transient router id

[hsn10]

Can we have an option to automatically generate new router id at each start?

it would be enough to delete ntpc2.keys, router.keys, ssu2.keys at each start.

[bjtftw]

For completely new i2pd profile on every start you can modify i2pd.service file (sudo systemctl edit --full i2pd.service) so "ExecStart=" will contain "--datadir=/run/i2pd" this way whole i2pd data dir is deleted when i2pd killed/stopped. Of course this removes all the data (like peers profiles, .keys, .dat), so on every i2pd start you get completely new installation behavior and need to wait some time to get i2pd fully working as you need to bootstrap into network and profile peers.

If you want only some files to be deleted on i2pd stop add ExecStopPost=+-/usr/bin/sh -c 'rm -f /I2PD_DIR/*.keys' action. Replace I2PD_DIR with directory where your i2pd store .keys (I don't remember original path, probably /var/lib/i2pd/).

[Vort]

Why this feature is needed?

[orignal]

A new router takes much time for integration to the network, because other routers don't have it in their profiles yet.

[hsn10]

feature is needed to make network analysis harder.
Integration time is good enough, it doesn't seems to have any negative effect. After 15 minutes everything runs well.

[hsn10]

I did additional testing and after deleting router state (router id, interface addresses, socks5 keys) it takes between 6 to 8 minutes until rest of network can connect back to you. It is reasonable price for increased security.

[orignal]

And how many problems have you created for other routers? Their NetDb is full of non-existing routers. If you change router ident often, your IP could be banned as possible attacker.

[anikey-from-i2p]

Can we have an option to automatically generate new router id at each start?

orignal, the main developer, already said above that it is not good. Not good for both you and the network as a whole.

it would be enough to delete ntpc2.keys, router.keys, ssu2.keys at each start.

But, if you really want, you can just do that yourself, couldn't you? Is writing a simple wrapper script really that hard?

[zzzi2p]

Agreed with orignal, this is not useful or even harmful, in general. If you change your identity but not your IP, there's no point. However, the one case where it does add some privacy is to do it when your IP has changed, for example when it's on your laptop and you're traveling. In Java I2P we call the option "laptop mode". But I doubt anybody knows about it or uses it.

[anikey-from-i2p]

do it when your IP has changed

What if it keeps flipping between two or three IP addresses? Maybe it makes sense to remember the 2-3 router identities and continue using them when the old IP address becomes the current one?

I doubt anybody knows about it or uses it.

Don't underestimate the power of browsing settings pages.

[zzzi2p]

Like I said, it's a rarely-used feature, there's no plans to make it fancier for us. It's a basic way to cover the threat model: you saw me at 37C3 in Germany with my laptop, then I went back home, you look through your old netdb records for routers at 37C3, and now you know my home IP. If you get that far, either with a script or native support, then you can think about additional protections.