bote is not an instant messenger, so you can have several identities without having to keep many tunnels open. Only for fetching requests you'd use up more resources but at the same time provide more cover for others.
Now, imagine you communicate with your friends unobservedly (see: data retention laws) via I2P-Bote, and want to quickly send out a mail that you'll be meeting each other in a different location tonight.
Then, you need no super-anonymity and can renounce mail routes and delays. Your friends, on the other hand, would want to have a shorter check interval, so they will receive the mail in time. Yet you still want super high anonymity for some of your other communications ‧ that's where a different mail identity with mail routes, delays and long check intervals comes in handy.
Which encryption type is best?
256-bit ECC produces short and handy Email Destinations, and it is considered stronger than 2048-bit ElGamal.
521-bit ECC is stronger than 256-bit ECC, but it makes Email Destinations longer.
2048-bit ElGamal produces even longer Email Destinations, and it is the cryptographically weakest of the three options. However, ElGamal is better researched than ECC, which makes it less likely that there is an unknown weakness in ElGamal than in ECC.
What algorithms are used for symmetric encryption, and for hashing?
AES-256 in
CBC mode and SHA-256.
Are there any anti-spam measures?
I2P-Bote does no active spam filtering, but the fact that mass emails have to be sent individually should discourage spammers. Another line of defense is HashCash which is supported at the protocol level and may be implemented in a future version if spam becomes a problem.
How about HTML or styled text?
The webinterface does not render html.
How long are emails kept around?
Emails are available for 100 days after they have been sent. Emails that have not been downloaded by then are deleted.
Emails you have received stay on your local machine until you delete them.
When do Email Identities expire?
Never.
Can I send email to, and receive email from normal internet email servers?
No, but this is being worked on.
Can I send email to, and receive email from postman's traditional I2P mail accounts?
No, but this too is being worked on.
What does it mean when Know is x'ed for a mail in my inbox?
When the sender's destination is not known locally the mail is marked by an x in the “Know” column
.
This means that you have no proof this user is really who he claims to be, in his user name. Of course, if the signature is valid, you know he possesses the destination key with which the mail was signed, and that the mail content is from that person. But you cannot rely on the short name here. In case you had gotten a mail from a user with this name before, you cannot be sure it is the same user this time, even if the signature is valid. In this
case you must compare the destination keys or add them to your addressbook. A user not locally known, is not necessarily evil, but you shouldn't trust it's the user you might think it is. But, if verified against locally stored keys, you know it's the same user when you receive another mail from him and “Know” has a green check.
What do “BktPfx”, “Distance” and “Locked?” mean?
• BktPfx = BucketPrefix
• Distance: the distance of an I2P-Bote node to your own node in keyspace
• Locked: If a node is not reachable for whatever reason, it is marked as locked, plus the time it has been found unreachable.
What can I do to be more anonymous?
Don't send identifying information about you! (name, address, photos, geographic location, time zone, age, sex, websites, login names, I2P router id, I2P-Bote id, Files that contain author information about you, …)
don't send personal information or information that only you can possess,
leave I2P-Bote running 24/7,
use mailroutes with randomized per-hop delays and/or per-hop fixed send times, [not yet fully implemented]
use a long check interval,
use a long local delay for own packets,
use a big check interval randomization. [not yet implemented]
suppress the sending of date and time in the e-mails' header,
suppress translation of markers like “Re:” into another language,
watch your language and writing style,
use different e-mail identities,
consider discarding e-mail identities after longer periods of usage,
...
How do I not send timestamps?
Go to settings and disable sending of timestamps. This will have the effect that your mail will not contain a date or time of sending.
How do I migrate my settings and data to another computer, or back them up?
I2P-Bote stores all email and other data in the i2pbote folder. On Windows, that folder can be found at
%APPDATA%\I2P\i2pbote; on Linux, it is $HOME/.i2p/i2pbote.
To back up or migrate everything, just copy the whole i2pbote folder.
If you are only interested in your Email Identities, copy the file identities.txt. For the address book, copy addressBook.txt.
What is a mail route?
see: What does high-latency transport mean?
What does high-latency transport mean?
It means that you can enable an option where e-mail packets are not sent directly to storing nodes, but are relayed (forwarded) by other peers (who cannot read the e-mails, as they are encrypted with several layers and ripped into small parts), who do not send them on immediately but wait a user-specified time – in case of sending
specified by the sender, in case of receiving specified by recipient.
Therefore it takes the mail some time to arrive. Thus an attacker cannot simply run stats on node uptimes (who was connected when) and times a message was received to be stored (which in a low-latency environment would be about the time it was sent), in order to uncover the real life identities behind I2P-Bote e-mail identities.
What latencies are there, and how can they be controlled (if at all)?
I2P-Bote is distributed and running on top of the I2P network, so it takes some time. Speed is not our strength, but we compare well with other anon mail systems. Without mail routes enabled it takes 3 to 10 minutes from hitting the
“Send” button to being displayed in the receiver's inbox.
If speed is what you want, fully disable mail routes or set them to the minimum number of hops and minimum per-hop delay you can live with.
If I2P-Bote generates its own anonymity, why does it need I2P?
I2P-Bote is built on top of I2P mainly for five reasons:
• I2P was lacking a decentralized e-mail service and HungryHobo is an I2P user.
• I2P offers very good anonymity, is mature and incorporates years of experience.
• So being on top of it, kind of represents an anonymity fall-back even if there were some crucial bugs in I2P-Bote.
• Flexibility: We want to offer an easy way to anonymous low-latency e-mail communication as well, with still a high level of protection.
• I2P with it the many other apps running on top of it creates a lot of traffic that blends with I2P-Bote traffic.
• Even I2P-Bote relays are thus location-hidden.
How anonymous/secure is I2P-Bote without mail routes?
Pretty anonymous and very secure.
It then basically enjoys the same anonymity other apps have on I2P, the anonymity provided by the I2P router – which is rather strong anonymity already. However, I2P is a low-latency network, with all the shortcomings a
low-latency network comes with by its very nature. There are attacks against which I2P cannot protect you or not protect you very reliably. I2P-Bote does its best to augment I2P anonymity with its high-latency transport option, which make – if enabled –
I2P-Bote mails paranoidly anonymous.
Is I2P-Bote open source?
Of course!
“
This software is licensed under the GPL version 3 (see licenses/GPLv3.txt), except for bcprov-ecc-jdk16-145.jar which is licensed under the Bouncy Castle License
(see licenses/BouncyCastle.txt).”
(Both of which are free open source licences.)
Who made I2P-Bote?
(See also Credits!)
Conception, technical design, implementation and web user interface were/are done by HungryHobo, an anonymous developer. For feedback or if you want to offer help, you can contact him using I2P-Bote. His destination key is:
hobo37SEJsEMfQHwcpVlvEgnrERGFz34GC1yjVyuRvl1QHnTi0UAoOtrLP~qkFY0oL59BBqj5sCep0RA8I5G8n
What languages are available?
English, German, Russian, French, Spanish, Portuguese, Dutch, Norwegian, Swedish, Chinese, and Arabic.
How can I help translate I2P-Bote into my language?
Translations are done the same way as the rest of I2P. If you would like to help and have questions, please
contact the author.
How does it work on a technical level?
Have a look at the file doc/techdoc.txt in the source code.
What are some other ways I can help?
• Use I2P-Bote and give feedback
• Tell your friends, family, collegues et al. about I2P-Bote and lend them a hand
• Mention I2P-Bote on your blog, eepsite or website
• Write a user's guide or improve the technical documentation
• Add features or fix bugs (contact the author first)
Credits:
Idea & technical concept: HungryHobo, Mixxy
Implementation: HungryHobo
Plugin support: zzz, HungryHobo
User interface: HungryHobo
Seedless integration: sponge
German translation: HungryHobo
Russian translation: suhr
French translation: albat, Redzara, Mixxy
, magma
Spanish translation: Mixxy
Portuguese translation: Mixxy
Dutch translation: KwukDuck
Norwegian translation: hej
Swedish translation: hottuna
Chinese translation: walking
Arabic translation: hamada
Alpha testing: HungryHobo, Mixxy, Returning Novice, sponge, and many others
Manual: Mixxy