Services will be down until September 2020

All my lokinet, i2p and onion related resources will be down until Early September 2020 while I find a new place to live. They should be back later.

This does not include anything on

Death by Dangerous By Design Defaults, Dumb DoH Degrades DNS's Dignity.

Firefox recently introduced DNS over HTTPS in firefox for "securing" application dns. I am personally of the opinion that applications should NOT attempt to work around a broken system resolver as this is a system issue that is out of scope of the application. But I digress. While DoH is a security upgrade in theory and in practice (most of the time) vs normal DNS, firefox's implementation contains a fatal flaw in the default settings that make it effectively off unless you explicitly turn it on.

By default DoH in firefox is "oppurtunistic". Specifically if your upstream DNS makes eplicitly not resolve firefox turns DoH off. Yes DNS is rather insecure and your ISP can do whatever it wants and that's kind of the problem. Firefox is depending on your system's DNS being secure to ... uh... secure appliation level dns in Firefox. See the problem yet? The real …

Read more ...

Life Update Blog June 2020

Today I get my airconditioner from amazon prime delivered, allegedly. It's june, it's humid and my window fan isn't cutting it. Nothing much changes in Jeff land yet the world is going insane at the moment. Alas politics is not the topic of this blog post.

The topic is... daily life.

It's saturday morning and I am doing bug triage on github as if it was a weekday. The work week has been going for the past 2 years or so as I am a workaholic and use work as an escape from my real life problems. I am still a shitty person in person and online. I don't think I ever grew up. Sometimes I wonder what I am doing, maybe this is an early mid life crisis. One thing for sure is that I need a non computer related hobby (yea, but like, can your non computer related …

Read more ...

Lokinet with DNSCrypt-Proxy


This is a quick intro with how to use lokinet with dnscrypt-proxy on ubuntu/debian based distros to secure your dns queries from spying eyes, as requested by someone on an XMPP muc.


You want to first install dnscrypt-proxy

# apt update
# apt install dnscrypt-proxy

Next install lokinet see this blog post on how to do that.


By default your system will want to use dnscrypt-proxy as system resolver, this is fine as you can always forward dns for .loki and .snode to lokinet.

In /etc/dnscrypt-proxy/dnscrypt-proxy.toml you want to add an option to provide a fowarding file:

forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'

In a new file at /etc/dnscrypt-proxy/forwarding-rules.txt'put the following forwarding rules:


The first rule says to forward the .loki gtld to …

Read more ...

New stable opentracker now online with announce urls:

Installing Lokinet on Ubuntu


This blog post will guide you through the process of installing lokinet using our apt repo and is aimed at people whom are just getting into linux and may not know how to do such.


If you want to learn don't copy paste, if you want it to just do stuff and don't care yeah just copy paste.

Open up a terminal, in stock ubuntu it's control alt T.

Now we want to grab the apt repo's public keys, this is used to verify packages.

curl -s | sudo apt-key add -

(This requires you to enter your admin password because it is using sudo)

Next we want to add the apt repo to the system's apt repo list:

echo "deb $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/

(This will auto detect what …

Read more ...

i2pd 2.24 released

i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.

I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses.

I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers).

I2P allows people from all around the world to communicate and share information without restrictions.

i2pd is licensed under the 3-clause BSD license, binary packages are available for Debian, Ubuntu, OS X, FreeBSD, Android and Windows.

View release on GitHub

Changelog for i2pd version 2.24:


  • Support of transient keys for LeaseSet2
  • Support of encrypted LeaseSet2
  • Recognize signature type 11 (RedDSA)
  • Support websocket connections over HTTP proxy
  • Ability to disable full addressbook persist


  • Don't load peer profiles if non-persistant …

Read more ...

Why I wrote LLARP

Recently I happened across a bitcoin talk thread while peeking at my blog's http access log at a time when I should've been doing work instead.

I'll probably take this chance to make it very clear what llarp/lokinet is and is not and why it even exists in the first place.

I can say that, in my opinion, llarp/lokinet is attempting to be a protocol to replace i2p.

I2P has a mountain of technical debt in their protocols that have been taking several (5+) years now to rectify. It is in fact easier to rewrite the whole thing than to rebase the protocol atop sanity. I am not the first person to suggest this by any means, nor the first to attempting it. The first attempt I have seen was the shadow protocol from 2013. For whatever reason it died off, I personally suspect it was because of …

Read more ...

i2pd 2.23.0 static arm build

my unofficial static arm build for i2pd 2.23.0 is up here.

make sure to check the signature and verify the hash


e4cf21c06ae441030253dcb636eb05f0b5dc6405879b86b3b8f734a3195856ab20163c780c1c144e47f50dd9f8dc748bd243739262e2bd98fe05dac473c5c4b8  i2pd

the build was compiled with -Os and stripped for smaller size, so you may have better speed on systems without speculative execution like the raspberry pi 1.


  • openssl 1.1.1a
  • boost 1.62.0

Kovri and the curious case of code rot (part 3)

Before the final post I'll give on this topic, a bit of backstory as I understand it.

During winter of 2015 (or was it 2016? I forget.) orignal the original author of i2pd took a 2 week winter vacation while the codebase was in shambles. During this break some of the contributors of i2pd decided to hard fork the codebase starting with turning all the tabs to spaces. It is unclear if Anonimal was a part of the group or not.

When original came back he flipped his living shit and put his new changes that used openssl onto Bitbucket and then later merged it on Github in another branch. This is the historical reason why i2pd uses the openssl branch and not master as the primary branch.

Kovri is based off the code base before the openssl branch which is truly godawful, however almost none of it remains in …

Read more ...