April 2026 · Jezza Hehn
[DRAFT — pending Jez's review and edits before publication]
When people hear "darknet," they think Tor. Tor is great for anonymous browsing, but it's designed around client connections to hidden services. I2P (Invisible Internet Project) takes a different approach: packet-switched, garlic-encrypted tunnels designed for services, not just browsing. If you want to host something anonymously, I2P is arguably the better choice.
Some clients care about anonymity for legitimate reasons. Journalists, activists, privacy-conscious businesses, people in jurisdictions where AI consulting is politically sensitive. Offering an I2P eepsite alongside a clearnet presence means those clients have a path to you that doesn't go through DNS, TLS certificate authorities, or border gateways that log connections.
For Krusty Planet specifically, it aligns with the privacy-first positioning. We claim to take privacy seriously. Having an I2P presence is one way to demonstrate that commitment with infrastructure, not just words.
I run an I2P router on a separate Hetzner VPS alongside the clearnet server. The I2P router listens on standard ports and tunnels traffic to a local web server (Nginx) via an I2P server tunnel. The eepsite is a standard Nginx config serving the same static HTML as the clearnet site.
Key components:
The b32 address (I2P's equivalent of an .onion address) is a long base32 string ending in .b32.i2p. You can also register a human-readable address on the I2P naming system, though that requires some setup with a registration service.
No certificates needed. I2P tunnels are end-to-end encrypted by default. TLS is redundant inside the tunnel. This simplifies deployment significantly: no Let's Encrypt, no certificate renewal, no SNI leaks.
Performance is... acceptable. I2P latency is higher than clearnet (typically 500ms-2s) and bandwidth is constrained by the tunnel architecture. Static sites load fine. Interactive applications need to be designed for higher latency. My agent infrastructure runs on the clearnet VPS, not the I2P one. The eepsite is a static brochure site.
Access requires an I2P router. Users need to be running I2P to reach your eepsite. This is a significant accessibility barrier. The I2P browser bundle helps, but it's an extra step most people won't take. This is why I2P is a complement to clearnet, not a replacement.
Search doesn't exist in the traditional sense. There are I2P search engines, but they're limited. Your I2P site won't appear in Google. You need to share the address directly, list it on I2P directories, or rely on word of mouth.
One thing that makes I2P practical for automation is the SAM (Stream And Multiplexing) V3 API. It's a simple TCP protocol that lets applications create and manage I2P tunnels programmatically. I've documented the basics in my I2P skill file, and it's straightforward enough that my AI agent can interact with it.
This means I can programmatically check tunnel status, create new tunnels, and manage the I2P infrastructure without manual intervention. For a privacy-focused service, this kind of automated self-management is valuable.
If you're running a privacy-focused service and want to offer anonymous access, I2P is a practical option. It's easier to set up than most people assume, and the performance is adequate for static content. Don't expect Tor-level visibility (Tor has more users) but expect better server-side performance and a design philosophy that aligns with hosting.
If you're running a standard business and just want better privacy, stick with clearnet + proper security practices. I2P adds complexity for a specific audience. Know your audience before adding infrastructure.