Skip to content
Master Darknet
Blog

2.3 Alternative Darknets:

While Tor is the most well-known anonymity network, it represents only one model of hidden network architecture.
Other darknets — I2P, Freenet, GNUnet, Yggdrasil, and Nym — use fundamentally different routing designs, anonymity concepts, and security assumptions.

This chapter explains the underlying mechanisms that make each network unique.

A. I2P (Invisible Internet Project) — Tunnels & Garlic Routing

Section titled “A. I2P (Invisible Internet Project) — Tunnels & Garlic Routing”

I2P is a self-contained darknet focusing on internal anonymous services rather than clearnet access.
Its architecture relies on a tunnel-based routing system and a unique encryption approach called garlic routing.

1. I2P Unidirectional Tunnels

Section titled “1. I2P Unidirectional Tunnels”

Unlike Tor, where traffic flows bidirectionally over a single circuit, I2P builds two independent tunnels:

  • Inbound Tunnel: carries data toward the user

  • Outbound Tunnel: carries data away from the user

Benefits

Section titled “Benefits”

  • Breaks correlation between incoming and outgoing traffic

  • Limits the impact of a compromised router

  • Provides flexibility for performance tuning

Each tunnel is a series of routers that forward encrypted packets.

2. Garlic Routing (I2P’s Encryption Model)

Section titled “2. Garlic Routing (I2P’s Encryption Model)”

Garlic routing extends onion routing by bundling multiple messages (“cloves”) into a single encrypted “garlic bulb.”

Advantages

Section titled “Advantages”

  1. Anti-traffic-analysis: harder to isolate individual messages.

  2. Message aggregation: routing instructions and payloads can be packaged together.

  3. Decoy traffic: supports padding and nested messaging.

Garlic routing is considered more flexible than onion routing for peer-to-peer anonymity.

3. I2P Network Database (netDB)

Section titled “3. I2P Network Database (netDB)”

I2P uses a distributed hash table (DHT) to store:

  • router information

  • tunnel build records

  • encrypted destination entries

This ensures:

  • decentralization

  • resilience

  • no directory authorities (unlike Tor)

B. Freenet — Distributed Data Store & “Insert/Fetch” Mechanism

Section titled “B. Freenet — Distributed Data Store & “Insert/Fetch” Mechanism”

Freenet is not a routing network like Tor or I2P.
It is a distributed, censorship-resistant storage system built around a key-based data retrieval model.

1. Key-Based Data Access

Section titled “1. Key-Based Data Access”

Freenet uses three key types:

  • CHK (Content Hash Key): ensures immutability

  • SSK (Signed Subspace Key): allows updatable content

  • USK (Updatable Subspace Key): supports pseudonymous updates

Data is retrieved by keys, not by location.

2. Data Insert / Data Fetch Model

Section titled “2. Data Insert / Data Fetch Model”

Insert

Section titled “Insert”

  • User uploads data using a key.

  • Chunks split and distributed across nodes.

  • Replication occurs automatically.

Fetch

Section titled “Fetch”

  • User requests a key.

  • Network routes request through probabilistic local decisions.

This ensures censorship-resistance and plausible deniability.

3. Location-Independent Storage

Section titled “3. Location-Independent Storage”

Users do not know:

  • where the data is stored

  • who stores it

  • how many copies exist

Nodes store encrypted chunks, making Freenet:

  • anonymous

  • fault-tolerant

  • self-healing

C. GNUnet — Peer Group Cryptography & Privacy-Preserving Naming

Section titled “C. GNUnet — Peer Group Cryptography & Privacy-Preserving Naming”

GNUnet is a framework for privacy-preserving, decentralized networking.
It emphasizes secure group communication, peer authentication, and anonymous services.

1. Peer Group Cryptography

Section titled “1. Peer Group Cryptography”

GNUnet forms “peer groups” where nodes authenticate using:

  • public key infrastructure

  • secure channel establishment

  • routing within trusted peer subsets

This balances anonymity with authenticity.

2. GNU Name System (GNS)

Section titled “2. GNU Name System (GNS)”

Unlike DNS, GNS provides:

  • decentralized name resolution

  • censorship resistance

  • privacy-preserving queries

Names are derived from:

  • zones

  • public keys

  • delegation chains

This system avoids centralized control by ICANN or DNS root authorities.

3. Transport Plugins

Section titled “3. Transport Plugins”

GNUnet can run over:

  • TCP

  • UDP

  • HTTP tunnels

  • Bluetooth

  • WLAN

This flexibility allows it to survive censorship conditions where Tor or I2P may fail.

D. Yggdrasil — DHT-Based Global IPv6 Mesh

Section titled “D. Yggdrasil — DHT-Based Global IPv6 Mesh”

Yggdrasil is not a classical anonymity network — it is a cryptographically secure global mesh networking overlay that automatically assigns IPv6 addresses.

1. Public-Key-Based Addressing

Section titled “1. Public-Key-Based Addressing”

Each node’s IPv6 address is derived from:

  • its cryptographic key

  • routing tree position

This ensures:

  • end-to-end encryption

  • secure cryptographic identity

2. Distributed Hash Table Routing

Section titled “2. Distributed Hash Table Routing”

Nodes connect through a spanning-tree-based DHT.

Properties

Section titled “Properties”

  • efficient global pathfinding

  • dynamic rebalancing

  • robust connectivity

3. Purpose

Section titled “3. Purpose”

Yggdrasil focuses on:

  • encrypted connectivity

  • decentralized internet infrastructure

  • mesh-based peer routing

It offers privacy, but not the anonymity guarantees of Tor or Nym.

E. Nym Mixnet — Layered Privacy & Metadata Resistance

Section titled “E. Nym Mixnet — Layered Privacy & Metadata Resistance”

Nym modernizes Chaumian mix networks for the contemporary internet age.

1. Mix Nodes Perform Batch-and-Shuffle

Section titled “1. Mix Nodes Perform Batch-and-Shuffle”

Each node:

  • collects packets

  • adds timing delays

  • shuffles order

  • forwards output

This destroys metadata such as:

  • timing

  • packet size

  • order

Mixnets are designed to resist global passive adversaries, something onion routing struggles with.

2. Sphinx Packet Format

Section titled “2. Sphinx Packet Format”

Sphinx provides:

  • compact onion-style wrapping

  • replay protection

  • unlinkable routing

  • reduced overhead

Originally a theoretical design, now used in production (Nym, Loopix).

3. Layered Architecture

Section titled “3. Layered Architecture”

Nym architecture includes:

  • Gateway Layer — mixes ingress traffic

  • Mixnet Layer — multi-hop mixing for anonymity

  • Credential Layer — privacy-preserving authentication (ZK proofs)

  • Blockchain Layer — decentralized incentive system

It offers some of the strongest metadata protection available today.