Three major anonymity networks exist. Each has different threat models, speed profiles, and use cases. Many people assume VPN equals anonymity. It doesn’t. This guide compares all three with real performance numbers, setup complexity, and when to use each.

Quick Comparison Table

VPN: Weakest Anonymity (But Useful)

A VPN (Virtual Private Network) masks your IP address by routing traffic through a provider’s server. That’s it. It does NOT provide anonymity.

VPN Threat Model

What VPN Protects Against:

• ISP seeing your traffic (encrypted)
• Local network seeing your traffic
• Website seeing your real IP (sees VPN server IP instead)
• ISP tracking which websites you visit (site sees VPN IP)

What VPN Does NOT Protect Against:

• VPN provider seeing your unencrypted traffic (all traffic is decrypted on their server)
• VPN provider logging your activity (they can see and store everything)
• Correlation attacks (VPN provider sees timing/size of traffic, can correlate with destination)
• Malware on your device (bypasses VPN entirely)

Real VPN Flow

Your Computer
    ↓
[Traffic: ISP sees encrypted data going to VPN provider]
    ↓
VPN Server (DECRYPTED HERE - provider sees everything)
    ├── Email: sees plaintext content
    ├── Passwords: sees login credentials
    ├── Web traffic: sees all pages you visit
    └── DNS: sees all domains you query
    ↓
Destination Website
    └── Sees VPN server IP (not yours)

Provider Knowledge: The VPN company can see:

• Every website you visit (plaintext HTTP) or HTTPS domain
• Every email you send/receive
• Every file you download
• Your real IP address
• Exact timestamps of all activity

Trust Issue: A VPN is only as secure as the provider is trustworthy. No encryption can prevent the provider from monitoring you.

VPN Setup (2 minutes)

Using Mullvad (No-log VPN):

# Install Mullvad VPN
# macOS
brew install mullvad-vpn

# Linux
sudo apt install mullvad-vpn

# Windows
# Download from mullvad.net/en/download

# Use CLI
mullvad vpn set-auto-connect on
mullvad tunnel set-dns-options default
mullvad connect

Verify IP Change:

# Before VPN
curl https://ipinfo.io/json
# {"ip":"203.45.67.89","country":"US",...}

# After VPN
mullvad connect
curl https://ipinfo.io/json
# {"ip":"185.217.161.68","country":"Netherlands",...}

Check for DNS Leaks:

# Visit dnsleaktest.com in browser
# Should show VPN provider's DNS server, not your ISP's

# CLI test
nslookup google.com
# Should resolve through VPN provider's DNS

Best VPNs (2026 Ranking)

Avoid:

• Anything “unlimited” under $5/month (unsustainable = data likely sold)
• NordVPN (privacy concerns from hacks)
• ExpressVPN (Kape ownership, sketchy logging practices)

VPN Use Cases

Good For:

• Hiding internet activity from ISP
• Accessing geo-blocked content
• Public WiFi protection (basic)
• Regional content (Netflix, BBC iPlayer)

Bad For:

• True anonymity (provider knows everything)
• Whistleblowing (provider can identify you)
• Accessing dark web (use Tor instead)

Tor: Maximum Anonymity (Slow)

Tor (The Onion Router) routes traffic through multiple independent nodes, with no single party knowing your identity.

Tor Threat Model

What Tor Protects Against:

• Exit node operator knowing your IP address (routed through 3+ nodes)
• Website/server knowing your real IP (sees random Tor exit node)
• ISP knowing which websites you visit (traffic encrypted, site hidden)
• Correlation attacks by exit node (3-hop encryption prevents this)
• Most government surveillance (unless both entry & exit nodes compromised)

What Tor Does NOT Protect Against:

• End-to-end attacks (compromise at source or destination)
• Timing analysis (pattern matching of traffic timing/size)
• Malware on your device
• Browser fingerprinting (if using Tor browser carelessly)
• JS execution exploits (disable JS in Tor browser)
• Traffic analysis by sophisticated adversary with access to network backbone

Tor Network Architecture

Your Computer (Identity: Unknown)
    ↓
Entry Guard Node (chooses your Tor node, encrypted)
[Your IP → Guard IP, unknown to Guard]
    ↓
Middle Relay Node (doesn't know source or destination)
[Guard IP → Relay IP, Relay doesn't know origin]
    ↓
Exit Node (doesn't know your source)
[Relay IP → Exit IP, Exit doesn't know origin]
    ↓
Destination Website
    └── Sees Exit node IP (not yours)

Total: 3-hop encryption. Each hop peels back one layer of encryption.

Attack Example: ISP vs Tor

ISP perspective:
- Sees encrypted traffic to Tor entry guard
- Cannot see destination (encrypted)
- Cannot identify which websites you visit
- Only knows: "User is using Tor"

To de-anonymize, ISP would need to:
1. Compromise Tor entry guard (run malicious node)
2. Compromise Tor exit node (run malicious node)
3. Correlate traffic timing/size (probability ~5-10%)
   → Too much effort for most targets

Tor Setup (5 minutes)

Option 1: Tor Browser (Easiest)

# macOS
brew install tor-browser

# Or download from torproject.org
# Extract and run: Tor Browser.app

# Verify working
curl --socks5 localhost:9050 https://ipinfo.io/json
# Should show different IP, likely in different country

Option 2: Full Tor Installation (Linux)

# Install Tor daemon
sudo apt install tor

# Edit config
sudo nano /etc/tor/torrc

# Enable SOCKS proxy
# Uncomment: SocksPort 9050

# Restart Tor
sudo systemctl restart tor

# Verify
curl --socks5 localhost:9050 https://ipinfo.io/json

Tor Performance

Speed Test Results (typical home connection):

Direct Connection:
├── Download: 120 Mbps
├── Upload: 50 Mbps
└── Latency: 20 ms

Via Tor:
├── Download: 8 Mbps (93% slower)
├── Upload: 2 Mbps (96% slower)
└── Latency: 2.3 sec (11,500% slower)

Explanation:
- 3 node hops = 3x latency minimum
- Tor network is volunteer-run (slower nodes)
- Bandwidth limited by slowest node in path
- Exit node becomes bottleneck

Real Browsing Experience:

Activity | Speed Impact
---------|---------------
Text email | Instant
Web pages | 3-5 seconds to load
Images | 5-10 seconds per image
Video | Unwatchable (buffering)
VoIP calls | Unusable

Tor Onion Services (Hidden Services)

Tor allows creating onion services — servers accessible only through Tor, hiding both client and server location.

How to Create Onion Service:

# Edit torrc
sudo nano /etc/tor/torrc

# Add:
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080
HiddenServicePort 443 127.0.0.1:8443

# Restart Tor
sudo systemctl restart tor

# Get your onion address
sudo cat /var/lib/tor/hidden_service/hostname
# abc123def456.onion

# Now running a .onion server at abc123def456.onion
# Accessible only through Tor
# Your IP address is completely hidden

Famous Onion Services:

• ProPublica Onion: p53lf57qovvgc6ev (news, leaked documents)
• New York Times Onion: nytimes443w4dh76.onion (news)
• CIA Onion: ciadotgov4ssqmio.onion (official CIA)

Tor Use Cases

Good For:

• Whistleblowing (SecureDrop, ProPublica use Tor)
• Activists in censored countries
• Journalists protecting sources
• True anonymity when submitting sensitive info
• Accessing dark web markets/forums

Not Good For:

• Everyday browsing (too slow)
• Streaming/video (bandwidth limitation)
• Torrenting (leaks IP; built-in warning in browser)
• Anything time-sensitive (latency too high)

I2P: Peer-to-Peer Anonymity (Faster Than Tor)

I2P (Invisible Internet Project) is less known but faster than Tor. It’s optimized for internal peer-to-peer communication, not external browsing.

I2P Architecture

Unlike Tor (3 sequential nodes):
I2P builds bidirectional tunnels of 4-6 hops

Your Device
    ↓
Outbound Tunnel (6 hops to destination)
← ← ← ← ← ←
    ↓
[Destination receives message from random I2P node]
    ↓
Inbound Tunnel (6 hops back to you)
← ← ← ← ← ←

Each tunnel uses different path, different nodes.
No single entity knows: your IP → destination IP

I2P Threat Model

Better Than Tor For:

• Peer-to-peer communication (both parties hidden)
• Internal messaging (no exit node needed)
• Resistance to long-term traffic analysis
• Bidirectional anonymity (Tor only hides inbound)

Worse Than Tor For:

• Accessing public websites (must use gateway)
• Rapid global exit (nodes typically internal)
• Established security audits (Tor more audited)

I2P Setup (15 minutes)

Installation:

# Download I2P
# From: geti2p.net/en/

# macOS
brew install i2p

# Linux
sudo apt install i2p

# Windows
# Download installer from geti2p.net

Start I2P:

# Start daemon (runs in background)
i2prouter start

# Access console
# Open browser: http://127.0.0.1:7657/

# Wait for network integration (5-10 minutes on first start)
# Status shows: "Network: OK" when ready

Configure I2P for Web Browsing:

# I2P includes Eepsite (local web server) and gateway

# Create I2P tunnel to access internal I2P websites
# In I2P router console:
# → Tunnels → I2P Tunnels
# → Create standard I2P tunnel (client mode)
# → Listen on: 127.0.0.1:4444
# → Access I2P sites at: http://sitename.i2p (proxied through 127.0.0.1:4444)

Browse I2P Sites:

# Configure browser proxy (or use Firefox with:
# Settings → Network Settings → Manual proxy configuration
# SOCKS Host: 127.0.0.1, Port: 4444

# Accessible I2P sites:
# - tracker2.postman.i2p (torrent tracker)
# - stats.i2p (I2P network statistics)
# - wiki.i2p (I2P documentation)
# - Planet.i2p (I2P blogs)

# Access via: http://tracker2.postman.i2p/

I2P Performance

I2P Network Test:

Download Speed: 15-30 Mbps (faster than Tor)
Upload Speed: 8-15 Mbps
Latency: 500-1000 ms (faster than Tor's 2000+ ms)

Why Faster:
- Fewer hops (4-6 vs Tor's 3 minimum)
- Optimized for internal network
- Less exit bottleneck (no single exit node)
- Nodes more evenly distributed

I2P Use Cases

Good For:

• P2P file sharing (BitTorrent over I2P)
• Private messaging networks
• Communities needing internal anonymity
• Resistance to ISP throttling

Not Good For:

• Accessing regular internet (clunky gateways)
• Browsing external websites
• When Tor is standard (I2P is niche)

Lokinet: Decentralized VPN Alternative

Lokinet is a newer network using Monero’s Loki blockchain infrastructure. It combines VPN-like simplicity with decentralized anonymity.

Lokinet Architecture

Differs from Tor/I2P: Uses blockchain-based exit routing

User Device
    ↓
Service Node 1 (encrypted)
    ↓
Service Node 2 (encrypted)
    ↓
Service Node 3 (encrypted)
    ↓
Exit via Service Node or Service Node Operator
    ↓
Destination Website
    └── Sees Service Node operator's IP (different each session)

Blockchain tracks: Service node reputation (prevents sybil attacks)

Lokinet Setup (10 minutes)

# Install Lokinet
# Download from lokinet.io/en/

# macOS
brew install lokinet

# Linux
sudo apt install lokinet

# Windows
# Download installer

# Start service
sudo lokinet up

# Verify connection
curl https://ipinfo.io/json
# Should show Service Node IP, not your real IP

Lokinet Performance

Speed: 20-40 Mbps (faster than Tor, similar to I2P)
Latency: 600-1200 ms (comparable to I2P)
Reliability: Good (blockchain-backed node reputation)

Lokinet Use Cases

Good For:

• Private messaging (SNApps = Lokinet apps)
• Decentralized file sharing
• Avoiding ISP snooping (easier than Tor)
• Communities using Monero ecosystem

Not Good For:

• Mass adoption (niche)
• External internet browsing
• When Tor/VPN are standard options

Performance Comparison: Real Numbers

Test Scenario: Download 100 MB file from random server

Winner: Direct (obviously), but for anonymity: I2P/Lokinet (best speed-to-anonymity tradeoff).

Anonymity vs Speed Tradeoff

Anonymity Level
     ↑
Excellent│     Tor     I2P     Lokinet
Very Good│      │      │        │
Good     │      │      │   VPN  │
Weak     │                      │
     └────────────────────────────────→
                Speed
        Slow    Moderate    Fast

Reading the Chart:

• Tor (top-left): Maximum anonymity, minimum speed
• VPN (bottom-right): Minimum anonymity, maximum speed
• I2P/Lokinet (middle): Good balance of both

Threat Model Decision Tree

Do you need anonymity?
│
├─ NO → Use direct connection or VPN (for ISP privacy)
│
└─ YES → What's your threat?
   │
   ├─ ISP/ISP sees traffic → Use VPN
   │
   ├─ Government/3-letter agencies → Use Tor
   │
   ├─ P2P network sharing → Use I2P
   │
   ├─ Alternative privacy movement → Use Lokinet
   │
   └─ Whistleblowing → Use Tor + Tails OS + SecureDrop

Real-World Setup: Multi-Layer Approach

Threat Level: Moderate (avoiding ISP tracking)

Best Approach: VPN only

Setup:
1. Install Mullvad VPN
2. Enable automatic connection on startup
3. Daily use: VPN on, all traffic routed through provider

Security: ISP cannot see traffic; website sees VPN IP.
Speed: Excellent (80 Mbps+)
Complexity: 2 minutes setup

Threat Level: High (government surveillance)

Best Approach: Tor Browser for sensitive work

Setup:
1. Download Tor Browser from torproject.org
2. Run in isolated VM (or Tails OS)
3. Use only for sensitive communication
4. Disable JavaScript
5. Don't maximize browser window (fingerprinting protection)
6. Never use existing passwords/usernames

Security: Maximum anonymity
Speed: Slow (but adequate for text)
Complexity: 10 minutes setup

Threat Level: Maximum (whistleblowing)

Best Approach: Tails OS + Tor + SecureDrop

Tails OS (The Amnesic Incognito Live System):
- Live OS that leaves no trace
- Tor pre-installed and routed by default
- Boots from USB, all traffic anonymized
- No hard drive (runs in RAM only)
- Clears all data on shutdown

Setup:
1. Download Tails from tails.boum.org
2. Write to USB drive (Etcher)
3. Boot from USB (disconnect WiFi initially)
4. Enable WiFi (Tor connects automatically)
5. Use SecureDrop onion link (from news organization)
6. Upload encrypted documents
7. Shut down (all traces erased)

Security: Maximum anonymity, forensically resistant
Speed: Adequate for document submission
Complexity: 1 hour initial setup
Recommended for: Journalists, whistleblowers, activists

DNS Leak Prevention (All Methods)

DNS Leak: The Problem

Setup: "Using Tor to hide activity"
Reality: Tor encrypts traffic, but DNS requests go to ISP

Example:
curl --socks5 localhost:9050 https://example.com

Your ISP still sees: "Device requested DNS for example.com"
ISP learns: You're visiting example.com (regardless of Tor)

Prevention: Use Tor’s Built-in DNS

# Tor Browser (automatic) - no setup needed

# For manual Tor:
# Edit /etc/tor/torrc
SocksPort 9050
DNSPort 9053

# Route all DNS through Tor
sudo networksetup -setdnsservers Wi-Fi 127.0.0.1

Verify No DNS Leak:

# Visit: dnsleaktest.com
# Should NOT show ISP DNS
# Should show Tor network DNS

# Or CLI test:
nslookup example.com 127.0.0.1
# Should resolve through Tor (if configured correctly)

Comparison: Tor vs I2P vs Lokinet

Related Reading

• I2P vs Tor: Anonymous Network Comparison 2026
• Use Tor With Encrypted Email for Maximum Sender Anonymity
• Best Browser for Tor Network 2026: A Technical Guide
• Onionshare Secure File Sharing Over Tor Network Setup And Us
• Tor Network Censorship Resistance Explained

Built by theluckystrike — More at zovo.one