Skip to content

Security: tundra-node/i2p-easy-manager

Security

Report a vulnerability

SECURITY.md

Security & Privacy

Overview

I2P Easy Manager is designed with privacy and security as core principles. This document explains the security measures implemented and how to use the tool safely.

Privacy Features

Firefox Hardening (Arkenfox)

The tool automatically applies hardened Firefox preferences that protect against:

  • Fingerprinting - Disabled JavaScript identifiers and reduced browser fingerprint surface
  • WebRTC Leaks - WebRTC disabled to prevent IP address leakage
  • DNS Leaks - DNS-over-HTTPS enabled and proxy-only DNS
  • Telemetry - All Mozilla telemetry disabled
  • Tracking - Built-in tracking protection enabled
  • Geolocation - Geolocation permission disabled

Proxy Configuration

The tool configures Firefox to use I2P's SOCKS5 proxy for:

  • HTTP connections
  • HTTPS connections
  • DNS queries (SOCKS remote DNS enabled)

Default Security Settings

privacy.resistFingerprinting = true
media.peerconnection.enabled = false      // WebRTC disabled
webgl.disabled = true                      // WebGL disabled
network.dns.disablePrefetch = true
network.prefetch-next = false
geo.enabled = false
toolkit.telemetry.enabled = false
dom.security.https_only_mode = true

What This Tool Does NOT Provide

Not a VPN

  • This tool routes traffic through I2P, not a commercial VPN
  • I2P provides anonymity for specific services, not blanket internet encryption
  • Requires proper I2P network setup and integration time (10-30 minutes)

Not Full Anonymity

  • I2P provides strong anonymity for specific services (like hidden sites)
  • Exit node traffic over clearnet may be identifiable
  • Always verify the I2P service you're connecting to is trustworthy

Not Protection Against

  • Malware - Use antivirus software separately
  • Phishing - Use standard web security practices
  • Social Engineering - Use good judgment
  • Unencrypted Applications - This only protects Firefox

Safe Usage Practices

1. Keep Firefox Profile Isolated

  • Use the I2P profile exclusively for I2P services
  • Don't mix regular and I2P browsing in the same profile
  • This prevents correlation attacks

2. Verify I2P Integration

i2p-manager status

Wait until you see "CONNECTED" status before accessing .i2p sites.

3. Check for Leaks

Before accessing sensitive content:

  1. Visit http://i2p-project.org/ (should work)
  2. Verify your DNS is resolving through I2P
  3. Check WebRTC is disabled in Firefox console

4. Use HTTPS Only

  • Always use HTTPS when available, even on .i2p sites
  • Enable "HTTPS-only mode" in Firefox (default in this tool)

5. Disable Auto-Update

The Firefox profile disables auto-updates to prevent profile corruption. Keep your Firefox installation updated separately:

macOS:

brew upgrade firefox

Linux:

sudo apt update && sudo apt upgrade firefox

Windows: Check Firefox menu → Help → About Firefox

Security Considerations

I2Pd Configuration

This tool does not modify I2Pd's network configuration. Review I2Pd's security settings at:

http://127.0.0.1:7070

Key settings to understand:

  • Reachability - Set to highest level for better anonymity
  • Tunnel Length - Default is secure; don't reduce unnecessarily
  • Bandwidth Limits - Set appropriate for your network

Firefox Profile Location

The profile is stored at:

macOS/Linux:

~/.mozilla/firefox/[profile-name].default/

Windows:

%APPDATA%\Mozilla\Firefox\Profiles\[profile-name].default\

Keep this directory private and backed up securely.

Logs and Data

I2Pd creates logs at:

  • macOS: /usr/local/var/log/i2pd/i2pd.log
  • Linux: /var/log/i2pd/i2pd.log or ~/.i2pd/i2pd.log
  • Windows: %APPDATA%\i2pd\i2pd.log or C:\ProgramData\i2pd\i2pd.log

These logs may contain sensitive information. Review and secure appropriately.

Reporting Security Issues

If you discover a security vulnerability:

  1. DO NOT open a public issue on GitHub
  2. DO email details to: [email protected]
  3. Include:
    • Vulnerability description
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

Please allow reasonable time (30 days) for us to respond and develop a fix before public disclosure.

Dependencies Security

This tool uses minimal dependencies:

Package Version Purpose Security Notes
click >=8.0.0 CLI framework Well-maintained, stable
rich >=13.0.0 Terminal UI Pure Python, no native deps
requests >=2.28.0 HTTP requests Standard, widely used
psutil >=5.9.0 Process monitoring Stable, community-maintained

All dependencies are pinned to minimum versions that include important security patches.

To check for vulnerabilities:

pip install safety
safety check

Updates and Patches

Staying Updated

Check for security updates:

pip install --upgrade i2p-easy-manager

Subscribe to security advisories by watching the GitHub repository.

Critical Issues

Critical security issues will be:

  1. Fixed immediately in a patch release
  2. Announced via GitHub releases
  3. Detailed in CHANGELOG.md

Platform-Specific Notes

macOS

  • Requires explicit permission to access Firefox profiles
  • Homebrew-installed I2Pd runs as background service
  • Check Activity Monitor for process status

Linux

  • Requires sudo for systemd I2Pd management
  • Consider SELinux/AppArmor profiles for Firefox
  • Review filesystem permissions on profile directory

Windows

  • Windows Defender may need exceptions for I2Pd
  • Firefox may require admin privileges for profile creation
  • Registry may contain sensitive information

Further Reading

Version

This document applies to I2P Easy Manager v0.1.1

Last Updated: January 8, 2026

There aren’t any published security advisories