The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a mix network) that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic (by using end-to-end encryption), and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an "I2P router", and a computer running I2P is called an "I2P node". I2P is free and open sourced, and is published under multiple licenses.

Technical design

I2P started in 2003 as a fork of Freenet. The network is strictly message-based, like IP, but a library is available to allow reliable streaming communication on top of it (similar to Non-blocking IO-based TCP, although from version 0.6, a new Secure Semi-reliable UDP transport is used ). All communication is end-to-end encrypted (in total, four layers of encryption are used when sending a message) through garlic routing, and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys), so that neither senders nor recipients of messages need to reveal their IP address to the other side or to third-party observers. Although many developers had been a part of the Invisible IRC Project (IIP) and Freenet communities, significant differences exist between their designs and concepts. IIP was an anonymous centralized IRC server. Freenet is a censorship-resistant distributed data store. I2P is an anonymous peer-to-peer distributed communication layer designed to run any traditional internet service (e.g. Usenet, email, IRC, file sharing, Web hosting and HTTP, or Telnet), as well as more traditional distributed applications (e.g. a distributed data store, a web proxy network using Squid, or DNS). Many developers of I2P are known only under pseudonyms. While the previous main developer, jrandom, is currently on hiatus, others, such as zzz, killyourtv, and Complication have continued to lead development efforts, and are assisted by numerous contributors. I2P uses 2048bit ElGamal/AES256/SHA256+Session Tags encryption and Ed25519 EdDSA/ECDSA signatures.

Releases

I2P has had a stable release every six to eight weeks. Updates are distributed via I2P torrents and are signed by the release manager (generally zzz or str4d).

Funding

The website states that "funding for I2P comes entirely from donations". Admins and managers of the project said that "the core project itself doesn't take donations". These should instead go to secondary applications or be spent on hiring others, to work on I2P. Support for the onboarding for I2P came from the Open Technology Fund. In contrast to The Tor Project, I2P has "not the financial or legal infrastructure to support a network of exit nodes". The reseed servers, a sort of bootstrap nodes, which connect the user with the initial set of peers to join the I2P-network, should be run by volunteers.

Software

Since I2P is an anonymizing network layer, it is designed so other software can use it for anonymous communication. As such, there are a variety of tools currently available for I2P or in development. The I2P router is controlled through the router console, which is a web frontend accessed through a web browser.

General networking

Chat

File sharing

Bridging to clearnet

Currently, Vuze and BiglyBT are the torrent clients that make clearnet (connections not through I2P) torrents available on I2P and vice versa. Depending on the client settings, torrents from the internet can be made available on I2P (via announcements to I2P's DHT network) and torrents from I2P can be made available to the internet. For this reason, torrents previously published only on I2P can be made available to the entire Internet, and users of I2P can often download popular content from the Internet while maintaining the anonymity of I2P. As of August 2022, the default outproxy is exit.stormycloud.i2p which is run by StormyCloud Inc.

Email

Instant messaging

Publishing

Routers

The Privacy Solutions project

The Privacy Solutions project, a new organization that develops and maintains I2P software, launched several new development efforts designed to enhance the privacy, security, and anonymity for users, based on I2P protocols and technology. These efforts include: The code repository and download sections for the i2pd and Abscond project is available for the public to review and download. Effective January, 2015 i2pd is operating under PurpleI2P.

Android

Cryptocurrency

Some cryptocurrencies that support I2P are listed below.

Terminology

Vulnerabilities

Denial of service attacks are possible against websites hosted on the network, though a site operator may secure their site against certain versions of this type of attack to some extent. A zero-day vulnerability was discovered for I2P in 2014, and was exploited to de-anonymize at least 30,000 users. This included users of the operating system Tails. This vulnerability was later patched. A 2017 study examining how forensic investigators might exploit vulnerabilities in I2P software to gather useful evidence indicated that a seized machine which had been running I2P router software may hold unencrypted local data that could be useful to law enforcement. Records of which websites a user of a later-seized machine was interested in may also be inferred. The study identified a "trusted" I2P domain registrar ("NO.i2p") which appeared to have been abandoned by its administrator, and which the study identified as a potential target for law enforcement takeover. It alternatively suggested waiting for NO.i2p's server to fail, only to social engineer the I2P community into moving to a phony replacement. Another suggestion the study proposed was to register a mirror version of a target website under an identical domain.

I2PCon

From an I2P convention was held in Toronto, Ontario. The conference was hosted by a local hackerspace, Hacklab. The conference featured presentations from I2P developers and security researchers.

Software