ℹ️ NOTE: This section has been recently added to the course and is an early draft that may still be awaiting review. Caveat reader.
Rather than using the proxy-based Tor service to ensure the privacy of your Bitcoin communications, you may instead wish to use I2P, which is designed to act as a private network within the internet, rather than simply offering private access to internet services.
Tor and I2P both offer private access to online services, but with different routing and databases, and with different architectures for relays. Since hidden services (such as Bitcoin access) are core to the design of I2P, they have also been better optimized:
| Tor | I2P | |
|---|---|---|
| Routing | Onion | Garlic |
| Network Database | Trusted Directory Servers | Distributed network database |
| Relay | Two-way encrypted connections between each Relay | One-way connections between every server in its tunnels |
| Hidden services | Slow | Fast |
A more detailed comparison may be found at geti2p.net.
There are tradeoffs if you choose to support only I2P, only Tor, or both. These configurations, which limit outgoing clearnet connections, are made in Bitcoin Core using the onlynet argument in your bitcoin.conf.
onlynet=onion, which limits outgoing connections to Tor, can expose a node to Sybil attacks and can create network partitioning, because of limited connections between Tornet and the clearnet.onlynet=onionandonlynet=i2pin conjunction, which runs Onion service with I2P service is experimental for now.
To install I2P, you should make sure your ports are correctly set up and then you can continue with your setup process.
To use I2P, you will need to open the following ports, which are required by I2P:
- Outbound (Internet facing): a random port between 9000 and 31000 is selected. It is best if all these ports are open for outbound connections, which doesn't affect your security.
- You can check firewall status using
sudo ufw status verbose, which shouldn't deny outgoing connections by default.
- Inbound (Internet facing): optional. A variety of inbound ports are listed in the I2P docs.
- For maximum privacy, it is preferable to disable accepting incoming connections.
The following will run Bitcoin Core I2P services:
-
Install
i2pdon Ubuntu:sudo add-apt-repository ppa:purplei2p/i2pd sudo apt-get update sudo apt-get install i2pdFor installing on other OSes, see these docs
-
Run the I2P service:
$ sudo systemctl start i2pd.service -
Check that I2P is running. You should see it on port 7656:
$ ss -nlt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.1:7656 0.0.0.0:* -
Add the following lines in
bitcoin.conf:i2psam=127.0.0.1:7656 debug=i2pThe logging option,
debug=i2p, is used to record additional information in the debug log about your I2P configuration and connections. The default location for this debugging file on Linux is:~/.bitcoin/debug.log: -
Restart
bitcoind$ bitcoind -
Check
debug.logto see if I2P was setup correctly, or if any errors appeared in the logs.2021-06-15T20:36:16Z i2paccept thread start 2021-06-15T20:36:16Z I2P: Creating SAM session with 127.0.0.1:7656 2021-06-15T20:36:56Z I2P: SAM session created: session id=3e0f35228b, my address=bmwyyuzyqdc5dcx27s4baltbu6zw7rbqfl2nmclt45i7ng3ul4pa.b32.i2p:18333 2021-06-15T20:36:56Z AddLocal(bmwyyuzyqdc5dcx27s4baltbu6zw7rbqfl2nmclt45i7ng3ul4pa.b32.i2p:18333,4)The I2P address is mentioned in the logs, ending with b32.i2p. For example
bmwyyuzyqdc5dcx27s4baltbu6zw7rbqfl2nmclt45i7ng3ul4pa.b32.i2p:18333. -
Confirm
i2p_private_keywas created in the Bitcoin Core data directory. The first time Bitcoin Core connects to the I2P router, its I2P address (and corresponding private key) will be automatically generated and saved in a file named i2p_private_key:~/.bitcoin/testnet3$ ls anchors.dat chainstate i2p_private_key settings.json banlist.dat debug.log mempool.dat wallets blocks fee_estimates.dat peers.dat -
Check that
bitcoin-cli -netinfoorbitcoin-cli getnetworkinforeturns the I2P address:Local addresses bmwyyuzyqdc5dcx27s4baltbu6zw7rbqfl2nmclt45i7ng3ul4pa.b32.i2p port 18333 score 4
You now have your Bitcoin server accessible through the I2P network at your new local address.
It is always good to have alternatives for privacy and not depend solely on Tor for running Bitcoin Core as a hidden service. Since I2P was recently added in Bitcoin Core, not many people use it. Experiment with it and report bugs if you find any issues.
ℹ️ NOTE: For the official i2prouter implementation in Java, visit the I2P download page and follow the instructions for your Operating System. Once installed, open a terminal window and type
i2prouter start. Then visit127.0.0.1:7657in your browser to enable SAM. To do so, select: "Configure Homepage", then "Clients", and finally select the "Play Button" next to SAM application Bridge. On the left side of the page, there should be a green light next to "Shared Clients".
Move on to "Programming with RPC" with Chapter Sixteen: Talking to Bitcoind with C.
Or, if you're not a programmer, you can skip to Chapter Nineteen: Understanding Your Lightning Setup to continue your command-line education with the Lightning Network.