I2P (Invisible Internet Project) is a garlic-routing network designed for internal anonymous communication — hidden services, encrypted email, file sharing, and messaging within the I2P network itself. Unlike Tor, I2P isn’t primarily designed for accessing the clearnet anonymously. Each peer routes traffic for others, making every participant a relay by default.
I2P vs Tor: When to Use Which
| Characteristic | I2P | Tor |
|---|---|---|
| Primary use | Internal network (eepsites) | Clearnet anonymity |
| Routing | Garlic routing (multi-layered) | Onion routing |
| Directory | Distributed (DHT-based) | Central directory servers |
| Exit nodes | Limited external access | Many exit nodes |
| Performance | Slow, improves with network size | Faster for clearnet |
| File sharing | Built-in (I2PSnark) | Not designed for it |
| Hidden services | Eepsites (.i2p) | .onion sites |
Use I2P when: accessing .i2p sites, anonymous file sharing within the network, I2P-Bote email. Use Tor when: accessing clearnet sites anonymously, .onion services.
Install I2P
Option A: Java I2P (reference implementation)
# Ubuntu/Debian
sudo apt install default-jre-headless
# Download I2P installer from geti2p.net
wget https://geti2p.net/en/download/2.6.0/stable/i2pinstall_2.6.0.jar
wget https://geti2p.net/en/download/2.6.0/stable/i2pinstall_2.6.0.jar.sig
# Verify signature
gpg --keyserver keyserver.ubuntu.com --recv-keys 0x2D3D2D03910C6504
gpg --verify i2pinstall_2.6.0.jar.sig i2pinstall_2.6.0.jar
# Install
java -jar i2pinstall_2.6.0.jar -console
# Start I2P
/usr/local/i2p/i2prouter start
# Access the router console
# http://127.0.0.1:7657
Option B: i2pd (C++ implementation, lighter)
# Install i2pd — lighter C++ implementation, no web UI by default
sudo apt install i2pd # Ubuntu/Debian
sudo pacman -S i2pd # Arch
# Start
sudo systemctl enable --now i2pd
# i2pd config
cat /etc/i2pd/i2pd.conf
Option C: Tor Browser-style bundle (I2P Browser)
The I2P project distributes a Firefox-based browser pre-configured for I2P:
# Download I2P Browser from geti2p.net/en/download
# Linux: extract and run ./start-i2pbrowser.sh
# macOS/Windows: standard installer available
Initial Configuration (Java I2P)
After starting, open the router console at http://127.0.0.1:7657:
- Network setup wizard runs on first launch — complete it
- Wait for the router to integrate (shows “Integrated” status, ~5-10 minutes)
- Watch the bandwidth graph — as you connect to more peers, performance improves
- The “Network” page shows your integration level: Integrated means you’re participating in routing
Router Console → Network:
Routers known: should be 500+ after a few minutes
Integration: Integrated (green) is the target
Bandwidth: set limits to avoid saturating your connection
Set bandwidth limits:
Router Console → Config → Bandwidth
Inbound: 80% of your max download speed
Outbound: 80% of your max upload speed
Share: 80 (percentage of bandwidth shared with network)
Configure Your Browser for I2P
The Java I2P router runs an HTTP proxy on port 4444:
Firefox → Settings → Network Settings → Manual proxy configuration:
HTTP Proxy: 127.0.0.1 Port: 4444
No proxy for: localhost, 127.0.0.1
# Do NOT enable "Use this proxy server for all protocols"
# I2P proxy only handles HTTP to .i2p addresses
Test that it’s working by visiting an eepsite:
http://i2p-projekt.i2p (I2P project home)
http://stats.i2p (network statistics)
http://forum.i2p (I2P forum)
These take 30-90 seconds to load on first visit while the router builds tunnels to the destination.
SOCKS Proxy for Other Applications
I2P also provides a SOCKS5 proxy on port 4447:
# Use with curl to access eepsites
curl --socks5-hostname 127.0.0.1:4447 http://i2p-projekt.i2p/
# Configure applications that support SOCKS5:
# Proxy: 127.0.0.1, Port: 4447
Host an Eepsite (.i2p Hidden Service)
Eepsites are websites hosted within the I2P network, accessible only to I2P users.
# I2P includes a built-in webserver (I2P-Jetty)
# Documents served from: ~/.i2p/eepsite/docroot/
# Or configure your own webserver:
# Create a simple site
mkdir -p ~/.i2p/eepsite/docroot
echo "<h1>My Eepsite</h1>" > ~/.i2p/eepsite/docroot/index.html
# In Router Console → Hidden Services Manager → I2P Server Tunnels
# Your site will have a .b32.i2p address (base32 hash of your key)
# e.g., abc123def456....b32.i2p
Publish your eepsite address:
Router Console → Hidden Services Manager → your tunnel → show address
The .b32.i2p address is your site's permanent address
Register at stats.i2p for a human-readable .i2p alias
I2P-Bote: Encrypted Anonymous Email
I2P-Bote is a serverless, encrypted email system built for I2P. Messages are stored in a distributed hash table with no central server.
Router Console → I2P Apps → I2P-Bote
# In I2P-Bote:
# Create new identity → give it a name → generate keys
# Your email address is a long base64 string (the public key)
# To send email:
# Compose → Enter recipient's I2P-Bote address (their public key)
# Messages are encrypted end-to-end before storage in DHT
# High latency (hours to days) by design — prevents timing analysis
i2pd Configuration (Lightweight Option)
# /etc/i2pd/i2pd.conf
[general]
datadir = /var/lib/i2pd
[log]
level = warn
dest = file
file = /var/log/i2pd/i2pd.log
[limits]
transittunnels = 300
[bandwidth]
in = 5120 # 5 MB/s inbound
out = 2560 # 2.5 MB/s outbound
share = 80 # % shared with network
[http]
address = 127.0.0.1
port = 7070 # Web console
enabled = true
[httpproxy]
address = 127.0.0.1
port = 4444
enabled = true
[socksproxy]
address = 127.0.0.1
port = 4447
enabled = true
# Restart with new config
sudo systemctl restart i2pd
# Access i2pd web console
# http://127.0.0.1:7070
Anonymity Considerations
I2P provides anonymity within its own network, but:
- Don’t log into accounts while using I2P, just as with Tor — account login deanonymizes you regardless of network
- Java I2P leaks DNS if you have the SOCKS proxy misconfigured — always use
.i2paddresses through the HTTP proxy - Traffic timing analysis is partially mitigated by garlic routing but not eliminated against a global passive adversary
- Clearnet access via I2P (outproxies) is limited and less anonymous than using Tor exit nodes
Related Reading
- I2P vs Tor Anonymous Network Comparison 2026
- How to Use Whonix for Anonymous Browsing
- Tor vs VPN vs I2P Anonymity Comparison
Built by theluckystrike — More at zovo.one
Frequently Asked Questions
How long does it take to use the i2p anonymous network?
For a straightforward setup, expect 30 minutes to 2 hours depending on your familiarity with the tools involved. Complex configurations with custom requirements may take longer. Having your credentials and environment ready before starting saves significant time.
What are the most common mistakes to avoid?
The most frequent issues are skipping prerequisite steps, using outdated package versions, and not reading error messages carefully. Follow the steps in order, verify each one works before moving on, and check the official documentation if something behaves unexpectedly.
Do I need prior experience to follow this guide?
Basic familiarity with the relevant tools and command line is helpful but not strictly required. Each step is explained with context. If you get stuck, the official documentation for each tool covers fundamentals that may fill in knowledge gaps.
Can I adapt this for a different tech stack?
Yes, the underlying concepts transfer to other stacks, though the specific implementation details will differ. Look for equivalent libraries and patterns in your target stack. The architecture and workflow design remain similar even when the syntax changes.
Where can I get help if I run into issues?
Start with the official documentation for each tool mentioned. Stack Overflow and GitHub Issues are good next steps for specific error messages. Community forums and Discord servers for the relevant tools often have active members who can help with setup problems.