People have come to care about their online privacy in the last decade. It is all due to the fact that the internet has evolved into a whole separate entity, and many of our lives revolve around it. Thus, any means of ensuring safety and privacy is welcome. One such method is I2P, a privacy-centric networking tool. While it is similar to the Tor network in principle, it is said to be more robust when it comes to privacy. But is it true? Let’s find out together in our recent article on what I2P is and how it works.
What is I2P? A Brief Explanation
The Invisible Internet Project, or I2P, is an internet and networking project that started in 2003. It uses a low-latency network layer and runs on a distributed network of computers all around the globe. Since then, there have been many popular adaptations and applications of this technology, especially in web apps such as emails, IRC (Internet Relay Chat), and file sharing. The I2P network works on its own, as it turns every connected computing device into a node responsible for routing incoming and outgoing web traffic. These nodes are not only well-versed in routing data but also provide much-needed encryption to facilitate one-way connections within the network.
The motivation behind I2P was to support and secure anonymous communication by building, deploying, and maintaining a private network. Although some other technologies and products offer the same services, I2P users can actively control the level of anonymity, bandwidth usage, and latency. Furthermore, the entire network is decentralized, so no one can exert pressure to compromise the integrity, anonymity, or security of the network.
How does it work?
Unlike traditional VPNs and Tor solutions that rely on the public internet for communication, I2P opts for an enclosed network. The network runs within the internet infrastructure and establishes peer-to-peer connectivity. This ensures there is little to no interaction with the internet. The several nodes in the network do not identify themselves with an IP address but use cryptographic identifiers.
Furthermore, these nodes are multifunctional. While Tor also uses nodes, it is done on a volunteer basis, where the user can choose to share bandwidth and contribute to the network. However, in I2P, every connected node (computer) automatically acts as a relay server.
Also, I2P doesn’t rely on the internet, so there are no websites; instead, there are hidden sites known as eepsites that only exist within the network. You can only reach these sites via an I2P tunnel. Until now, this decentralized network has spread across the globe and consists of around 50,000 devices. To know how the actual process works, refer to the steps mentioned below:
Step 1. Download and Install I2P software
First, the user has to install I2P software on the device. Since it uses an enclosed network, you can’t reach it using the public internet, thus the need for specialized software. So, the user has to access the I2P download page and get the software for his device. After that, he can install it and use it to establish a connection.
Step 2. Establishing connection
After you install the software, you can establish a connection. However, it is very different from what people are used to, as it is not based on internet profiles. The services require cryptographic identifiers to work. Thus, enter one, and you can establish a connection with the network.
Step 3. Transmitting Data
Finally, when you succeed in establishing a connection, the device starts sending data. The data packets are sent forward, always unidirectional, unlike Tor, and bundled together. These bundles of data packets, or cloves, as they are known, travel through the I2P network as messages.
Step 4. Encryption
When this clove, or data packet bundle, reaches the first node, it gets encrypted and passed forward. This way, the first node doesn’t know where the data was sent by the second node, ensuring anonymity. Also, when the packet reaches the next node, it gets decrypted and re-encrypted. This process repeats until the data packet reaches its destination. The continuous encryption and decryption allow the data to be secure.
Step 5. Internal Routing
And finally, the data is routed internally. The network relies on nodes, which are connected devices, to automatically route data in a single direction. If a node is used to send the data forward, it won’t send it backward. Due to this unidirectional travel, it is much harder to track any useful information in an I2P network.
Different Components of the I2P Infrastructure
This brings us to the network infrastructure of the I2P service. Unlike traditional virtual and anonymous networks, I2P doesn’t rely on the internet, which makes for a much different infrastructure, which we have discussed below:
Network Database (NetDB)
First up is the Network Database, or NetDB. It is the core of the network that allows it to be decentralized. Implemented as a DHT (Distributed Hash Table), a decentralized storage system, NetDB offers a lookup and storage service that replaces traditional websites. It operates via floodfill routers, which we will learn more about later on, based on the Kademlia protocol.
Initially, a router is installed with a partial NetDB. This partial installation is also known as bootstrapping which occurs due to the reseeding of the router. Thus, the router reseeds the first time by querying some bootstrapped domain names. After that, the router tries to establish a connection to one of these domains using the TLS protocol. Once it reaches the next node in the relay, it can download the other parts of the NetDB.
Any NetDB contains two sets of data:
1. RouterInfo
RouterInfo is crucial because it allows one router to attempt to establish a connection with the other routers in a network. It is stored within the NetDB where the router’s identity acts as the key. When transmitting data to a different node, the router asks for the key. The several components of RouterInfo are as follows:
- Router’s Identity, which is basically an encrypted key, a signing key, and a certificate.
- Contact information for the other nodes, like the protocol used and port number,
- Other options, such as bandwidth,
- Lastly, the router’s own signature is generated by the signing key.
2. LeaseSets
LeaseSets make up the other half of the data stored in a NetDB. These are but specific tunnel entry points that allow the nodes to route data in a particular direction to reach an endpoint. The following information is stored in a LeaseSet:
- Tunnel Gateway
- Tunnel ID
- Expiration
- Destination
- and Signature
Floodfill Routers
Next, we have floodfill routers that are somewhat special as they are responsible for storing the NetDB. A router can be a participant in the floodfill pool automatically or by choice. Automatic participation happens when the required number of floodfill routers falls below a certain level, which is generally 6% of all the available nodes in the network. During this process, a random node is selected as a floodfill router based on parameters like uptime and bandwidth. Most floodfill routers fall into the automatic category. These routers then store NetDB in the DHT format.
Garlic Routing
And lastly, we have Garlic Routing, a rather important component of I2P as it dictates how the data will actually transmit within a network. It is loosely based on Onion routing, popularly used in Tor networks. Garlic routing doesn’t encrypt a single data packet, but rather several data packets into a bundle, also known as cloves.
There are two levels of encryption. The first layer protects the actual data, while the other one stores information on how to proceed further. It uses the recipient’s public key for encryption. The first node receives the clove and decrypts it using the key, encrypts it again according to the information, and passes it along until it reaches the endpoint.
Advantages of I2P
This brings us to the next segment. I2P is a highly secure network, and as such, it has a lot of benefits to offer:
- It uses end-to-end encryption to protect endpoints, with multiple layers for repeated encryption and decryption at each node.
- Instead of IP addresses, it uses cryptographic identifiers, making it immune to internet interaction.
- Data transfer is always unidirectional for added security. The network separates incoming and outgoing traffic and uses two different routes for data transmission.
- Similarly, due to separate routes, the sender and receiver don’t have to reveal their IP addresses.
- I2P relies on Garlic routing which is more secure than Onion routing. Garlic routing breaks up the information into smaller parts and routes each part with a different route, so in the event of any interception, only a snippet of data is compromised, which is useless to the person.
- I2P is entirely decentralized. Even if someone hacks a connected node, it won’t affect the entire network. Similarly, no one can exert outside influence on the network.
- It is also effective against online surveillance.
- The network is much more efficient.
Disadvantages of I2P
Similarly, there are certain limitations to an I2P network that are not only problematic, but can also be a security concern. Taylor & Francis has a paper covering the dark side of I2P that talks about how I2P can be misused for illegal activities and hosting the dark web, and how it can spread viruses and malware wantonly, putting contributing devices at risk.
Having said that, here are a few disadvantages of I2P:
- It is difficult to install and use. Advanced technological knowledge is required for a proper installation.
- It has exploitable vulnerabilities, as exposed by the zero-day event in 2014.
- You have to continue to be logged into the system to access resources.
- There is considerably less anonymity when you use the network to access the public internet and hosted websites.
I2P vs Tor
Due to I2P’s operating process and how it works, it is inadvertently compared to Tor, another private network with the same services. While it is true that both are somewhat similar in principle, they have unequivocal differences. Given below is a table that highlights the differences and similarities between these two by providing an apt comparison.
| Features | I2P | Tor |
|---|---|---|
| Network Structuring | I2P is a decentralized network. | While Tor is also a decentralized network, it still has a station for network management and gathering statistics and analytical data. |
| Routing | It relies on Garlic routing which divides the information into smaller parts, and all parts are encrypted and routed separately. | Tor uses Onion routing, which encrypts and routes the entire information as a single packet. |
| Online Security | I2P is safer because it has unidirectional routing. It also encrypts and decrypts data at every node. | Tor is also safe, but it leaves the entry point and exit point of the network exposed. |
| Application | It is mostly used to host the dark web, as it rarely interacts with the public Internet. | It is more of an anonymity or privacy tool that allows users to browse the web privately. However, you can still use it to visit the dark web. |
| Nodes | Offered automatically | Offered voluntarily |
| Communication | Communication is only possible within the network. | It has outbound communication due to numerous exit nodes. |
| User base | A relatively small network and user base | Network is larger than I2P. |
I2P vs VPN
Before comparing I2P and a VPN, we have to understand that these are two very different things, even if they do risk sounding similar in principle. A VPN is your everyday tool that can help with your online privacy. On the other hand, while I2P also promises anonymity, it is only within the internal network. I2P doesn’t interact with the public internet, so its use cases differ greatly from an online security perspective.
It is best believed that for optimal results, you should couple up the two and use them all together for an all-around increase in protection.
Conclusion
Today, I2P has emerged as a popular P2P choice that promotes anonymity and offers solutions to censorship, online monitoring, and government surveillance. Any data that enters the network is scattered, which reduces the risk of interception. And the best part is that it is open source. Anyone can be involved in the development process and see for themselves how the technology actually works. If you want to try out I2P or need more information, you can simply visit the official website.