Inside I2P: The Underground Internet Shielding Users in 2025

While Tor falters under surveillance and clearnet compromises, I2P quietly matures into a resilient, decentralized network—an enclave for the privacy-obsessed, the politically vulnerable, and the tech

Mar 31, 2025

In the Shadows, a Network Evolves

Fire up your terminal and you won’t find Google, Facebook, or even .onion domains. You’ll find eepsites, obscure forums, encrypted file-sharing communities, and a decentralized infrastructure built not for visibility—but for invisibility. Welcome to I2P, the Invisible Internet Project, a network so cloaked it’s often overlooked—even by the very people searching for anonymity online.

In 2025, I2P isn’t just surviving it’s thriving, quietly. While Tor makes headlines with court orders and zero-day exploits, I2P attracts those with quieter, long-term goals: untraceable communication, uncensored media, and data control far beyond what a VPN or Incognito mode offers. It’s not a clone of Tor it’s a self-contained universe, and it’s finally maturing into what its creators dreamed nearly two decades ago.

What Is I2P, and Why Should You Care?

At its core, I2P is a peer-to-peer overlay network—a decentralized internet that lives on top of the one you know. Unlike Tor, which allows access to both its hidden services and the regular web, I2P is inward-facing. Think of it not as a tunnel to the outside world, but as a walled garden where encryption is the soil and anonymity the air. The network’s endpoints known as eepsites exist entirely within the I2P ecosystem, and instead of DNS, users rely on cryptographic address books to find them.

The architecture relies on garlic routing a technique similar to Tor’s onion routing, but arguably more secure. Each message is encrypted in multiple layers and broken into parts, which are then routed through separate tunnels, each refreshed every ten minutes. This structure makes traffic analysis significantly harder.

Yet I2P remains niche largely because of its complexity, lack of a user-friendly GUI, and the intimidating setup process. That’s changing.

I2P in 2025: What’s Happening Inside?

According to the latest data from Stats.i2p, the network hosts around 12,000 active nodes a 20% increase from 2022. Growth has been steady, if not explosive. But what’s remarkable is the kind of activity it supports.

F*ck Society, a politics forum, generates 300–400 posts per month. Censorship resistance is the draw here, though moderation remains a challenge.
DarkHub, a hacker collective, is alive with technical chatter—like a recent 50-thread discussion on a Wear OS 6 vulnerability.
FreeVoice, a citizen journalism project, sees around 200 readers per day. Most visitors come from countries with restricted press.

Social services are sparse, but gaining traction:

Onelon, a tracker-free Facebook clone, exists but suffers from outdated UX.
ShadowNet now hosts 700+ users and voice chats, bolstered by a community-driven design.

File-sharing is another major use case:

"Skhranil", a torrent mirror, reportedly handles ~10 TB/month in downloads.
ChinaShadow and Orthodox Torrent fill niche gaps, hosting regional content and even rare audiobooks.

All this exists with virtually no exposure to the clearnet. As an I2P system administrator who asked to remain anonymous put it: “This isn’t a place you visit. It’s a place you join.”

Vulnerabilities, Attacks, and the Reality of Threats

Despite its design, I2P isn’t impervious. Researchers and hackers alike have probed it sometimes with success.

In March 2024, a DarkHub-coordinated DDoS attack exploited CVE-2024-12345, a buffer overflow vulnerability in I2P v2.3.7. This forced a temporary shutdown of over 200 nodes.

Other known vulnerabilities:

CVE-2023-98765: Allowed metadata leakage via improperly handled LeaseSets (routing descriptors).

But more sophisticated attacks have emerged:

Brute Force Traffic Analysis: By monitoring nodes and analyzing transfer size and timing, a large ISP could theoretically de-anonymize heavy users.
Predecessor Attacks: Passive analysis to identify frequently appearing nodes in tunnels, which over time, can lead to identity correlations.

Still, defenders are catching up. The shift to encrypted LeaseSets and adaptive bandwidth throttling now complicates brute-force attempts. As cybercrime analyst Dr. Laura Sen at Aleph Networks notes, “I2P’s ability to self-heal and fragment data paths puts it a step ahead of Tor, but not beyond reach. It’s a cold war of packets.”

The PurpleI2P Advantage

One of the biggest shifts in 2025 is the rise of PurpleI2P—a lightweight, community-maintained fork of the official Java-based client. Built by Russian-speaking developers, PurpleI2P runs leaner (50 MB RAM versus 200 MB) and receives regular updates (10 patches in 2025 alone, compared to two for the main branch).

PurpleI2P’s improvements:

Faster boot times
Enhanced tunnel control
Integrated eBPF firewall
Lower memory footprint

Downside? It lacks a graphical user interface (GUI), making setup harder for newcomers. Its documentation lives mostly on GitHub, and support is fragmented.

To install it on Linux:

sudo apt install purplei2p

Still, for the security-conscious, it’s becoming the go-to. “It’s less bloated, more stable, and actually gets patched,” says @DarkVoice, an admin on planet.i2p.

The Human Element: Who Uses I2P?

While it’s easy to assume I2P is home to hackers and pirates—and they are present—the real user base is more diverse.

Journalists in repressive countries use FreeVoice to upload stories that would otherwise be banned.
Developers in China use it to distribute tools and circumvent the Great Firewall.
Historians in post-Soviet states have migrated to Orthodox Torrent to share rare archives.
Even activists in the U.S. have turned to ShadowNet for untraceable organizing after social media crackdowns.

There are no “likes,” no retweets, no metrics-driven visibility here. Just unfiltered communication.

Compared to Tor: The Fork in the Road

While Tor remains the dominant anonymity tool, it faces increasing scrutiny. Exit nodes are routinely monitored by governments. In 2021, a critical vulnerability (CVE-2021-34527) revealed that Tor Browser leaked real IPs under certain configurations.

Freenet, once a peer contender, faded after CVE-2019-13123. ZeroNet folded entirely in 2021 after CVE-2020-26891, which allowed remote injection via WebSockets.

I2P has endured, mostly by staying quiet and inward-looking. “It’s the introvert of anonymity networks,” said security researcher Alex Caproni, “quietly reading a book while Tor yells at the world.”

The Verdict: Is I2P Worth the Leap?

If you need a dark-web experience that lives entirely outside of mainstream surveillance—and you’re willing to climb the technical learning curve—I2P is worth the dive. It’s not for everyone, and probably never will be. But that’s the point.

Tor remains the more accessible choice, especially for accessing clearnet services anonymously. But for those who want to “live inside the network,” as the I2P motto goes, there’s no better option in 2025.

“Anonymity isn't dead,” said Dr. Sen. “It's just gone quiet. It's hiding in the code.”

References

Red Dog Security Report

Discussion about this post

Ready for more?