Become Sovran

I2P: The Private Layer of the Web

When most people think of the “Dark Web” or “DarkNet” the first thing that comes to mind is probably Tor. Tor is basically a household name now; love it or hate it most people have heard of it.

As you may or may not know there are a small handful of different privacy focused networks out there. Each one with different ideas on how privacy on the internet should work. I2P or The Invisible Internet Project’s approach is to act as a fully encrypted and private layer of the internet.

This post is not going to be a “why one is better than the other” type post. Each network has its own use cases with their own set of pluses and minuses. This post is simply going to try and explain what I2P is in a broad sense with some comparison to Tor.

I’ll cover things like how to host a site and set up an Outproxy in another post. As with most of my posts this will assume that you do have some basic networking knowledge but I do try and keep it as accessible as I can. Moving on.

A brief history

I2P was initially released in 2003 and started as a fork of freenet. I2P is an anonymous peer-to-peer distributed communication layer designed to run any traditional internet service (Email, HTTP, File Sharing, Web hosting), as well as more traditional distributed applications such as DNS.

It is designed so that other software can use it for anonymous communication, due to this you can get pretty much anything to communicate Via I2P. There are already a fair number of applications working on I2P such as Email, Chat, and File sharing, crypto currency and more.


I2P uses what they call “Garlic routing” which is a variation on onion routing. There is a long list of technical differences that you can read about here if you want to get more into the nuts and bolts of things, I’m only going to give a broad overview here.

As we know, Onion routing is a technique for building paths (Circuits in Tor terms, Tunnels in I2P terms.) through a series of peers and then using the tunnel to pass data. A message is encrypted by the sender and decrypted every hop until it reaches its destination. With each hop stripping a layer of encryption to get the directions to reach its next peer.

In this way both Garlic and Onion routing are conceptually identical but this is where that stops, where Tor does a single message at a time and a single reply, I2P bundles messages together in what Michael Freedman coined as a “Bulb” (Or a Clove on the official site). All messages have their own delivery instructions that get bundled and delivered to an endpoint allowing for the efficient bundling of an onion style reply block. This helps to increase overall network speed. This is a primary advantage in I2P, it's optimized in a way that is generally faster than Tor.

Another key difference is that traffic is unidirectional not bidirectional like in Tor, this allows for more flexibility in the protocol for more reliable delivery. Each router creates a series of in-bound and out-bound tunnels. This setup allows for things like UDP and P2P connections. Tor by design will probably never support UDP and while P2P connections are technically possible with Tor, they are highly discouraged and damaging to the network. P2P is the meat and potatoes of I2P making it ideal for file sharing and other forms of p2p communication.

I think it’s also worth pointing out that with I2P "Exit nodes" or OutProxies are not a focus. While a major use case for Tor is to help people in countries with heavily censored internet to reach sites on the “clear net” that might be blocked by a government. I2P does not officially “exit” traffic from the network.

Exit nodes (OutProxies) in I2P are run by volunteers which are, essentially, centralized services. OutProxying is also not officially advised as the privacy benefits you get from I2P come from remaining in the network. But it can be done and is. Nowadays people even use Tor Exit Nodes in conjunction with I2P. This a perfect segway to talk a bit about the network structure of I2P as this varies quite a bit from Tor.

Tor Network Structure Refresh

I’ll start off with a refresher on Tor. There are enough similarities between the networks that without diving too deep it helps with some comparisons. Tor has various elements to its network. A basic Tor connection takes a minimum of three different kinds of nodes. An entry node, a relay, and an exit. The first node is your entry node. Keep in mind any relay node can act as an entry node, the only difference being that the entry is the only node that knows who you really are.

Relay nodes are the ones that pass your traffic along to exit nodes after a few hops. The exit node communicates with your destination and can forward traffic out of the network. Exit nodes serve as a source for your destination server. This is part of how Tor keeps your traffic anonymous. Exit nodes also send the traffic back to you.

Directory servers are critical for maintaining Tor network. They store the identity of the nodes on the network. The directory servers are hard coded into the Tor browser and when you fire up the Tor browser these directory servers choose your entry, relay, and exit to form a circuit. At the time of writing there are only 10 directory servers. You can see them here. The other purpose of these servers is to maintain the health of the network by monitoring the activity of nodes and replacing unhealthy nodes with healthy ones to maintain the stability of the network.

It’s also worth noting that relay servers technically have two categories: the “advertised relay nodes” ; these are the relays that are publicly available in the list that the directory servers maintain. Then there are “Bridge nodes”. These are private relays as they are not listed in directory servers. They exist purely for government blocks. In theory you can block the nodes on the public list, but you can’t block what you can’t find so therefore bridge nodes exist. It’s hard to gauge the number of bridges out there but it's estimated to be in the 2k range. You can see that here.

That's Tor in a nutshell. On to I2P

I2P Software

When you install I2P you get software that has everything with it you need to connect to the network and host with. Every “node” in I2P is also a router so there is no distinct difference from a server and pure client like with Tor.

This leads to I2P to be almost completely decentralized. They say “almost” due to the need of what they call “Reseed Servers” this is how you make your first connections and join the network. These servers help with what’s called the DHT (Distributed Hash Table) bootstrap problem. There is no reliable method to get out of running at least one permanent bootstrap node that non-network users can find to get their foothold in the network. Once you're connected to the network you only discover peers by making “exploratory” tunnels. But to make your initial connections you need to get your peers from somewhere. This model contrasts with Tors directory servers a great deal.

Floodfill routers or peers are I2P’s directory servers that store the directory or the Network Database (netDB for short). Floodfill servers are untrusted and varying. Any router can be set to act as a floodfill router. To increase reliability of the netDB floodfill is automatically turned on only on high bandwidth routers (this has to be manually configured). In addition to having high bandwidth a router must also pass health checks like outbound message queue time and job lag before floodfill is automatically turned on. It is estimated that only 6% of the network are floodfill routers.

The netDB that I2P uses is a specialized distributed database. It only contains a few types of data the big two being Router contact info (RouterInfos) and Destination contact info (LeaseSets). Each bit of data is signed by the host and is verified by anyone who chooses to store the site in their own local copy of the netDB. It also stores liveliness data of a site, this allows bad entries to be dropped, newer entries replace older ones.

Tunnels (or circuits on the Tor network) are how routers communicate and route traffic. I2P builds virtual “Tunnels” between routers for communication; they are temporary and unidirectional. For a basic connection you need at least four tunnels two outbound two inbound. Each tunnel has a set amount of hops that is set in router settings with a maximum of seven hops. The amount of hops per tunnel of course affects things like latency, throughput, reliability. and anonymity and a user can fine tune the amount of hops based on need. Three hops is recommended for most users as its a fair balance of anonymity and speed. Peers are selected by a continuous polling and ranking performance rather than trusting claimed capacity.

I could spend several more pages covering the specifics of I2P but I’ll leave you with a link to the main documentationif you want to take a deeper look at the network and how it works.

To Sum up

In conclusion I would say that I2P has a lot of potential. While Tor is designed to act as an anonymizing proxy for the Vanilla Internet, I2P is specifically designed to make an anonymous network for hidden services and P2P applications. It's not perfect (Name a solution that is though… I’ll wait) but it's a good attempt at an anonymized network layer.

I think it's far more flexible than Tor and while it currently is more technically involved to use than Tor at the moment I hope that will be eventually overcome. The need to install something plus configuring a proxy on a separate browser from your primary browser can be daunting to some vs Tor’s just installing a browser and off you go. Although Firefox plugins like “I2P In Private Browsing” does a good job managing I2P via containers for Firefox eliminating the need to have a separate browser or do any extra configuration. This makes it far more accessible in my opinion.

I2P does have a fair amount of self awareness when it comes down to what the network could be vulnerable to. Outside of unforeseen software vulnerabilities that could jeopardize the network a few of the attacks they talk about and try to mitigate include: Brute force, Timing attacks, DOS attacks, Intersection attacks and syble attacks to name a few. If you want to learn more about these potential issues and how they try and mitigate themhere is the official page.

I2P is a smaller network that's not as battle tested as Tor but its optimization for hidden services and its more P2P nature is very appealing. Also Monero and Bitcoin support I2P now for node communication. Along with a few other privacy focused cyptos joining the network. I personally hope to see more Bitcoin and Monero users to enable I2P on their nodes.

I hope this helps answer some questions about I2P and encourages you to learn more and start exploring how you can use I2P to help you maintain at least a modicum of privacy in an ever surveilled world. I'll leave some links below to get you started. Have fun exploring and tinkering!

Until next time.

Main Site

Technical Docs

Network Metrics