1.7 A Comparative Anatomy of Hidden Networks (F2F, I2P, Tor, Yggdrasil, Nym, Lokinet)
Hidden networks — commonly called darknets — differ significantly in architecture, routing logic, threat models, and intended use cases.
While most people only know Tor, the darknet ecosystem is an entire family of anonymity-preserving overlay networks, each engineered to solve a different type of privacy problem.
This chapter examines six major systems:
F2F Networks (Friend-to-Friend)
I2P (Invisible Internet Project)
Tor (The Onion Router)
Yggdrasil
Nym Mixnet
Lokinet
This comparative anatomy highlights their design philosophies, routing mechanisms, security assumptions, and sociotechnical roles.
A. F2F Networks (Friend-to-Friend)
F2F networks are a category of peer-to-peer networks where only trusted peers connect directly.
Examples include: Retroshare, GNUnet in F2F mode, and earlier P2P prototypes.
Key Architectural Features
Private Peer Connections
Users connect only to known contacts (friends).
This reduces exposure but limits scalability.Decentralization
No central servers.
Routing is done through trusted relationships.High Resistance to Infiltration
Hard for adversaries to enter without social engineering.Low Anonymity Set
The network size is limited to the number of trusted peers.
Use Case
Ideal for:
activist groups
private communities
censorship-resistant messaging
Not suited for large-scale anonymous publishing.
B. I2P — Invisible Internet Project
I2P is a fully internal darknet designed so that all traffic stays inside the network.
Its architecture uses garlic routing, an evolved form of onion routing where multiple messages are bundled together to make traffic analysis harder.
Key Architectural Features
Unidirectional Tunnels
Separate tunnels for inbound and outbound traffic.
This reduces certain correlation attacks.Garlic Routing
Multiple messages packed into a “garlic bulb.”
Harder to isolate individual packets.Decentralized Routing
No centralized directory authorities (unlike Tor).
Routing uses a distributed netDB (network database).Internal Services (Eepsites)
I2P hosts its own websites ending in.i2p.
Use Case
anonymous peer-to-peer applications
chat, file-sharing
decentralized communities
internal anonymous services rather than clearnet access
C. Tor — The Onion Router
Tor is the most widely known anonymity network, using onion routing with multi-layer encryption through volunteer nodes.
Key Architectural Features
Onion Routing
Data is wrapped in multiple encryption layers.
Each relay peels one layer and sends the packet forward.Directory Authorities
Centralized but highly audited servers that maintain the relay list.
Improve network reliability and consistency.Hidden Services (.onion)
Tor allows both client and server anonymity.Large Anonymity Set
Thousands of relays and millions of users.
Use Case
anonymity for browsing
hosting hidden services
journalism and secure drops
anti-censorship
Tor sacrifices some performance for usability and scale.
D. Yggdrasil — Encrypted Global Mesh Network
Yggdrasil is a newer experimental network that creates an end-to-end encrypted IPv6-only global mesh using a Distributed Hash Table (DHT) for routing.
Key Architectural Features
End-to-End Encryption by Default
Every node has a cryptographic public key as its address.Global IPv6 Network
Each node receives an IPv6 address derived from its public key.DHT-Based Routing
Ensures efficient path finding and global connectivity.No Onion Routing
Yggdrasil is focused on secure routing, not strong anonymity.
Use Case
decentralized infrastructure
experimental networking
global encrypted IPv6 overlay
Good for privacy, but not designed as a strong anonymity network.
E. Nym Mixnet — Next-Generation Metadata-Resistant Network
Nym revives and modernizes Chaumian mix networks, designed to eliminate metadata leakage — something onion routing struggles with under global adversaries.
Key Architectural Features
Mix Nodes
Nodes batch, delay, and shuffle packets to break correlation.Full Metadata Protection
Prevents timing analysis, volume analysis, and global attacker correlation.Sphinx Packet Format
A modern, efficient, compact format for mix networks.Incentivized Participation
Nodes can be rewarded through blockchain mechanisms.
Use Case
high-security communications
whistleblowing
resistant to nation-state surveillance
privacy for messaging and credentials
Nym is considered stronger than Tor in metadata protection, but slower because of batching delays.
F. Lokinet (Oxen Network)
Lokinet is a privacy network based on the LLARP (Low Latency Anonymous Routing Protocol), aiming for faster anonymity than Tor.
Key Architectural Features
SNODEs (Service Nodes)
Staked nodes that provide routing and anonymity.High-speed Onion Routing Variant
Lower latency compared to Tor.Exit Functionality
Allows anonymous access to the clearnet.Onion Services Equivalent
Called “Lokinet SNApps.”
Use Case
real-time online applications needing privacy
voice/video communication
faster anonymous internet routing
Lokinet focuses on balancing anonymity with performance.
G. Comparative Architecture Analysis (Point-Wise)
1. Routing Approach
Tor: onion routing
I2P: garlic routing
Nym: mixnet w/ batching
Yggdrasil: DHT-based encrypted mesh
Lokinet: LLARP (low-latency onion routing)
F2F: direct trusted P2P connections
2. Anonymity Level
Highest: Nym
High: Tor, I2P
Moderate: Lokinet
Low/Variable: Yggdrasil
Social-layer anonymity: F2F networks
3. Performance
Fastest: Yggdrasil, Lokinet
Moderate: Tor
Variable: I2P
Slowest: Nym (because mixing requires delays)
4. Use Case Focus
Tor: browser anonymity, hidden websites
I2P: internal darknet communities
Nym: metadata-resistant communications
Yggdrasil: decentralized encrypted networking
Lokinet: real-time anonymous routing
F2F: private communities
H. Why Multiple Hidden Networks Exist
Each system solves a different privacy problem:
Tor optimizes scale and usability
Nym optimizes metadata protection
I2P optimizes internal darknet resilience
Lokinet optimizes speed
Yggdrasil optimizes global encrypted addressing
F2F optimizes trust boundaries
No single anonymity network can solve all privacy challenges simultaneously — hence the ecosystem diversity.
| Category | F2F Networks | I2P | Tor | Yggdrasil | Nym Mixnet | Lokinet |
|---|---|---|---|---|---|---|
| Primary Philosophy | Trust-based private overlay | Internal anonymous ecosystem | Large-scale anonymity & censorship resistance | Encrypted global mesh networking | Metadata-resistant communication | Low-latency anonymous routing |
| Routing Method | Direct friend-to-friend connections | Garlic routing + unidirectional tunnels | Onion routing (three-hop circuits) | DHT-based encrypted routing | Chaumian mixnet (batching & shuffling) | LLARP (low-latency onion variant) |
| Network Structure | Fully decentralized, small trust circles | Fully decentralized, distributed netDB | Semi-centralized (directory authorities) + decentralized relays | Decentralized global IPv6 overlay | Layered mixnet with gateways & validators | Decentralized SNODE network |
| Addressing System | Peer public keys | .i2p eepsites | .onion addresses | Public-key derived IPv6 addresses | No sites; message routing only | .loki / SNApp addressing |
| Metadata Protection Level | Low to moderate | Moderate to high | High (but vulnerable to global traffic correlation) | Low (not designed for anonymity) | Very high (resistant to global adversaries) | Moderate |
| Anonymity Set Size | Small (limited to social circles) | Medium | Very large (millions of users) | Small (depends on network adoption) | Large, grows with mixnet participants | Medium |
| Clearnet Access | Not designed for it | Not intended (internal darknet) | Supported via exits | Not designed for it | Not designed for browsing | Yes, via exits |
| Hidden Services Support | Yes, but limited | Yes (eepsites) | Yes (.onion services) | Not native | Not for websites; for communication | Yes (SNApps) |
| Performance | Moderate | Moderate to variable | Moderate | Fast | Slow (due to mixing) | Fast |
| Latency Profile | Low within small networks | Medium | Medium to high | Low | High latency | Low |
| Scalability | Limited | Good | Very good | Good | Good | Good |
| Attack Resistance | Strong against infiltration, weak against global observers | Good against local adversaries | Good but challenged by global attackers | Limited anonymity resistance | Strongest of all for metadata protection | Good vs moderate adversaries |
| Core Strength | Tight social trust + decentralization | Internal anonymous ecosystem with flexible routing | Mature, widely supported anonymity network | Easy encrypted routing + IPv6 topology | Strongest metadata protection available | Real-time anonymous communication |
| Core Weakness | Small anonymity set | Slower and less user-friendly | Vulnerable to timing/traffic correlation | Limited anonymity goals | High latency | Smaller ecosystem than Tor/I2P |
| Primary Use Cases | Activist groups, private messaging | Anonymous communities, P2P apps | Censorship resistance, browsing, journalism | Experimental decentralized networking | Whistleblowing, privacy-critical messaging | Low-latency anonymous apps |
| Example Projects | Retroshare, GNUnet F2F mode | I2P router | Tor Browser, Onion services | Yggdrasil mesh | Nym network | Lokinet / Oxen ecosystem |
| Network | Best Feature | Weakest Point | Typical User |
|---|---|---|---|
| F2F | Strong trust boundaries | Very small anonymity set | Private activist groups |
| I2P | Internal darknet structure | Less mainstream support | Private communities & P2P users |
| Tor | Large anonymity set & hidden services | Susceptible to global correlation | Journalists, citizens in censored regions |
| Yggdrasil | Fast encrypted mesh routing | Not built for anonymity | Experimental networking enthusiasts |
| Nym | Highest metadata protection | High latency | High-security users, whistleblowers |
| Lokinet | Low-latency anonymity | Smaller network than Tor | Real-time communication users |