The Invisible Internet Project (I2P) is an anonymous peer-to-peer communication layer, an offshoot of Freenet (GIZ01) designed to run any Internet service (email, IRC, file sharing, HTTP, Telnet) as well as distributed applications. Its aim is to “protect communication from dragnet surveillance and monitoring by third parties such as ISPs” (I2P01). A computer running the I2P software is called an I2P node.
All communication in I2P is encrypted end-to-end and forwarded through a network of nodes to conceal the source and destination of the traffic. The communication endpoints are identified by cryptographic keys (I2P01).
I2P can be used to host services that are only accessible via the anonymising network. Websites published via I2P, known as “eepsites”, use domain names ending with the ‘.i2p’ suffix.
- Garlic routing – A variant of onion routing that encrypts multiple messages together to make it more difficult to conduct traffic analysis. Garlic routing is one of the key factors that distinguishes I2P from TOR and other networks where messages are encrypted multiple times.
- Peer-to-peer – The I2P network is decentralised. All users run the same software, which by default takes part in relaying data for other users. This means that unlike Tor, traffic does not enter and leave the anonymising network, which may make traffic confirmation more difficult.
- Traffic analysis – Can be used to infer who is talking to whom over a public network. Knowing the source and destination of a person’s Internet traffic makes it possible to track their behaviour and interests.
- Decentralization – Having no central servers, I2P is not controlled by any one individual or organization, including the designers of the platform. There is no single point where content can be removed or access to the network can be blocked.
- Anonymity – Garlic routing separates identification from routing so that information can be published and accessed anonymously.
- Harvesting – It is easy to compile a list of I2P nodes because every node is continually attempting to find other nodes and connect to them.
- Sybil attacks – Peer-to-peer networks are vulnerable to ‘sybil attacks’ in which an attacker creates multiple identities in order to have a disproportionate influence on the operation of the network.
- Full list: https://geti2p.net/en/docs/how/threat-model.
Layers of operation:
- Transport layer: I2P provides an anonymous transport layer that can be used by other applications.
- Application layer: I2P nodes communicate across the Internet at the application layer.
I2P has been called a “super anonymous network” (GIZ01) where users can gain access to content that is not available outside the network. Unlike Tor, users cannot browse the public Internet with the I2P software.
People using I2P can control the trade-offs they make between anonymity, reliability, bandwidth usage, and latency by choosing the number of nodes their data passes through (I2P01).