• YOUR ISP:Amazon
  • STATUS: Not connected

IVPN Privacy Guides

Expert guides from the leaders in VPN

An Introduction to Tor vs I2P

Darknet. The word in and of itself brings to mind visions of the seedy underbelly of the internet; a virtual red-light district, back alley, and digital ghetto all rolled into one. Despite this threatening image that the media and many governments would like to imprint on the public consciousness, privacy-aware individuals know that in todays world of ISP data retention being measured in petabytes and massive supercomputing resources being thrown at traffic analysis by both governments and private industry alike, individuals must take it upon themselves to ensure the freedoms that come with anonymous information access and communication. Two of the most popular tools for doing so on the internet are Tor and I2P. Both will be compared and contrasted below.


We will begin by examining the underlying technology of the Tor network with an eye towards how it works to protect your anonymity online. The Tor network is comprised of three different types of nodes: directory servers, exit points (also referred to as exit relays), and internal relays. When you connect to Tor, the first thing your client does is acquire a current list of relays from one of the trusted directory servers. The addresses of these servers are included with the basic configuration files shipped with the client (of course, as with any reputable privacy tool, you have the option to alter what directory servers you trust to provide you with valid relays).

After retrieving a list of currently operational relays from the directory servers, your client then determines the optimal route for your traffic across the Tor network and finally terminating (from the Tor network perspective) at an exit node. This circuit created consists of your computer, the relay to which you are connecting and multiple internal relays before reaching an exit node. Note that this is substantially different that the traditional IP forwarding that occurs between routers on the internet. Traditional IP routers follow a best possible route on a per-packet basis, there are no “stateful” circuits from an IP perspective (as a qualifier to this statement, it is necessary to grant that it is within the technical realm of possibility that every router between you and the computer you are connecting to could have single, static routes to one another, though in practice this is a near impossibility). In short, for the life of a circuit, all of your traffic will follow the same route within the Tor network and exit at the same point. Later, we will see how this is fundamentally different that the way the I2P network operates.

During the circuit creation process, your client exchanges cryptographic keys with the first relay it connects to and begins encrypting traffic back and forth. Further each hop in transit between the various relays is encrypted using those relays’ cryptographic keys. You can visualize this as layers of encryption being wrapped around your data: this is where the phrase “onion routing” comes from when describing the type of network Tor establishes. Finally, your encrypted traffic is decrypted at the exit relay where it is then forwarded out onto the “regular” internet. This is one of the ways that Tor helps maintain your privacy online – each exit node is aggregating traffic from many other Tor users and putting it out onto the internet all at once. Your traffic becomes a small stream in the giant swath of data coming from and entering back into any given exit node. It is also important to note that your exit node only knows which intermediate node to send receiving data back to (this is also true for each internal to internal leg of the circuit). What this means is that your identity and the content of your traffic are cryptographically bifurcated – your entry node knows who you are but not what you are doing and your exit node knows what you are doing but not who you are. All the relays in between only know to forward the encrypted payload to the next relay on the circuit. Assuming that the content of your traffic does not reveal your identity, this permits you to browse the internet completely anonymously.

As a side note, Tor also allows you to run and access what are called “hidden services.” These are servers that are accessible only from within the Tor network itself. While this is not the primary purpose for Tor, it does provide an opportunity for one to use dedicated in-network services in a cryptographically secure manner. Among the various hidden services are various blogs, email servers, and forums. We will see later how I2P provides a better framework for providing these hidden services, but if one’s primary goal is to access “regular” internet services in a anonymous fashion, Tor is a vital tool in one’s arsenal.


On the surface, I2P appears to provide many of the same benefits that Tor does. Both allow anonymous access to online content, both make use of a peer-to-peer-like routing structure, and both operate using layered encryption. However, I2P was designed from the ground up to provide a different set of benefits. As we saw above, the primary use case for Tor is enabling anonymous access of the public internet with hidden services as an ancillary benefit. I2P on the other hand, was designed from day one to be a true “darknet.” Its primary function is to be a “network within the internet,” with traffic staying contained in its borders. Very few outbound relays exist in the I2P network, and the few that do exist are rarely usable.

As mentioned above, I2P routes traffic differently than Tor. At its heart, I2P performs packet based routing as opposed to Tor’s circuit based routing. This has the benefit of permitting I2P to dynamically route around congestion and service interruptions in a manner similar to the internet’s IP routing. This provides a higher level of reliability and redundancy to the network itself. Additionally, I2P does not rely on a trusted directory service to get route information. Instead, network routes are formed and constantly updated dynamically, with each router constantly evaluating other routers and sharing what it finds. Finally, I2P establishes two independent simplex tunnels for traffic to traverse the network to and from each host as opposed to Tor’s formation of a single duplex circuit. This provides the additional benefit of only disclosing half the traffic in the case of an in-network eavesdropper.

From an application-level perspective there is a fundamental difference between the I2P and Tor networks as well. Tor functions by providing a proxy on your local machine that you must configure your applications to use (of download specially configured application bundles). In contrast, I2P is generally used by applications that are written specifically to run on the I2P network. These include, but are not limited to, instant message, file sharing, email, and distributed storage applications (yes, you can store encrypted data in the I2P “cloud,” similar to Freenet).


We see that both Tor and I2P provide cryptographically sound methods to anonymously access information and comunicate online. Tor provides one with better anonymous access to the open internet and I2P provides one with a more robust and reliable “network within the network,” a true darknet, if you will. Of course, when implementing either of these two tools, one must always be aware that one’s ISP can see that he or she is using Tor or I2P (though they cannot determine the content of the traffic itself). In order to hide this knowledge from one’s ISP, one should make use of a high-quality VPN service to act as an entry point to either one’s anonymous network of choice or to the internet at large.

9 Responses to An Introduction to Tor vs I2P

  1. Joseph Anthony Dixon says:

    nice comparison of the two programs.

  2. Johnny says:

    A lot less people use i2p and every person is a node and all nodes are published so it’s not a very good darknet market. A VPN helps but it’s better to rely on implementation than hoping someone won’t tell if they get a letter from the NSA (hint: people receiving will comply).

  3. Freddy Bartholomew says:

    Johnny: you don’t have to publish your i2p node on the network – you can enable ‘hidden’ mode, but I think that might impact performance in some way.

    Tor is constantly under attack at the moment from law enforcement, moral fag vigilante script-kiddies like Anonymous who are trying to improve their image, and who knows who else.

    I2p otoh has a relatively low profile, for now. It uses 6 (yes that’s _SIX_ folks!) hops BOTH ways and uses _different_ tunnels to send and receive data, and these change rapidly and dynamically on a PER PACKET basis. This has to make I2p MUCH harder to attack by observing traffic. By contract, Tor uses very long-lived circuits of only 3 hops both ways – the same three hops both ways. Tor is primarily for traffic to the outside internet; i2p is not. Tor therefore has to be more vulnerable to timing attacks and poison node attacks than i2p, all other things (like user error) being equal. There are also a huge number of i2p nodes.

    An additional VPN could be a weakness instead of a strength. It can provide a remote spy who can watch for bandwidth modulation attacks on your encrypted tor or i2p traffic, but I think those are probably more likely with tor than with i2p.

  4. Andrés says:

    @Johnny, if a node operator gets a letter, he cannot disclose much. Unless you say that the agency of your choice will install a spying device directly on each user’s computer. It is far easier for them to target centralized services like directory server or central servers like e.g. JAP /Jondonym, which even acknowledge they do disclose user information upon request from the authorities.

  5. Raizan says:

    Hi guys

    Forgive about the question but i m looking for the most powerfull open vpn if possible military grade for my android and laptop do you know which one is more reliable?

  6. Jonny says:

    I’m new to this and was wondering what all of your opinions were on which one is better I may use my computer for looking up normal stuff on the internet as well not just for the darknet so which one would be better for my use’s

  7. Burp says:

    i2p is a shittier version of the darknet, it uses Java and relies on Tor for routing. So why not just use Tor?

    • droid0110 says:

      It doesn’t rely on TOR for routing… Where the hell did you get that MI from?

      I2P is itself it’s own “onion routing” protocol. Allow me to clarify:

      The term “onion routing” simply describes the way the networks messages (packets) are encrypted/transmitted/received/decrypted between the endpoints (client/server). Thus TOR is one “interpretation” if you will of this routing style, while I2P is another (separate) interpretation of this same routing style.

      TOR is more vulnerable than I2P when it comes to routing. Simply because I2P has more hops, and more tunnels that data travels through (which are polymorphic in a sense), as well as the multi-layer military grade encryption. Keep in mind the multiple layers of encryption I2P has that TOR does not, and think about how data being passed through only one tunnel (like TOR) is easy to read having the whole message (or packet) – if decrypted – and how data being split into fragments and sent through multiple tunnels would not be readable – as the message is received in part (not in whole) and therefore undecryptable (as a fragment of data) and therefore unreadable.

      If you can understand the above somehow, welcome to non-noob-land.

      TOR = ease of use = clearnet access = exit node sniffing = insecure
      I2P = security = no clearnet = no exit node sniffing = secure


      TOR -> encrypted -> EXITNODE -> unencrypted -> WWW
      TOR -> encrypted -> EXITNODE -> fake-rogue-secure-server (redirecting users to insecure/monitored server)

      I2P -> encrypted -> encrypted again -> encrypted again -> encrypted again -> encrypted again -> secure server

      The fact that TOR relies on having AT LEAST 1 node at the end of the tunnel that can see what you send through said tunnel in CLEARTEXT, should prove the simple fact that I2P is more secure and far better than TOR.

      I2P does not rely on the endpoint of the tunnel to be a middle man. You can’t simply sniff I2P traffic (multiple tunnels, polymorphic routes, etc.), and if you could, you could not simply just decrypt it with the many layers of encryption along the network.

      Rebutt away, but I2P is simply more secure, and is NOT noob like TOR is.

      Related Experience: Computers, Programmer/Analyst, Communications, Networking

      I2P is it’s OWN beast.

Leave A Comment

Start Protecting Your Online Privacy Now