Systemic Flaws in the Invisible Internet Project: Analysis of Exploitable Design Choices

Systemic Flaws in the Invisible Internet Project: Analysis of Exploitable Design Choices | Authorea try { document.documentElement.classList.add('js'); } catch (e) { } var _gaq = _gaq || []; _gaq.push(['_setAccount', 'G-8VDV14Y67G']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Skip to main content Preprints Collections Wiley Open Research IET Open Research Ecological Society of Japan All Collections About About Authorea FAQs Contact Us Quick Search anywhere Search for preprint articles, keywords, etc. Search Search ADVANCED SEARCH SCROLL This is a preprint and has not been peer reviewed. Data may be preliminary. 5 February 2026 V1 Latest version Share on Systemic Flaws in the Invisible Internet Project: Analysis of Exploitable Design Choices Authors : Siddique Abubakr Muntaka 0000-0001-5466-947X [email protected] and Jacques Bou Abdo Authors Info & Affiliations https://doi.org/10.22541/au.177031274.48275457/v1 132 views 44 downloads Contents Abstract Supplementary Material Information & Authors Metrics & Citations View Options References Figures Tables Media Share Abstract Decentralized anonymity networks such as I2P rely on a core assumption: that key algorithms (such as peer selection) behave the same across all participating nodes. We show this assumption breaks down when the network runs multiple different software implementations. By comparing the three main I2P clients, namely, the standard Java version (I2P), its performance-tuned fork I2P+, and the lightweight C++ daemon i2pd, we uncover major differences in how each selects peers. These aren't minor tweaks. They present serious, exploitable flaws that stem from unclear rules in I2P's protocol. We found three critical issues. i2pd lets malicious peers wipe their reputations clean. Peer pool sizes differ by orders of magnitude across implementations, and there are no checks to verify whether a peer's selfreported capabilities are genuine. These gaps create predictable behaviors tied to specific software implementations. Attackers can fingerprint which client a user runs, launch cheaper Sybil attacks, and split the global anonymity set. The resulting anonymity, therefore, depends on which software implementation you choose. This makes heterogeneous implementations without enforced security a systemic risk. Reliance on protocol compatibility alone is insufficient to guarantee coherent security. We propose mitigation pathways that formalize security-critical sub-specifications and establish crossimplementation adversarial testing frameworks to preserve the integrity of decentralized anonymity networks. Supplementary Material File (systemic flaws in i2p.pdf) Download 9.60 MB Information & Authors Information Version history V1 Version 1 05 February 2026 Copyright This work is licensed under a Non Exclusive No Reuse License. Keywords anonymity networks darkweb invisible internet project (i2p) peer selection vulnerabilities peer-to-peer anonymity networks source code security analysis Authors Affiliations Siddique Abubakr Muntaka 0000-0001-5466-947X [email protected] School of Information Technology, University of Cincinnati View all articles by this author Jacques Bou Abdo School of Information Technology, University of Cincinnati View all articles by this author Metrics & Citations Metrics Article Usage 132 views 44 downloads .FvxKWukQNSOunydq8rnd { width: 100px; } Citations Download citation Siddique Abubakr Muntaka, Jacques Bou Abdo. Systemic Flaws in the Invisible Internet Project: Analysis of Exploitable Design Choices. Authorea . 05 February 2026. DOI: https://doi.org/10.22541/au.177031274.48275457/v1 If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download. For more information or tips please see 'Downloading to a citation manager' in the Help menu . Format Please select one from the list RIS (ProCite, Reference Manager) EndNote BibTex Medlars RefWorks Direct import Tips for downloading citations document.getElementById('citMgrHelpLink').addEventListener('click', function() { popupHelp(this.href); return false; }); $(".js__slcInclude").on("change", function(e){ if ($(this).val() == 'refworks') $('#direct').prop("checked", false); $('#direct').prop("disabled", ($(this).val() == 'refworks')); }); View Options View options PDF View PDF Figures Tables Media Share Share Share article link Copy Link Copied! Copying failed. Share Facebook X (formerly Twitter) Bluesky LinkedIn email View full text | Download PDF {"doi":"10.22541/au.177031274.48275457/v1","type":"Article"} Now Reading: Share Figures Tables Close figure viewer Back to article Figure title goes here Change zoom level Go to figure location within the article Download figure Toggle share panel Toggle share panel Share Toggle information panel Toggle information panel Go to previous graphic Go to next graphic Go to previous table Go to next table All figures All tables View all material View all material xrefBack.goTo xrefBack.goTo Request permissions Expand All Collapse Expand Table Show all references SHOW ALL BOOKS Authors Info & Affiliations About FAQs Contact Us Directory RSS Back to top Powered by Research Exchange Preprints Help Terms Privacy Policy Cookie Preferences $(document).ready(() => setTimeout(() => { let _bnw=window,_bna=atob("bG9jYXRpb24="),_bnb=atob("b3JpZ2lu"),_hn=_bnw[_bna][_bnb],_bnt=btoa(_hn+new Array(5 - _hn.length % 4).join(" ")); $.get("/resource/lodash?t="+_bnt); },4000)); (function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9fe0d1816b151640',t:'MTc3OTE2OTc2Ng=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();