negative zero

Using Mullvad Browser for I2P

2023 May 3

[darknets] [i2p] [tech] [tutorial]


Mullvad recently took everyone by surprise by releasing a web browser. It is a joint project with the Tor Project and is basically just the Tor Browser, sans Tor. (It also comes with uBlock Origin, which is great, and the Mullvad extension, which is pretty much useless if you're not a Mullvad VPN user.) The idea is that you can use this browser to get the same anti-fingerprinting protections of the Tor Browser while using a VPN. This is pretty cool. Tor Browser is essentially the Firefox distribution I would want for browsing if I wasn't using Tor.

I'm not a heavy VPN user, but I thought this would be great for I2P.


Installing Mullvad Browser

These steps are mostly for Linux. If you're running a different OS, you can probably figure it out on your own.

  1. Download Mullvad Browser

    2. Get it from mullvad.net/en/download/browser. Also download the GPG signature.

  2. Verify your download

    3. It's signed with the Tor Browser Developers' signing key, which has fingerprint EF6E286DDA85EA2A4BA7DE684E2C6E8793298290. You probably shouldn't take my word for that. If you've already downloaded and verified the Tor Browser, you should have this key. If you use Micah Lee's fantastic torbrowser-launcher tool, then you can use the gnupg_homedir from that:

    gpg --homedir ~/.local/share/torbrowser/gnupg_homedir/ --verify-files mullvad-browser-linux64-12.0.4_ALL.tar.xz.asc

    (Change the version number and whatnot as needed.)

  3. Extract the downloaded archive wherever you want it
    4. tar xf mullvad-browser-linux64-12.0.4_ALL.tar.xz -C ~/.local/share/
  4. "Register" Mullvad Browser

    5. Like Tor Browser, Mullvad Browser has an executable, self-modifying start-mullvad-browser.desktop file which you can use to "register" the application, adding it to your applications menu and so on.

    First, cd into the Mullvad Browser directory in the one you specified above:

    cd ~/.local/share/mullvad-browser

    Now, run this executable with the --register-app option:

    ./start-mullvad-browser.desktop --register-app

    This will modify the .desktop file to reflect the path where you put it as well as copying it to ~/.local/share/applications/ so it appears in your applications menu.

    If you want to launch it from the keyboard, you can always run Mullvad Browser from this directory, but it might be easier to cat that .desktop file, copy the Exec= stuff, and bind that to some combination of keys.


Configuring Mullvad Browser for I2P

  1. Enable the HTTP proxy for I2P

    2. Go to about:preferences, scroll to the bottom of the General section, and in the Network Settings section, click Settings... beside the text "Configure how Mullvad Browser connects to the internet."

    Select Manual proxy configuration and set HTTP Proxy to "localhost" and Port to "4444".

    Probably check the "Also use this proxy for HTTPS" button.

    Connection Settings menu in Mullvad Browser, showing a manual HTTP proxy using localhost and port 4444


  2. Disable HTTPS-Only Mode

    3. Go to the Privacy & Security section.

    Scroll to the bottom section (HTTPS-Only Mode), and set "Don't enable HTTPS-Only Mode".

    You don't need HTTPS on I2P because the I2P layer provides end-to-end encryption and authentication.

    Privacy & Security settings in Mullvad Browser. The option "Don't enable HTTPS-Only Mode" has been selected.


  3. (Optional) Change your Security Level

    4. I have mine set to Safest.

    Privacy & Security settings in Mullvad Browser. The Security Level has been set to Safest.


  4. Disable keyword.enabled

    5. Go to about:config (and click through the warning if it gives it).

    Change keyword.enabled to false.

    Now, when you put in something.i2p, the browser will just let you visit it, instead of thinking it's not a URL and trying to do a web search.

    about:config in Mullvad Browser. The setting "keyword.enabled" has been set to false.


  5. (Optional) Uninstall the Mullvad Browser Extension

    6. It's completely useless for this use case.

    Add-ons manager in Mullvad Browser. The cursor is hovering over the Remove button for the Mullvad Browser Extension.

    (uBlock Origin might not be as necessary either, since its blocklists won't apply to I2P domains, but it still might be useful to have sometimes to zap elements or whatever.)

You should now be able to use Mullvad Browser for I2P. (Note, you will need to run I2P separately. That's outside the scope of this post, but see this post.)


Updating Mullvad Browser

One note is I'm not sure how updates work. We haven't yet gotten a Mullvad Browser update (even though there's a newer version of Firefox ESR...) Based on capturing network traffic while playing around, when Mullvad Browser tries to check for updates while using an unavailable HTTP proxy, it appears to quietly fail without making any requests but indicate that there is no update to be installed as if it succeeded. If you are not using a proxy, it does generate traffic to Mullvad-owned IP addresses: 194.242.2.2 (doh.mullvad.net, used for DoT/DoH) and 193.138.218.76 (se-mma-releases-001.mullvad.net, to which cdn.mullvad.net is CNAMEd).

When new versions come out, you'll probably have to have Mullvad Browser connect directly to update, then re-enable the HTTP proxy.