Deep & Dark Web Extension
Linux: sudo apt update sudo apt install tor -y Windows/macOS: Download Tor Expert Bundle: https://www.torproject.org/download/ Extract and set PATH
# Edit torrc file
HiddenServiceDir /home/user/tor_hidden_service/
HiddenServicePort 80 127.0.0.1:3000
const express = require('express');
const app = express();
app.get('/', (req, res) => {
res.send("Welcome to your Tor Hidden Service (.onion) lab!");
});
app.listen(3000, () => console.log("Server running on http://127.0.0.1:3000"));
sudo systemctl start tor
Check /home/user/tor_hidden_service/hostname for your .onion address
Access it via Tor Browser
# iptables example: only allow local access to service port sudo iptables -A INPUT -p tcp --dport 3000 -s 127.0.0.1 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 3000 -j DROP ufw alternative (Ubuntu) sudo ufw allow from 127.0.0.1 to any port 3000 proto tcp sudo ufw enable
# Install dependencies (Debian/Ubuntu) sudo apt install build-essential libsodium-dev libssl-dev git -y Build mkp224o git clone https://github.com/cathugger/mkp224o.git cd mkp224o ./autogen.sh ./configure make Generate address with prefix "darkday" ./mkp224o darkday -d ./keys -n 1 -v Result stored in keys/ folder; move hostname & keys to HiddenServiceDir
# Apache config (.htaccess or virtualhost)
Header set Onion-Location "http://youronionaddress.onion%{REQUEST_URI}s"
Nginx config
add_header Onion-Location http://youronionaddress.onion$request_uri;
HiddenServiceDir /var/lib/tor/hidden_service1/ HiddenServicePort 80 127.0.0.1:3000 HiddenServiceDir /var/lib/tor/hidden_service2/ HiddenServicePort 80 127.0.0.1:3001
sudo apt install nyx
nyx -i 127.0.0.1:9051
# (requires ControlPort 9051 and HashedControlPassword in torrc)
# torrc additional lines
SocksPort 0 # disable SOCKS if not needed
HiddenServiceSingleHopMode 0 # keep to 0 for anonymity
HiddenServiceNonAnonymousMode 0
HiddenServiceMaxStreams 1000
HiddenServiceMaxStreamsCloseCircuit 1
Download I2P: https://geti2p.net/en/download
Install and start Java Router
const express = require('express');
const app = express();
app.get('/', (req, res) => {
res.send("Welcome to your I2P Hidden Service (.i2p) lab!");
});
app.listen(3001, () => console.log("Server running on http://127.0.0.1:3001"));
Open I2P console: http://127.0.0.1:7657/
Hidden Services → Add new service
Local Port: 3001
Service Name: MyI2PLab
I2P will give you a .i2p address
Use I2P Browser or Java Router to visit your .i2p address
Optional: Restrict access to LAN/Home network
# Debian/Ubuntu sudo apt install i2pd Configure /etc/i2pd/i2pd.conf (basic) Enable HTTP/HTTPS tunnels in /etc/i2pd/tunnels.conf [i2p-website] type = http host = 127.0.0.1 port = 3001 keys = website-keys.dat Start i2pd sudo systemctl start i2pd .i2p address will be printed in logs or derived from keys
# I2P includes a built-in Jetty server for eepsites.
# In I2P console: Hidden Services → New Eepsite
# Choose a name and the wizard creates the directory.
# Place your HTML/CSS files in ~/.i2p/eepsite/docroot/
I2P Console → Addressbook
Add subscription:
http://www.i2p2.i2p/hosts.txt (official)
http://stats.i2p/cgi-bin/newhosts.txt
(or other community jump services)
I2P Console: http://127.0.0.1:7657/
Graphs: bandwidth, tunnel status, peer count.
Logs: /var/log/i2p/ or ~/.i2p/logs/
# Check I2P router status curl http://127.0.0.1:7657/ Test your .i2p site locally curl --proxy 127.0.0.1:4444 http://youraddress.i2p Ensure firewall allows outbound I2P ports (randomized) Common issue: clock sync (use NTP)
Njalla offers private domain registration and VPS hosting. It supports Tor and `.onion` hidden services.
Visit Njalla Hosting
OnionHost specializes in `.onion` hosting and anonymous VPS.
OnionHost Info & Review
Run Tor on a VPS you control (DigitalOcean, Hetzner, Vultr, Linode, etc.) and follow Tor Project's setup guide.
Tor Official Setup Guide
If you just need a private encrypted network (not .onion/.i2p), consider:
FlokiNET provides offshore VPS and dedicated servers in Iceland, Finland, Romania. Supports Tor exit nodes and hidden services.
Visit FlokiNET
Iceland-based hosting with focus on freedom of speech. Accepts Bitcoin and supports Tor.
OrangeWebsite
OnionShare lets you securely and anonymously share files, host websites, and chat using Tor onion services without setting up a server.
OnionShare Website
| Feature | Tor | I2P |
|---|---|---|
| Routing | Onion routing (layered encryption) | Garlic routing (bundles messages) |
| Network model | Client → relays → exit node | Peer-to-peer, every node is a relay |
| Addressing | .onion (56-character Base32) | .i2p (516-byte Base64 destination) |
| Anonymity set | Large volunteer relay network (~7000 relays) | All participants are routers (tens of thousands) |
| Latency | Medium (3-hop circuit) | Higher (variable tunnel lengths) |
| Censorship resistance | Bridges, pluggable transports | Not as many bridges; more internal focus |
- Address format: <56-char Base32>.onion
- Public key: Ed25519 (32 bytes), embedded in address
- Authentication: Client authorization (optional)
- Introduction points: rotated to prevent DoS
- Rendezvous points: temporary meeting place
- End-to-end encryption: TLS-like layer (ntor) between client and server
Onion routing wraps data in multiple layers of encryption, like an onion. Each relay peels one layer. Garlic routing (I2P) bundles multiple messages (cloves) together, adding delays and mixing to frustrate traffic analysis.
Typical onion service latency: 300–800 ms (first byte)
I2P eepsite latency: 1–3 seconds (due to garlic routing)
Throughput: Tor ~10–30 Mbps per circuit, I2P ~2–10 Mbps
Optimizations:
· Enable HiddenServiceExportCircuitID (advanced)
· Use persistent introduction points (v3)
· Compress content, minimize round trips
· Choose low-latency entry guards (ping test)
server_tokens off; (nginx)Operating a hidden service is legal in most jurisdictions, but the content matters. Always comply with local laws. Use these technologies for privacy protection, whistleblowing, and human rights, not for illicit purposes.
Based on Wikipedia: Category:Anonymity networks — every major network, protocol, and supporting technology. All data, architecture details, and resources included.
Type: onion routing, low‑latency
Year: 2002 (alpha), 2004 (stable)
Current version: 0.4.8.x
Relays: ~7000 (guards, middle, exits)
Users: ~2 million daily (directly connecting)
Protocol: TLS‑encrypted links, 3‑hop circuits, perfect forward secrecy
Onion services: v3 (Ed25519), v2 (deprecated)
Censorship circumvention: obfs4, meek, Snowflake
Official site: https://torproject.org
Type: garlic routing, low/medium latency
Year: 2003
Routers: ~30 000 active (est.)
Transports: UDP (SSU), TCP, NTCP2
Addressing: 516‑byte Base64 destinations (.i2p), human‑readable names via addressbook
Tunnel length: 2‑4 hops (variable)
Key services: eepsites (HTTP), I2PSnark (BitTorrent), I2P‑Bote (email)
Routers: Java I2P, i2pd (C++), Kovri (C++ abandoned)
Official site: https://geti2p.net
Type: P2P, content‑addressable, high‑latency
Year: 2000
Routing: key‑based routing (KBR) with XOR metric
Modes: Opennet (public), Darknet (friend‑to‑friend)
Security: plausible deniability, encrypted data blocks
Protocols: Frost (forums), FMS (Freenet Message System), Sone (social plugin)
File storage: CHK (content hash keys), SSK (signed subspace keys), USK (updatable)
Official site: https://freenetproject.org
Type: P2P framework, multiple transports
Year: 2001
Components:
- CADET: low‑latency end‑to‑end encrypted messaging (onion routing like)
- GNS (GNU Name System): decentralized, censorship‑resistant name system
- FS (File Sharing): anonymous file transfer
- TRANSPORT: TCP, UDP, WLAN, Bluetooth, etc.
- DHT: distributed hash table
- SET: set reconciliation
Target: fully decentralized alternative to current internet stack
Official site: https://gnunet.org
Type: P2P web, not fully anonymous by default
Year: 2015
Addressing: Bitcoin‑based addresses (Namecoin .bit domains)
Transport: BitTorrent‑like peer discovery, optional Tor proxy
Content: zites (HTML/CSS/JS) served from peers; SQL database for dynamic sites
Crypto: Ed25519 signing, content integrity via hashes
Anonymity layer: can run behind Tor to hide IP
Status: actively maintained
Official site: https://zeronet.io
Type: F2F (friend‑to‑friend), encrypted
Year: 2006
Core: PGP‑based authentication, encrypted tunnels
Network: only connects to trusted friends (no global peers)
Services: forums, channels, mail, VoIP, file sharing, Tor/I2P integration
Anonymity: relies on Tor or I2P for outbound connections; otherwise pseudonymous
Platform: Linux, Windows, macOS, Android (port)
Official site: https://retroshare.cc
Mixmaster (1995):
- Anonymous remailer (email)
- High‑latency mix network, fixed‑size messages
- Supports multiple hops and random delays
Mixminion (2002–2011):
- Successor, uses single‑use reply blocks (SURBs)
- Exit policies, modular design
- No longer maintained but historically significant
Type: high‑latency mix network
Use: anonymous email, resistant to traffic analysis
Year: 2000
Type: mix cascade (fixed‑size, fixed‑order relays)
Trust model: one mix operator controls full cascade (controversial)
Services: HTTP proxy, SOCKS, premium paid version
Status: service discontinued (2016), code available
Year: 2017 (academic)
Type: low‑latency stratified mix network
Key features:
- Poisson‑based mixing delays
- Cover traffic to hide real messages
- Provider‑based architecture (mix nodes and clients)
- Strong anonymity against global passive adversaries
Status: research prototype, not deployed at scale
Paper: "Loopix: An Anonymous Communication System with Low Latency and High Throughput"
Year: 2015 (academic)
Type: messaging system with differential privacy
Technique: all users send constant‑rate dummy traffic; servers cannot tell who talks to whom
Scalability: limited to small groups (~100 users)
Goal: provable metadata privacy, not just IP anonymity
Year: 2016
Type: mix network using verifiable shuffle
Key tech: each server shuffles messages and proves correct behaviour via zero‑knowledge proofs
Low latency: suitable for file sharing and messaging
Status: research project, not live network
Year: 2015
Type: onion routing with improved performance
Core idea: symmetric‑key only setup (no per‑hop public‑key operations after circuit creation)
Throughput: claimed 93 Gbps on commodity hardware
Status: research prototype, not deployed
Paper: "HORNET: High‑speed Onion Routing at the Network Layer"
Year: 1998
Concept: users forward requests to random group members; web server sees all users as a "crowd"
Anonymity: weak against global observers, decent against local eavesdroppers
Status: historical, no current implementation
Year: 2002
Type: P2P mix network
Features: all participants act as mix nodes; uses layered encryption
Status: deprecated, replaced by Tor/I2P concepts
Type: overlay on I2P
Crypto: end‑to‑end encryption, DHT for storage
Anonymity: leverages I2P tunnels for sender/receiver
Status: stable, part of I2P package
- JonDonym (successor of JAP): premium mix cascade service (shut down)
- Privoxy: filtering web proxy, often used with Tor (not an anonymity network itself)
- AnoNet: experimental IP‑over‑onion network
- Phantom Anonymity Protocol: theoretical
- Mix network (general): category of high‑latency systems
- Onion routing (general): Tor's routing method
- Garlic routing: I2P's routing method
- Anonymous P2P: includes many file‑sharing networks (e.g., MUTE, AntsP2P)
- Darknet (file sharing): closed friend‑to‑friend networks (Waste, etc.)
| Network | Latency | Throughput | Scalability | Anonymity Strength | Best Use |
|---|---|---|---|---|---|
| Tor | Low | Medium | High (7000 relays) | Moderate (against local adversary) | Web browsing, hidden services |
| I2P | Medium | Low-Medium | High (all participants) | Moderate-High (internal) | Internal services, file sharing |
| Freenet | High | Low | Medium | High (darknet mode) | Censorship-resistant publishing |
| GNUnet | Variable | Variable | Low (experimental) | High (design) | Research, secure apps |
| ZeroNet | Low | Medium | Medium | Low (unless +Tor) | Decentralized websites |
| RetroShare | Low | Medium | Low (friend-based) | High (within circle) | Private group communication |
| Mixmaster | High | Very Low | Low | Very High | Anonymous email |
| Loopix | Low-Medium | Medium | Medium (theoretical) | High (cover traffic) | Future private messaging |
| Vuvuzela | Low | Very Low | Very Low | Metadata private | Small group chat |
| Riffle | Low | High | Medium (research) | High (provable) | File sharing, messaging |
| Hornet | Low | Very High | Medium (research) | Moderate | High‑speed anonymous routing |
- Messages are delayed and reordered by each mix node
- Fixed‑size messages (padding) to prevent size correlation
- Mix cascade: fixed set of mixes, strict order
- Free‑route mix: any node can be next hop
- Provides resistance to global passive adversary
- Example: Chaum's mix (1981), Mixmaster, Mixminion
- Circuit creation: client picks three relays, negotiates symmetric keys via telescoping or single‑pass (Tor)
- Each relay knows only predecessor and successor (onion encryption)
- Perfect forward secrecy (PFS) via ephemeral Diffie‑Hellman (ntor)
- Cells: fixed‑size 514‑byte packets to resist traffic analysis
- Circuit types: exit circuits, internal circuits (hidden services)
- Bundles multiple messages ("cloves") into one garlic clove
- Cloves may be for different destinations or future times (delayed)
- Adds uncertainty and mixing within a single tunnel message
- Combined with unidirectional tunnels (inbound/outbound) for separation