The Invisible Internet Project (I2P) is a privacy-focused overlay network designed to provide strong anonymization for all communications. Unlike Tor, which is primarily designed for accessing the regular internet anonymously, I2P is a self-contained network of hidden services — called eepsites — with no central directory. This guide walks you through installing I2P, configuring your router, and browsing the network safely.
What Makes I2P Different from Tor
I2P and Tor are both anonymizing networks, but they work differently:
| Feature | I2P | Tor |
|---|---|---|
| Primary use | Internal hidden services | Clearnet exit browsing |
| Routing | Garlic routing (bundles messages) | Onion routing (layered encryption) |
| Directory | Distributed (NetDB) | Centralized directory servers |
| Exit nodes | No exit by default | Relies on exit relays |
| Speed | Faster for internal services | Better for clearnet access |
I2P excels when you want to use internal services — forums, file sharing, email — without exposing your IP to any central authority.
Installing I2P
On Debian/Ubuntu Linux
# Add the I2P repository
sudo apt-add-repository ppa:i2p-maintainers/i2p
sudo apt update
sudo apt install i2p i2p-keyringStart the service and enable it at boot:
sudo systemctl enable i2p
sudo systemctl start i2pOn Windows and macOS
Download the installer from the official site at geti2p.net. The Java-based I2P router runs as a tray application. Ensure you have Java 11 or later installed — OpenJDK works fine.
I2P+ (Enhanced Fork)
For a better experience, consider I2P+, a maintained fork with a modernized console interface. Download it from i2pplus.github.io and run:
java -jar i2pinstall_2.6.0+.jar # Linux/macOSFirst-Time Configuration
Once I2P starts, open your browser and go to http://127.0.0.1:7657 — this is the I2P Router Console.
Bandwidth Settings
I2P is a volunteer-run network. More bandwidth you share, the better the network performs for everyone. Navigate to Configuration > Bandwidth and set:
- Share percentage: 80% is a good default
- In/Out rates: Match your actual connection speed
Waiting for Integration
After first launch, I2P needs 5–15 minutes to integrate into the network and build tunnels. Watch the Network Status in the console — it should transition from “Firewalled” to “OK” once tunnels are established.
Configuring Your Browser for I2P
I2P uses an HTTP proxy on 127.0.0.1:4444 for browsing eepsites and an HTTPS proxy on 127.0.0.1:4445.
Firefox Configuration (Recommended)
Create a dedicated Firefox profile for I2P browsing:
firefox -P i2p --no-remoteThen configure the proxy:
- Go to Settings > Network Settings
- Select Manual proxy configuration
- Set HTTP Proxy:
127.0.0.1, Port:4444 - Set HTTPS Proxy:
127.0.0.1, Port:4445 - Check Also use this proxy for HTTPS
- In the “No proxy for” field, enter:
127.0.0.1, localhost
Using FoxyProxy
Install the FoxyProxy Standard extension and add a pattern for *.i2p routing through 127.0.0.1:4444. This lets you keep regular browsing in the same profile while routing .i2p addresses through I2P.
Browsing Eepsites
Once your browser is configured, try these default I2P addresses:
http://127.0.0.1:7657— Router Consolehttp://i2p-projekt.i2p— Official I2P project site (inside I2P)http://stats.i2p— Network statisticshttp://forum.i2p— Community forums
Note: Eepsites use .i2p as their TLD. These addresses only resolve inside the I2P network — you cannot access them from a regular browser without the proxy configured.
Running Hidden Services (Eepsites)
You can host your own hidden service on I2P easily.
Setting Up a Web Server Tunnel
- Go to I2P Router Console > Tunnels > I2P Hidden Services Manager
- Click New hidden service
- Select HTTP Server
- Set the target:
127.0.0.1:8080(or wherever your local web server runs) - Click Save
After a minute, your eepsite will have a Base32 address (ending in .b32.i2p) that anyone on I2P can visit.
Run a simple Python web server locally:
python3 -m http.server 8080 --bind 127.0.0.1I2P Applications
I2P Mail (SusiMail)
I2P includes a built-in webmail client called SusiMail accessible at http://127.0.0.1:7657/susimail/. It connects to postman.i2p — an internal I2P mail server — so you can send and receive email entirely within I2P.
I2PSnark (BitTorrent)
I2PSnark is an integrated BitTorrent client that routes all torrent traffic through I2P tunnels. Access it at http://127.0.0.1:7657/i2psnark/. Add .i2p torrent magnet links, and all peers will be on I2P — no IP leakage.
I2P IRC
Connect to I2P’s IRC servers using a standard IRC client:
Server: 127.0.0.1
Port: 6668 (I2P IRC tunnel)Security Considerations
Do not enable the I2P outproxy by default. I2P has an outproxy feature (similar to Tor exit nodes) that lets you browse the clearnet through I2P exit nodes. These are not trustworthy for sensitive clearnet browsing — use Tor for that.
JavaScript in browsers: Disable JavaScript for .i2p browsing where possible. JavaScript can leak your real IP via WebRTC or other browser APIs.
Application leaks: Always ensure applications route through I2P proxies, not directly to the internet. Use tools like Whonix or firewall rules to prevent leaks.
Keeping I2P Updated
# On Debian/Ubuntu
sudo apt update && sudo apt upgrade i2pThe I2P router console also notifies you of updates — always install them promptly, as they often include security improvements and tunnel performance enhancements.
Final Thoughts
I2P provides a robust, decentralized alternative to Tor for internal network communications. It excels for hosting and using hidden services, peer-to-peer file sharing, and anonymous communication within the network. Combined with proper browser hardening and application isolation, I2P is a powerful addition to any privacy toolkit in 2026.