Whatever seedy hook you choose, use a VPN. Traffic isnât encrypted. Only you can prevent sKids.
I2P does not encrypt the Internet, neither does Tor - for example, through Transport Layer Security (TLS). I2P and Tor both aim to transport your traffic as-is securely and anonymously over the corresponding network, to its destination. Any unencrypted traffic generated at your system will arrive at the outproxy (on I2P) or the exit node (on Tor) as unencrypted traffic. This means that you are vulnerable to snooping by the outproxy operators. One way to protect your outproxy traffic against this is to ensure that any traffic that will be handled by the outproxy is encrypted with TLS.
In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels (âshared clientsâ). There is additional discussion about this on zzz.i2p. This discussion has been mirrored on our forums as well.
Ultimately, this is a question that only you can answer because the correct answer depends on your browsing behaviour, your âthreat modelâ(I2P's Threat Model - I2P), and how much you choose to trust the outproxy operator.
sKids = script kiddies who run or compromise large bandwidth exit and/or outbound servers and vacuum up plaintext.
Itâs all broken and you should assume everything you do on a computer, especially one connected to the internet, is being permanently recorded. The actual device you use is probably the most damning, since it likely contains Intel vPro/ME (basically a frontdoor). It doesnât matter how audited and secure the source code is for the software/OS you run if Intel/AMD has the keys to OOBM integrated in your CPU/chipset. Tor is a tool funded heavily by various US Alphabet agencies such as the DARPA and was created(or at least popularized/pushed) by the Navy. There are multiple examples of âthe USâ using 0days to exploit users and it is difficult to audit the network due to its anonymity structure unless you control a ton of nodes.
i2p is similarly broken, it uses java, and probably should be treated as compromised software as well. Assuming (big assumption) that you can use a physical device securely âthe clearnetâ can easily be used to transfer messages that might go unnoticed for some time and when they are found might take an exorbitant amount of processing power to decode. Using a VPN/tor/i2p/Yggdrasil and other similar overlay networks may just put you on a list and draw more attention.
Trying to stop someone at starbucks from intercepting your bank info, use a vpn. Trying to stop the alphabet boys from reading your email, gooooood luck.