Darknet Guides

Choosing Between Tor and I2p – Which Is More Secure?


The word “darknet” has long been associated with the mysterious underbelly of the internet where criminals and law enforcement agents engage in constant fights. The image of a virtual red light district, along with a lawless digital ghetto is also what comes to mind to an expectedly large number of people.

Despite having such an intimidating reputation across different circles, privacy-aware members of society understand the criticality of taking individual initiative to ensure the safety and security of their personal data.

The need for privacy awareness seems to have been catapulted to urgency following recent cases of government-facilitated mass surveillance, ISP data retention and the availability of mega supercomputing resources that are being used to analyze internet traffic for a variety of reasons.

What’s more shocking is that the abovementioned activities are being enabled by both government and private actors – the new reality has compounded the problem everyone is being haunted by the feeling of being watched and monitored closely.

Nonetheless, even in the face of large scale surveillance, you’d be intrigued to realize that the opportunity to maintain an anonymous image online is not a far-fetched idea. This gift can be enjoyed through application of the world’s two most popular Anonymizing tools, namely Tor and I2P.

The Case for Anonymizing Tools – Why Use Them in the First Place?

Every activity conducted in the cyberspace, including website visits and web service access, are traceable to surveillance agencies because they leave traces of a user’s experience on the internet. The information can then be digested for various reasons ranging from commercial to intelligence purposes.

As such, private organizations and governments have been constantly harvesting traces of user experience online to collect and link information that may be used to analyze people’s interests and behaviors.

While the idea of government and private sector surveillance may appear to be a noble one (read national security protection), questions about who exactly manages the data belonging to a country’s population, how they do it, and outcomes of the monitoring activities remain to be critically unanswered.

This subject becomes more serious considering that people’s personal information is typically on the line, it goes without saying that the product of conducting internet surveillance on an entire population of intelligent people has far-reaching consequences on the social fabric of a society (See below).

A graphic representation of how internet surveillance affects society (Source: LE VPN)

A quick swipe at high level general observations reveal that some governments have been storing people’s data even beyond the national security question, while using the same to crush political dissidents within excessive circumstances.

The above reason has translated to a significant increase in demand of anonymity over the last few years – the demand is set to keep rising. The simplest explanation to a surge in demand for anonymizing tools is obviously pegged on the society’s response to the large diffusion of surveillance operations across the planet.

However, even in light of the freedoms that we still continue to enjoy thus far, the whole subject of anonymity has been suffering significant negative press owing to the association of anonymizing solutions with criminal enterprises.

While it’s true that illicit activities are supported by the existence of anonymizing tools, it is important to realize that anonymity is not illegal – users can choose to browse anonymously with very legitimate intentions because they are guaranteed the freedom of expression.

Now – if you have hang around our discussion this far, chances are high that you have been affected by fears of internet surveillance one way or another. We emphasize on the importance of acknowledging the place of anonymity in our daily life, and how it weaves perfectly to global political and social discourse.

The next section of this article will provide a clear picture of the two anonymizing tools with the aim of helping you choose the best solution for your specific needs.


Tor is the acronym of “The Onion Router”, which denotes a system that’s designed to facilitate online anonymity through application of techniques involving the routing of internet traffic via a worldwide volunteer network of servers that work to hide user’s information.

How Tor Works

To understand the practical applications of Tor as an anonymizing tool, we must first go through the underlying technology of the network whilst establishing the basis on which it protects your online activities from the prying eyes of law enforcement agencies and the notorious tech giants in existence.

Essentially, the Tor network is made up of three different types of nodes: directory servers, exit relays and internal relays.

When a user connects to Tor, a list of relays is obtained from one of the directory servers making up the anonymizing network. The addresses belonging to said servers are typically attached to the basic configuration files that would be needed to execute a successful connection – point to note, a user can simple make alterations to the directory servers they trust to provide them with valid relays.

The next step will involve the retrieval of active operational relays from the directory servers, this step includes a determination for the appropriate route that a user’s traffic across the Tor network will take. From Tor’s final point of view, the user’s traffic will terminate at the exit node.

The above circuit is technically established through involvement of a number of components, including the user’s computer, the relay to which they are connecting and a number of internal relays that are engaged before terminating at the exit node.

As far as anonymity is concerned, the processes involved in Tor browsing differ significantly from the approaches taken by traditional IP forwarding that happens between different routers on the internet. Usually, traditional IP routers adhere to the best possible route in the context of data packets – the process eliminates the need for circuits that are typical of anonymizing tools.

Before we proceed to discuss how I2P with its differences to Tor in mind, it’s important to brush through the concept of cryptographic key exchange and how it helps users achieve online anonymity.

Notably, the circuit creation process that typifies the Tor network involves client exchange of cryptographic keys with the initial relay it links to. The first connection is marked by repeated encryption of traffic in back-and-forth fashion.

In addition, every traffic element in movement between the various relays is encrypted by utilizing the respective relays’ cryptographic keys. This process can be best visualized in context of layers of encryption that are being added around a user’s data. The concept of encryption layering is what gives rise to the phrase “onion routing” considering the design of the anonymizing network’s encryption approach.

As a final step, the user’s encrypted traffic will get decrypted at the exit relay, which is then followed by a forwarding procedure that ends at the regular internet. This simple illustration by the Dutch internet law publication Ius Mentis below provides a description of how Tor anonymity plays out (See figure).

Simple illustration about how Tor works (Source: Ius Mentis)

Using the above illustration: If Alice intends to establish a connection to Bob via the Tor network, she will have to take the initial step of making an unencrypted connection to an available directory server that keeps a bunch of addresses belonging to the Tor nodes as shown in the figure.

After obtaining the list of addresses, the Tor client software will make a random connection to a node (also referred to as the entry node) using an encrypted connection. The entry node will then be passed on to another node through an encrypted connection until it finally arrives at the exit node that would then establish a connection to Bob.

It’s important to remember that the Tor node selection process is randomized, although the network eliminates the possibility of instances where the same node is used twice within a single connection – the same feature ensures that the network ignores some nodes in cases of data congestion.

Tor for Dark Web Usage

When a user engages the Tor browser in accessing standard online platforms, the anonymizing network provides them with protection and anonymity – they enter the Tor cloud, also referred to the “onion environment”, then exit from elsewhere. The entire process ensures that the user’s information concerning their location and identity is kept hidden.

The story gets better when users choose to access onion sites via Tor. As such, their protection becomes enhanced. Platforms that configure Tor onion addresses for their websites will guarantee visitors the protection that comes with never having to exit the protective space that’s the Tor cloud.

The Tor network’s approach to onion sites may simply be compared with the end-to-end encryption that is used by some of the apps that made it to our recommended list of encrypted messaging apps.

The only difference is that while messaging apps have a loved one at the end of the connection, the Tor network’s is represented by a website that your workmates and/or law enforcement agencies would not want you to access (mostly a dark web site where you can buy weed anonymously)

It is for this reason that some notable organizations such as the CIA and Facebook have created onion versions of their main websites. Apart from anonymity, onion platforms ensure online discretion where your employer or Internet Service Provider (ISP) cannot view your online activities.

As a practical example, users in countries where Facebook is banned can can enjoy the luxury of browsing the social media site by visiting Facebook’s onion version. Here, the users will not worry about censorship.


I2P is defined as a scalable, and self-organizing anonymous network that a number of forb anonymity or security-conscious applications. The anonymizing tool happens to be an open source project that was established in the year 2003 by a team of developers working in collaboration with part time contributors from across the globe.

How I2P Works

I2P operates by installing an I2P routing service within a client’s device. The route establishes temporary and one-way connections with the anonymizing network’s routers on other systems.

This approach is considered to be one-way because they constitute two elements referred to as the outbound tunnel and an inbound tunnel. I2P communications feature the movement of data from client’s devices through the outbound tunnels that would then reach the target destination through the inbound tunnels of the devices.

Thus, it is important to notice just how unique the network is – there’s no multidirectional, or bidirectional movement of messages from one point to another within the same tunnel. The concept can be best understood by considering that a back-and forth message between two people will require four tunnels for successful communication.

The other point that you should not miss is that messages originating from one system are not allowed to move directly to the inbound tunnel of the intended destination system. For safe communication to occur, the outbound router involves a distributed network database for the corresponding address of the inbound router.

The database holds a custom Distributed Hash Table (DHT) that holds information about both router and destination. For each system involved in the communication chain, the I2P router is programmed to keep a pool of tunnel pairs that would enable the travel of messages from one point to another (See below).

Figure 4: An illustration about how I2P works (Source: ResearchGate)

As such, exploratory tunnels for interactions with the network database exist, and they are typically shared among the users of an I2P router. Instances where a tunnel in the pool near expiration would prompt the router to create a new tunnel to be added to the pool.

As a rule of thumb, I2P users must bear in mind that tunnels are built to expire every 10 minutes, which means that they must take the initiative to refresh the pool as regularly. The idea of periodic expiry was designed with user safety in mind as old tunnels may actually become points of weakness that may be exploited by cybercriminals.

The other important element of I2P functionality is the Network Database (NetDB), which is executed as a DHT and propagated through system nodes that are referred to as floodfill routers via the Kademlia protocol.

The NetDB goes a long way in ensuring decentralization far as the I2P configuration is concerned. To become part of the I2P network, a router will need to install a part of the NetDB through a process called bootstrapping – the procedure works by reseeding the router.

Usually, a routers reseed the first time by posting a request to a number of bootstrapped domain names. Successful establishment of a connection will result in the setup of a Transport Layer Security (TLS) that will be used by the router to download a signed partial copy of the NetDB.

I2P for Dark Web Usage

Dark web users are known to be very agile when making choices about anonymity tools and software. It’s common for dark web market vendors and buyers to employ more than one solution when taking advantage of the vast resources in the hidden web.

In context of anonymizing tools, there’s been a rallying call within dark web forums where people are being encouraged to leave the Tor network in favour of the more private I2P. The now-defunct Libertas Market, for example, migrated permanently to I2P under circumstances that were linked to the platform’s susceptibility to distributed denial-of-service (DDOS) attacks.

At the time, the market’s admin raised alarm over Tor’s flaws he believed would allow law enforcement agents to lift a dark web site’s real-world IP address. Although unconfirmed, these claims have stuck with Tor for a while – several other dark web users believe that Tor platforms can be easily breached by law enforcement and competing cybercriminals.

In general, there’s a significant section of cybersecurity experts and dark web users that would favour I2P as the ultimate facilitator of the true darknet experience. It turns out that the same features that made I2P complicated have added up to its appeal as the solution for cybercriminals looking to operate safely and privately.

Nonetheless, from a very objective point of view, I2P offers significant installation barriers to users who are not tech-savvy. The challenge does not stop there because the process of running the tool efficiently may prove to be a very intimidating affair for some people.

The fact that a majority of dark web users enjoy easy accessibility to hidden services via Tor may be one of the reasons why the I2P anonymity tool has been unable to overtake the Tor network in popularity – dark web operators understand the risk of losing revenue by moving to a network that is not accessible to the large majority of their target market.

How Tor Differs from I2P

From the point of view of a surface-level analysis, this anonymizing tool may be considered identical to Tor in context of the benefits that the latter offers. Both networks enable anonymous access to online content, their routing structures share some kind of similarity, and they also implement the technique of layered encryption.

However, take note that a number of aspects set the two networks apart as evidenced by differences in both terminologies and approaches to online anonymity.

Figure 5: Table showing the differences in terminology between Tor and I2P (Source: getI2P)

First, I2P was created from scratch in anticipation of a product that will fill the gaps left by the Tor network. This is pegged on the fact that Tor creators’ primary intention was to create a network that would enable anonymous access of the public web – access to the hidden services was a secondary benefit.

On the other hand, I2P was developed specifically to cater for darknet needs. The main function of the tool is to be a network within the internet ecosystem that would restrict the movement of traffic beyond its borders.

To achieve this, I2P has very few outbound relays that would otherwise compromise the security of user traffic. This therefore means that Tor and I2P route differently when compared side by side.

At their core, I2P’s approach is pegged on a packet-based routing method whilst Tor employs circuit based routing. The two differences translate to the fact that Tor traffic is bi-directional while that of I2P is unidirectional – the nodes used in the Tor network handle both outgoing and incoming traffic. For I2P, network traffic moves in one direction that’s defined by clear channels to eliminate possible breaches in online anonymity, privacy or security.

Having said that, it becomes pretty obvious that I2P wields an advantage in that the network can work around web traffic congestion and service interruptions that may be caused by a number of factors.

Another attribute that set the two anonymizing tools apart from each other is that Tor is based on a central directory while its darknet-tailored counterpart is decentralized and depends on a network of users to hold available content within their individual systems that can be shared P2P.

Onion vs. Garlic Routing

As mentioned earlier, the Tor network employs onion routing – it allows users to browse anonymously by encrypting data in layers as they pass through different nodes. The five-part circuit model (comprising the client, the guard node, the middle node, the exit node and the destination) brings about layers of encryption that may be monitored by experienced cybersecurity organizations.

I2P’s garlic routing, on the other hand, offers maximum anonymity by grouping and encrypting multiple packets of data simultaneously. Individual packets have been designed to operate independently whilst avoiding scenarios where they interfere with each other.

The data packets in garlic routing have specific delivery instructions, and they break off once they arrive at their destination. This means that tracking a single packet is an exceedingly difficult undertaking, which translates to better anonymity.

Which One Should You Choose – Tor or I2P?

Past dark web sentiments about the need for markets and users to shift from the Tor network to I2P have been happening against the background of advanced changes within the hidden web ecosystem.

The decision about whether you should go with Tor or I2P cannot be a very straightforward one. This is especially true considering that some of the anti-Tor reviews may be overtaken by time if Tor follows up on its promise of fixing its vulnerability that’s been exploited by aggressive DDoSers for a long time.

To a very large extent, the choice of picking a suitable anonymity tool is primarily based on technical factors. In case you intend to select an anonymity tool that would allow P2P file sharing, I2P would be your best bet. The same goes for personal preferences, whereby content variations between the two networks may inform your decision. Take note that this premise does not discredit the opportunity of hosting services on Tor, or should not out-proxy with I2P – but the two networks have varied strengths and weaknesses.

Having said that, the best way to go about it is to USE BOTH. A user seeking to leverage a well-built SOCKS out-proxy would pick Tor any day. It turns out that the network operates a large number of exit nodes, even as a number of them have been blacklisted for cybersecurity reasons.

Now, if you aim to host hidden services, we highly recommend that you pick I2P as the preferred safe choice – the network boasts a robust protection framework and high speeds.

Can I Use Both Tor and I2P?

We have outlined the following step-by-step summarized points for users who want to browse both Tor and I2P on Windows:

  1. First, download the FoxyProxy configuration file.
  2. Download the Tor Browser HERE.
  3. Install the Tor browser, open it and connect to the Tor network.
  4. After successful connection, visit the FoxyProxy Add-on page that’s available in the Tor browser and install it.
  5. The next step will require you to restart the Tor browser then press the following combination on your computer keyboard: CTRL+SHIFT+A, you will then select the options for FoxyProxy.
  6. Still on the FoxyProxy options, go to File>Import settings and select the .xml file that had been downloaded prior.
  7. Finally, restart your browser and you’ll be good to go!


So far, we have seen that both Tor and I2P make a lot of sense to users that are aiming to leverage on cryptographic methods in light of anonymous and safe browsing or communication.

Bottom line, seekers of super-private browsing, easy access to dark web platforms, and a slight drop in internet speeds should consider using Tor. Those who are tech-savvy and may want to host hidden services can consider going for I2P.

The important thing to remember is that anonymizing networks are not bullet-proof, this creates the conversation about why you must always use a VPN when browsing the internet (especially for people using the hidden services to buy and sell illicit wares).

With that, be sure to check out our latest list of darknet drug markets.

Leave a Reply

Your email address will not be published. Required fields are marked *