Systemic Flaws in the Invisible Internet Project: Analysis of Exploitable Design Choices

Decentralized anonymity networks such as I2P rely on a core assumption: that key algorithms (such as peer selection) behave the same across all participating nodes. We show this assumption breaks down when the network runs multiple different software implementations. By comparing the three main I2P clients, namely, the standard Java version (I2P), its performance-tuned fork I2P+, and the lightweight C++ daemon i2pd, we uncover major differences in how each selects peers. These aren't minor tweaks. They present serious, exploitable flaws that stem from unclear rules in I2P’s protocol. We found three critical issues. i2pd lets malicious peers wipe their reputations clean. Peer pool sizes differ by orders of magnitude across implementations, and there are no checks to verify whether a peer’s self-reported capabilities are genuine. These gaps create predictable behaviors tied to specific software implementations. Attackers can fingerprint which client a user runs, launch cheaper Sybil attacks, and split the global anonymity set. The resulting anonymity, therefore, depends on which software implementation you choose. This makes heterogeneous implementations without enforced security a systemic risk. Reliance on protocol compatibility alone is insufficient to guarantee coherent security. We propose mitigation pathways that formalize security-critical sub-specifications and establish cross-implementation adversarial testing frameworks to preserve the integrity of decentralized anonymity networks.