You've heard of Tor. You probably know it routes your traffic through three hops and lets you access .onion sites. But there's another anonymous network that predates Tor in some ways and does something fundamentally different — I2P, the Invisible Internet Project. Instead of helping you browse the regular internet privately, I2P creates a completely self-contained private internet where every participant is both a user and a router. Your real IP is never exposed to anyone you communicate with — not even the site you're visiting.
TL;DR
- I2P is a self-contained private network — not a way to browse the regular internet anonymously
- Uses garlic routing (bundled encrypted messages) instead of Tor's onion routing (single-path layers)
- Every node routes traffic for others — there are no dedicated relays or exit nodes
- Best for: hosting anonymous services, peer-to-peer communication, anonymous file sharing
- Not for: regular web browsing — use Tor or a VPN for that instead
What Is I2P?
I2P stands for the Invisible Internet Project. It's a free, open-source anonymous network layer that routes encrypted traffic through a distributed network of volunteer-run nodes — similar in concept to Tor, but built around a different set of assumptions and use cases.
Where Tor is mainly designed to help you browse the regular internet anonymously, I2P is primarily designed as a self-contained network — a private internet within the internet. You can host websites (called eepsites), run file sharing, messaging, and other services — all without revealing your real IP address to anyone else on the network.
I2P isn't as widely known as Tor, and it's harder to set up. But for certain use cases — particularly self-hosted anonymous services and peer-to-peer communication — it has real technical advantages worth understanding.
How I2P Routes Traffic: Garlic Routing
Tor uses onion routing: your traffic passes through a circuit of three relays (guard, middle, exit). Each relay only knows the previous and next hop. The exit relay connects to the destination on your behalf, which means the exit relay can see your unencrypted traffic (unless it's HTTPS) and the destination sees the exit relay's IP.
I2P uses garlic routing. The name comes from garlic cloves: instead of encrypting your message in layers for a single path (the onion approach), I2P bundles multiple messages together into a single encrypted packet. Each message in the bundle — a "clove" — has its own encrypted instructions for routing.
This approach has a few advantages:
- More efficient use of bandwidth — multiple messages bundled together reduce overhead
- Harder to perform timing analysis — bundling messages makes it more difficult for an observer to correlate a sender and receiver by timing packets
- One-way tunnels — I2P uses separate inbound and outbound tunnels for each peer, making traffic correlation harder
The I2P Tunnel System
Every I2P node creates two sets of tunnels: outbound tunnels (for sending data out) and inbound tunnels (for receiving data). To communicate with another I2P node, your traffic goes out through one of your outbound tunnels, routes through several intermediate nodes, and enters the destination through one of their inbound tunnels.
Neither party knows the full path. The destination only sees the last node in your outbound tunnel. You only see the first node in the destination's inbound tunnel. Intermediate nodes only see adjacent hops.
Tunnels are rebuilt every 10 minutes by default. This constant rotation makes long-term traffic analysis harder — even if an attacker manages to observe part of a tunnel, that tunnel is gone within minutes.
I2P vs Tor: A Detailed Comparison
| Feature | I2P | Tor |
|---|---|---|
| Primary use case | Internal anonymous services (eepsites) | Accessing the regular internet anonymously |
| Routing method | Garlic routing (bundled messages) | Onion routing (layered single path) |
| Exit nodes | No exit nodes — stays inside I2P | Exit nodes connect to regular internet |
| Regular internet access | Limited (outproxies, not recommended) | Primary use case |
| Self-hosting services | Excellent — designed for this | Possible via hidden services |
| Network size | Smaller (~50,000 nodes) | Much larger (~6,000+ relays, millions of users) |
| Tunnel rotation | Every 10 minutes | Every 10 minutes (circuit) |
| Setup complexity | Higher — requires router software | Lower — just use Tor Browser |
| Speed | Generally slow | Also slow, but more optimized for web |
| Traffic timing analysis resistance | Better (bundled messages, one-way tunnels) | Good but exit relay is a weak point |
What You Can Do on I2P
Eepsites (I2P Hidden Websites)
Eepsites are websites hosted inside I2P and accessible only within the network. They use .i2p domain endings. Anyone can host one — no domain registration, no IP exposure. The host's real IP is never revealed to visitors, and visitors' IPs are never revealed to the host.
Eepsites have legitimate uses: privacy-focused forums, secure whistleblower platforms, developer communication channels that can't be easily targeted by DDoS or domain seizure.
Anonymous File Sharing
I2P includes built-in support for anonymous BitTorrent via I2PSnark (included in the I2P router software). Torrenting within I2P means neither peers nor trackers see your real IP. It's significantly slower than regular torrenting due to network overhead, but provides strong anonymity.
Anonymous Email
I2P's network includes I2P-Bote, a serverless, peer-to-peer email system. Messages are stored in a distributed hash table across I2P nodes. There's no central mail server to compromise, and no central point of logging.
Secure Messaging
I2PMessenger and similar applications run over I2P to provide chat without revealing the participants' real IPs. Since I2P is a self-contained network, there's no central server to subpoena or compromise.
How to Get Started with I2P
- Download the I2P router from the official site (geti2p.net). There are Java-based and C++ (i2pd) implementations available for Windows, Linux, and macOS.
- Install and start the router. The I2P router software manages your tunnels, maintains your peer connections, and provides a web-based console usually accessible at
127.0.0.1:7657. - Wait for integration. When you first start I2P, it needs time to find peers and build tunnels. The first few minutes can be slow. After 10–15 minutes, the network will have integrated your node and performance improves.
- Configure your browser. To browse eepsites, configure your browser to use the I2P HTTP proxy at
127.0.0.1:4444. You'll then be able to access.i2pdomains. - Explore the network. Start with the I2P internal sites — there's a built-in index of active eepsites, forums, and services available through the router console.
I2P and Your Real IP Address
One common question: can someone see your real IP while you're using I2P? The answer depends on what you're doing. Inside the I2P network — browsing eepsites, using I2P applications — your real IP is not exposed to the services you're connecting to. They only see the last node in your tunnel, not your actual address.
However, your ISP can see that you're connecting to I2P nodes (though not what you're doing inside I2P). And if you use I2P outproxies to browse the regular internet, the outproxy operator can see your destination traffic. For that reason, using I2P to access the clearnet is not recommended. Check what IP address the internet currently sees for your connection — this is what I2P hides from services inside its network.
I2P Limitations and Honest Trade-offs
I2P is not for everyone, and it has real limitations you should know about before spending time on it:
- Slow. Routing through multiple I2P nodes adds significant latency. Browsing eepsites feels like dial-up internet for most users. File transfers work but at reduced speeds.
- Small network. The I2P network is much smaller than Tor. Fewer nodes means less anonymity through crowd (there are fewer people to hide among) and higher risk from a well-resourced attacker who controls many nodes.
- Poor for regular web browsing. I2P wasn't designed to access the regular internet. While outproxies exist, they're unreliable, slow, and undermine anonymity since the outproxy can see your traffic. Use Tor for this.
- Complex setup. Getting I2P running and properly configured takes more effort than just downloading Tor Browser. The learning curve is real.
- Java dependency. The standard I2P router requires Java. The alternative C++ implementation (i2pd) exists but has fewer features and is less user-friendly.
I2P vs VPN: Very Different Tools
A VPN hides your IP from websites by routing your traffic through a VPN server. The VPN provider sees your traffic and your real IP — you're trusting them. I2P hides your traffic from the entire network using cryptographic routing through multiple nodes. No single node knows both who you are and what you're doing.
VPNs are fast, easy, and good for everyday privacy (streaming, bypassing geo-blocks, ISP-level privacy). I2P is slow, complex, and designed for use cases where you need strong anonymity even from your service provider. They solve different problems.
I2P Performance: What to Realistically Expect
First-time I2P users are often frustrated by the speed. Here's a realistic picture of what to expect:
- Integration period (0–15 minutes): Very slow. The router is finding peers and building its first tunnels. Don't judge I2P performance during this window.
- After integration: Eepsite browsing averages 50–200 KB/s for most users. Text-heavy pages load in 2–5 seconds. Image-heavy pages are slower.
- File transfers (I2PSnark): Depend heavily on the number of peers seeding inside I2P. Popular torrents can reach 500 KB/s–2 MB/s. Niche content may be much slower.
- After participation ranking improves: I2P tracks each node's bandwidth contribution. The more bandwidth you contribute to the network, the better tunnels you get. Running I2P for days or weeks improves your personal performance.
Who Uses I2P?
I2P's user base is smaller and more technically oriented than Tor's. Common use cases include:
- Researchers and developers building anonymous applications
- Privacy advocates who want to host services without exposing their server's IP
- Journalists and sources in high-risk environments who need to communicate without server-side logs
- People in politically restrictive countries who need to operate communication infrastructure that can't be seized or shut down
- Security researchers studying anonymization networks
Common Mistakes When Using I2P
- Using I2P outproxies to browse the regular internet. Outproxies can see your destination traffic and introduce a trust dependency. Use Tor for regular internet browsing.
- Sharing I2P addresses with your real identity. If you host an eepsite and then publicize its address under your real name, the anonymity of the host is gone even though the IP is hidden.
- Expecting Tor-level anonymity immediately. I2P provides better anonymity for internal services but requires a larger network to be truly anonymous. With only ~50,000 nodes, the anonymity set is smaller than Tor's.
- Not allowing time for network integration. Starting I2P and immediately expecting fast connections is a setup for frustration. Give it 15–30 minutes to fully integrate with the network before evaluating performance.
I2P in Context
I2P isn't trying to be Tor. It's solving a different problem: how do you build and host services that are genuinely private at the infrastructure level — where even the host's ISP can't be compelled to reveal the server's IP because there is no single server IP exposed?
If that's the problem you're trying to solve, I2P is purpose-built for it. If you just want to browse the web privately, use Tor or a reputable VPN. The right tool depends entirely on what you actually need.