Generally speaking, for standard, vanilla configurations. I2P's biggest concern is long term intersection attacks. Client enumeration is very easy. If users are at all pseudonymous, the attacker can observe who is connected to the network during times they see traffic from the targeted pseudonym. People go offline and come back, sometimes days pass in the mean time. If Pseudonym Alice is always active when IP a.l.i.c is connected to the I2P network, and is never active when a.l.i.c is not connected to the I2P network, then the attacker can come to a pretty solid guess that a.l.i.c is Alice's IP address. Especially because after the attacker has come to this pretty good guess, they can do active attacks such as DDoS to confirm their suspicion. I mean, many of you probably don't go onto Tor for days at a time on occasion. If you don't go onto I2P for days at a time, people might notice that you are not posting. Then when you come back days later they will notice you are posting again, and they will also see the IP addresses that are part of the I2P network. They will likely correctly guess that you are the IP address that left the network when you stopped posting and joined the network right before you started posting. Of course even ignoring this, client enumeration is bad news for vendors. Since LE already knows where vendors ship from, they can therefor use client enumeration to narrow in on a likely very small set of IP addresses suspected of being the vendor. That in combination with a long term intersection attack will likely identify vendors very quickly. I2P is not really a good bet for us. I2P's biggest advantage is also its biggest weakness imo. Path lengths are variable and all users route for all users. This means that from an internal attacker, you probably have some plausible deniability from timing attacks. If the peer you are using for hop 1 is owned by the attacker, and the Eepsite you are visiting is also owned by the attacker, they can definitely tell that you sent packets to the Eepsite, but they probably cannot say with certainty that the packets originated at you. For all they know you could have routed the packets on for somebody else. In the face of an external attacker you will not have this protection, but having some level of protection against even only internal timing attacks is a very nice feature. Tor's biggest concern is timing attacks. If the attacker can watch your traffic enter the network and arrive at its' destination, then you are pretty much fucked. This can happen if your entry guard is bad and your exit node is bad, it can happen if your entry guard is bad and the website you are visiting is bad, it can happen if your entry guard is bad and the website you are visiting is being externally monitored, it can happen if you are being externally monitored and your exit node is bad, it can happen if you are being externally monitored and the site you are visiting is being externally monitored, it can happen if you are being externally monitored and the HSDIR you connect to is bad, it can happen if you have a bad entry guard and the HSDIR you connect to is bad, it can happen if you have the same entry guard as the hidden service you are connecting to, it can happen if your entry guard is bad and the hidden services introduction point is bad, it might be able to happen if your entry guard is bad and the final node you use while connecting to the HSDIR is bad, it might be able to happen if your entry guard is bad and the final node you use while connecting to the introduction point is bad, and I cannot even finish typing out more combinations of bad shit that could happen that could link you to the websites you are visiting because my hands are cramping up. Entry guards somewhat help alleviate this, but they rotate frequently enough that it is pretty much just a matter of time before somebody gets you with a timing attack if they want to badly enough. Tor has the potential to be quite well protected from long term intersection attacks because of entry guards and the fact that most clients are not also routing nodes. This makes it much harder to enumerate the entire list of client IP addresses. Most attackers who could manage to do a long term intersection attack against Tor wouldn't even need to because they could do timing attacks against everybody and totally deanonymize the entire network. Of course unless you use bridges, and until directory guards are implemented, Tor connects directly to the authority servers to bootstrap if it has been offline for more than about 24 hours. This means that monitoring the directory authority servers works for client enumeration. Thankfully this is in the process of being corrected though.