the attacker must be able to affect the content of a website that you are visiting using the [[Tor Browser|doc/anonymous_internet/Tor_Browser]] in Tails — many people are able to do so;
and, the attacker must find out how to exploit this security hole; this information has not been published yet, but they may somehow already have discovered it, or been made aware of it.
<p><strong>Tails does not start I2P by default.</strong> This design decision was made precisely in order to protect the Tailsusers who do not use I2P from security holes in this piece of software.</p>
However, if you really need to use I2P in Tails 1.1: before you start I2P, disable JavaScript globally [[with NoScript|doc/anonymous_internet/Tor_Browser#noscript]] in the Tor Browser.