Run Javascript Client Code on the I2P Network without Risking Anonymity

by maxkoda

Introduction

Most I2P users disable Javascript in their browsers due to the risks of preserving anonymity. As a result most web applications on the I2P network do not make use of the Javascript language. This has resulted in a severe lack of web applications with rich client user interfaces and I2P web applications looking like web pages developed in the 1990s.

There are many excellent Javascript frameworks that enable building rich-client user interfaces that help to raise the bar for the user experience. However, these improved user experience web applications are missing on the I2P network because of the risks to anonymity mentioned earlier.

I have been looking for a way to bring rich-client web application user interfaces to I2P, using popular javascript frameworks without risking anonymity and I believe I found a way to do this.

That is the topic for this site.

Architecture

I2P Web developers can use popular javascript frameworks for rich-client user interfaces and avoid risking client anonymity. The architecture requires no changes on the server side because the client is in control when it comes to preserving anonymity.

On the client side, a virtual machine that has no connectivity to the Internet is used to browse the I2P network. The virtual machine is configured such that it can’t even contact the host machine (the computer running the virtual machine). If the virtual machine attempts to ping the IP of the host machine it receives a message that “the network is not reachable”.

This effectively isolates the virtual machine to a private network address. This network isolation effectively hides the true network location of the browser from any javascript client code running in the virtual machine.

On the host machine, the user can ssh into the virtual machine and interact with the operating system. The host machine runs an I2P router, and to allow the virtual machine to access the I2P network, the user will ssh to the virtual machine and provide remote port forwarding of I2P ports from the host machine.

The client configures the browser proxy in the virtual machine the same as the browser proxy is configured on the host machine (127.0.0.1:4444).

Once successfully configured, the user can browse to any I2P web application that’s running javascript and if the javascript code attempts to ascertain the network location of the user, it will always just see a private network address. Therefore the user’s actual network location is hidden from the javascript client code.

This will allow for rich client user interfaces for I2P web apps using javascript frameworks without exposing the user's network location.

Build Your Own

I prefer to use Linux for both my host machine and the virtual machine. I use Virtualbox to manage my virtual machines. You can use whatever operating system you prefer as long as you can run ssh, I2P, and VirtualBox on your host machine. Typically this means Linux, OS/X, or Windows. You can use a virtual machine with any operating system type supported by VirtualBox.

You will need to create a Host-only network adapter for the virtual machine.

Paper Describing Setup and Configuration:

magnet:?xt=urn:btih:8ef7125fe37e2d25960706328102f5d0300836fe

Download I2P Javascript Virtual Machine

The I2P Javascript Virtual Machine is available for download via I2PSnark. The virtual machine is a Debian 10 Desktop OS configured and ready for use.

The virtual machine is configured with 2GB RAM and a host-only network adapter.

I2P Javascript Virtual Machine ova (2.17 GiB):

magnet:?xt=urn:btih:e551b83eea117cf6406f3ec5d2eccf67b6d72d28

SHA256 File Checksum: b5168d305d8fe534e7b35b681ba6feee7342aee5b7b50c1d8ee16f4dc644a737

The login credential for the virtual machine Debian OS:

username:user

password:password

The virtual machine will need the VirtualBox Extension Pack installed.

Instructional Videos

Javascript Examples:

These are meant to be run in the I2P javascript virtual machine:

Rich Client User Interface

Solitaire

Graphical maze game

Reward

If anyone can prove that network anonymity can be compromised using this virtual machine model, I will pay a reward of 1.0 Monero (1.0 XMR) to the individual that provides documented proof.

Tips sent to the Monero address below will be added to this Reward bounty with the reward balance updated periodically.

Questions and comments can be sent to:

I2P-Bote: 8l-cwUo-7~S1NUl6DHCjODn0uDTnfCh6YQEOyJdHUXH5LauttaFPNkICXpL4tso16BrtX00IxnyNAqorAaESL6

or

susimail: maxkoda@mail.i2p

Tip Me

Monero tips are appreciated. Tips will be added to the security reward bounty.

Monero tip address:

434giFftULPAE4rc8miqMiFSQCPbUkcgJ91JBiXSjpvC8wKZWreJh6MPGi7mQ8nYkXfDzQovSezG2iKgyNx3qmcJKtLvgBg


Page last edited: November 2019.