Using Mullvad Browser for I2P
2023 May 3
Mullvad recently took everyone by surprise by releasing a web browser. It is a joint project with the Tor Project and is basically just the Tor Browser, sans Tor. (It also comes with uBlock Origin, which is great, and the Mullvad extension, which is pretty much useless if you're not a Mullvad VPN user.) The idea is that you can use this browser to get the same anti-fingerprinting protections of the Tor Browser while using a VPN. This is pretty cool. Tor Browser is essentially the Firefox distribution I would want for browsing if I wasn't using Tor.
I'm not a heavy VPN user, but I thought this would be great for I2P.
Installing Mullvad Browser
These steps are mostly for Linux. If you're running a different OS, you can probably figure it out on your own.
- Download Mullvad Browser
- Verify your download
- Extract the downloaded archive wherever you want it
- "Register" Mullvad Browser
Get it from mullvad.net/en/download/browser. Also download the GPG signature.
It's signed with the Tor Browser Developers' signing key, which has fingerprint EF6E286DDA85EA2A4BA7DE684E2C6E8793298290. You probably shouldn't take my word for that. If you've already downloaded and verified the Tor Browser, you should have this key. If you use Micah Lee's fantastic torbrowser-launcher tool, then you can use the gnupg_homedir from that:
gpg --homedir ~/.local/share/torbrowser/gnupg_homedir/ --verify-files mullvad-browser-linux64-12.0.4_ALL.tar.xz.asc
(Change the version number and whatnot as needed.)
tar xf mullvad-browser-linux64-12.0.4_ALL.tar.xz -C ~/.local/share/
Like Tor Browser, Mullvad Browser has an executable, self-modifying start-mullvad-browser.desktop file which you can use to "register" the application, adding it to your applications menu and so on.
cd into the Mullvad Browser directory in the one you specified above:
Now, run this executable with the --register-app option:
This will modify the .desktop file to reflect the path where you put it as well as copying it to ~/.local/share/applications/ so it appears in your applications menu.
If you want to launch it from the keyboard, you can always run Mullvad Browser from this directory, but it might be easier to
cat that .desktop file, copy the Exec= stuff, and bind that to some combination of keys.
Configuring Mullvad Browser for I2P
- Enable the HTTP proxy for I2P
- Disable HTTPS-Only Mode
- (Optional) Change your Security Level
- Disable keyword.enabled
- (Optional) Uninstall the Mullvad Browser Extension
Go to about:preferences, scroll to the bottom of the General section, and in the Network Settings section, click Settings... beside the text "Configure how Mullvad Browser connects to the internet."
Select Manual proxy configuration and set HTTP Proxy to "localhost" and Port to "4444".
Probably check the "Also use this proxy for HTTPS" button.
Go to the Privacy & Security section.
Scroll to the bottom section (HTTPS-Only Mode), and set "Don't enable HTTPS-Only Mode".
You don't need HTTPS on I2P because the I2P layer provides end-to-end encryption and authentication.
I have mine set to Safest.
Go to about:config (and click through the warning if it gives it).
Change keyword.enabled to false.
Now, when you put in something.i2p, the browser will just let you visit it, instead of thinking it's not a URL and trying to do a web search.
It's completely useless for this use case.
(uBlock Origin might not be as necessary either, since its blocklists won't apply to I2P domains, but it still might be useful to have sometimes to zap elements or whatever.)
You should now be able to use Mullvad Browser for I2P. (Note, you will need to run I2P separately. That's outside the scope of this post, but see this post.)
Updating Mullvad Browser
One note is I'm not sure how updates work. We haven't yet gotten a Mullvad Browser update (even though there's a newer version of Firefox ESR...) Based on capturing network traffic while playing around, when Mullvad Browser tries to check for updates while using an unavailable HTTP proxy, it appears to quietly fail without making any requests but indicate that there is no update to be installed as if it succeeded. If you are not using a proxy, it does generate traffic to Mullvad-owned IP addresses: 188.8.131.52 (doh.mullvad.net, used for DoT/DoH) and 184.108.40.206 (se-mma-releases-001.mullvad.net, to which cdn.mullvad.net is CNAMEd).
When new versions come out, you'll probably have to have Mullvad Browser connect directly to update, then re-enable the HTTP proxy.