Three networks define the darknet infrastructure landscape. Tor, I2P, and Freenet. Each was designed with a fundamentally different threat model, routing architecture, and use case. Picking the wrong one for your task is not suboptimal — it is dangerous. This is a field guide to help you choose correctly and understand why the differences matter at the protocol level.
Most people use Tor because it is the only name they know. That is fine for browsing. If you are hosting a service, running a marketplace, or publishing content that needs to survive takedowns, Tor may be the wrong tool. I2P and Freenet exist because Tor's design has specific, immutable limits.
Architecture Split: Tor vs I2P
Tor: Onion Routing for Client-Server
Tor builds three-hop circuits from client to exit node. The client's traffic exits the Tor network and connects to the clearnet destination. This design is optimized for anonymous browsing — the client remains hidden while the server sees traffic coming from the exit node's IP address.
Hidden services (onion services) invert this: both client and server remain hidden by meeting at a rendezvous point. But the core architecture is still circuit-based, with traffic flowing through guard, middle, and exit relays.
Best for: Anonymous clearnet browsing, accessing .onion hidden services, low-latency applications.
Client → Guard → Middle → Exit → Internet
3-hop circuit | TLS at each hop | Exit to clearnet
I2P: Garlic Routing for Peer-to-Peer
I2P does not have exit nodes because nothing exits the I2P network. All communication stays inside the overlay. Traffic is routed through unidirectional tunnels — outbound tunnels carry traffic away from the client, inbound tunnels carry traffic toward the client. Messages are bundled into "garlic" cloves, with each clove potentially destined for a different recipient.
This design provides stronger anonymity for peer-to-peer applications because both communicating parties remain hidden and traffic patterns are obfuscated through bundling. The trade-off: I2P services (eepsites) are only reachable from within I2P.
Best for: Peer-to-peer applications, hidden forums, file sharing, any scenario where both parties need anonymity.
Client → Outbound Tunnel → [Network] → Inbound Tunnel → Peer
Unidirectional tunnels | Garlic bundling | No clearnet exit
Feature Comparison
| Dimension | Tor | I2P | Freenet |
|---|---|---|---|
| Routing Method | Onion routing (3-hop circuits) | Garlic routing (unidirectional tunnels) | Adaptive routing with key-based DHT lookup |
| Primary Use Case | Anonymous clearnet browsing + hidden services | Anonymous P2P services + eepsites | Censorship-resistant data storage + publishing |
| Clearnet Access | ✓ Via exit nodes | ✗ Fully internal | ✗ Fully internal |
| Latency | Low (real-time browsing) | Moderate (garlic bundling overhead) | High (content lookup + replication) |
| Anonymity Strength | Moderate (vulnerable to timing attacks) | High (tunnel diversity + bundling) | High (darknet mode: friend-to-friend) |
| Data Persistence | ✗ Live only while online | ✗ Live only while online | ✓ Replicated across nodes |
| Throughput | High (400+ Gbps network-wide) | Moderate (per-tunnel bandwidth caps) | Low (per-node bandwidth sharing) |
| Setup Difficulty | Low (Tor Browser) | Moderate (I2P router + Java runtime) | Moderate (Freenet node + configuration) |
| User Base | 2-3 million daily | ~50,000 daily | ~10,000 daily |
Tor Deep Dive
Tor is the default choice for most darknet users, and for good reason. Its extensive relay network (approximately 7,000 relays across 60+ countries) provides both performance and resilience. The Tor Project's mature software ecosystem — Tor Browser, Orbot, Whonix, Tails — makes deployment straightforward.
Tor's primary architectural weakness is its vulnerability to end-to-end timing correlation. Any adversary who can observe both the guard node and the destination server can match traffic patterns with high confidence. This is not a theoretical attack: research teams and law enforcement agencies have demonstrated timing correlation at scale. For most browsing, the risk is acceptable. For sensitive operations where both communicating parties must remain anonymous, I2P may be a better fit.
I2P Deep Dive
I2P's garlic routing provides strictly stronger anonymity guarantees than Tor for peer-to-peer communication. The bundling of multiple messages into single garlic cloves makes traffic analysis significantly harder. The tunnel diversity — each client maintains multiple inbound and outbound tunnels with different peer compositions — ensures that no single compromised router can observe a client's full communication pattern.
These protections come with costs. I2P is slower than Tor due to the cryptographic overhead of garlic routing and the latency of multi-tunnel communication. Eepsites are only reachable from within I2P, limiting their audience. And I2P's smaller user base means fewer relays, lower total bandwidth, and less network diversity — which partially undermines the anonymity advantages.
→ http://127.0.0.1:7657
# Check tunnel status
→ http://127.0.0.1:7657/i2ptunnel
[Status: 3 outbound tunnels active] [Status: 3 inbound tunnels active] [Tunnel build success rate: 97.2%] [Peers in network database: 1,842]
# Restart I2P service (Linux)
$ systemctl restart i2p
# Test eepsite reachability
$ curl --proxy http://127.0.0.1:4444 http://eepsite.i2p/
[HTTP 200 - Eepsite reachable]
Freenet: The Censorship-Resistant Archive
Freenet is not a communication network in the traditional sense. It is a distributed data storage system where files are encrypted, fragmented, and replicated across participating nodes. Content addressed by its cryptographic hash persists as long as any node stores it. There is no central server. There is no single point of seizure.
Freenet operates in two modes. Opennet mode automatically discovers peers, making setup easy but providing weaker anonymity. Darknet mode requires manual peer configuration — users connect only to trusted friends. Darknet mode provides the strongest anonymity guarantees of any darknet infrastructure because the network topology is opaque to adversaries. The trade-off: bootstrapping a darknet node takes time and trust.
For long-term archival of documents, whistleblower submissions, or content that must survive takedown attempts, Freenet is unmatched. Content inserted into a darknet-mode Freenet node and shared among trusted peers will remain available as long as at least one node holds a fragment. This is the closest the darknet comes to permanent, uncensorable storage.
Use Tor when: You need anonymous access to clearnet websites or you want to host a .onion service that must be reachable from the public internet. Tor's relay diversity and performance make it the only practical choice for general-purpose anonymous browsing.
Use I2P when: You are building or accessing peer-to-peer services where both communicating parties require anonymity. I2P's garlic routing and tunnel architecture resist traffic analysis more effectively than Tor.
Use Freenet when: Your priority is long-term, censorship-resistant publishing. Content that must survive legal takedown, server seizure, or operator arrest belongs in Freenet's distributed storage layer.
Making the Choice
The three networks are not competitors. They are complementary tools designed for different threat models. Running a marketplace? Tor's hidden services are the standard because buyers need clearnet access for cryptocurrency transactions and communication. Running a whistleblower document archive? Freenet's persistence ensures the content survives. Running a peer-to-peer messaging platform? I2P's tunnel diversity protects both sender and recipient from traffic analysis.
The mistake is treating any single network as a universal solution. Tor is not the best choice for everything. I2P is not strictly better than Tor. Freenet is not a replacement for either. Match the network to the threat model, not the brand recognition.