When we think about “the darknet”, many immediately visualize a digital lair for cyber criminals, journalists, hitmen and drug lords to congregate. While that is certainly the case to some degree, the fact of the matter is that darknets can take many shapes and forms. The anonymity of darknets provide an unique world completely separate from the Clearnet, or "surface internet" as we know it. Those that decide to venture into the world of the darknet can travel via several unique and varying paths. Today, we will look at the differences between the darknets known as Tor and I2P.
Many darknet enthusiasts immediately correlate “the darknet” to a green striped world icon of the Tor Browser Bundle (TBB). Tor, a unique web of thousands of 1990s era hidden services offering a wide range of darknet content: marketplaces, forums to discuss all topics from hacking to OPSEC, occult and alternative religious natured sites, chatrooms, social media, child exploitation, and criminal services.
The purpose of Tor, is to provide anonymity to those hosting and accessing the content. The Tor network, also known as The Onion Router, is comprised of three different types of nodes: directory servers, exit points (also referred to as exit relays), and internal relays. When you connect to Tor, the first thing your client does is acquire a current list of relays from one of the trusted directory servers.
The Tor Browser is built on Mozilla Firefox and accessing websites passes encrypted data through multiple randomly selected relays, with only a single layer containing the IP address for the following node decrypted during transit. Tor routing is different from traditional internet protocol (IP) routing that calculates the most direct route to the target. During the circuit or route creation process, your client exchanges cryptographic keys with the initial relay it connects to and begins encrypting shared traffic. Further, each hop in transit between the various internal relays is encrypted using the relays’ cryptographic keys. You can visualize this as layers of encryption wrapping around the data you are transmitting, which is where the phrase “onion routing” comes from when describing the type of network Tor establishes. The final relay node decrypts the entire package, sending the data to its final destination without revealing — at any point — a source IP address.
Tor only encrypts all data sent and received within the Tor Browser or similar Tor proxy software. It does not encrypt network activity for your entire system. One can use Tor to browse Clearnet sites anonymously or access unique .onions, or hidden services only accessible through the Tor network. Because of the complexity of the routing, the sites are simpler, with less media and dynamic content than traditional Clearnet websites, hence the correlation to 1990s era internet browsing.
I2P, originally to refer to the Invisible Internet Project, is an “anonymous overlay network” using what’s known as the garlic routing protocol. Similar to Tor’s onion routing, the garlic routing protocol encrypts multiple messages together to make data traffic analysis difficult, while simultaneously increasing network traffic speed. Garlic routing takes its name from actual garlic, where each request is a “garlic clove,” and the entire encrypted bundle representing the “bulb.” Each encrypted message has its own specific delivery instruction, and each end-point works as a cryptographic identifier or what we refer to as “keys.” Since it's entirely peer-to-peer in structure, there's no hard-coded trusted set of directory stores. Instead, the network directory of I2P is netDb, a distributed database that is replicated across the network.
On the surface, I2P and Tor are very similar, operating with a complex layered encryption scheme; however, I2P’s garlic routing approach has the benefit of permitting I2P to dynamically route around congestion and service interruptions in a manner similar to the internet’s IP routing, providing a higher level of reliability and redundancy to the network.
Once the I2P router is started the user can browse the I2P Router Console, which serves as an I2P home page of sorts. From this console page, the client has access to a variety of services such as:
- Personal email with @mail.I2P addresses
- Hosting of a personal hidden service or “eepsite” with a .I2P suffix
- File sharing via BitTorrent clients
- Encrypted cloud file storage software
- Real-time chat functions
Similarities and differences between I2P and Tor
Content on I2P is very similar to that on Tor. Many Tor hidden services have mirrors on I2P that display the exact same content on both darknets. Because of the purity of the peer like nature of I2P, the I2P network supports file sharing where Tor requires a pastebin-like hidden service for sharing files with other users.
Both I2P (Invisible Internet Project) and Tor are assumed as anonymous proxy networks. These proxy networks are famous among different darknet websites such as the Silk Road marketplace and Tor’s popular Yahoo-like question and answer site, Hidden Answers. Both Tor and I2P were established in the early 2000s, and have loyal users of both nets. I2P was developed to be called as a true darknet security platform because of its “network within the internet” feature while Tor utilizes the SOCKS proxy and could almost be viewed as a proxified deep web, perfect for anonymously surfing internet sites. Some suggest I2P is more suitable for file torrenting, whereas Tor is beneficial if you are interested in normal browser usage and don’t want leave any footprints behind.
There are pros and cons of both nets and the total number of secret hidden services on these darknets are growing every day. Darkowl Vision crawls both Tor and I2P for intelligence of interest to our customers and stakeholders.
Join us next time when we discuss another popular darknet, Zeronet.