Here’s the scary sounding part that can be counterintuitive. The routers you’re communicating with do know your ip, since they have to like you mentioned. Your ip address is also in i2p’s DHT as a “router info” which functions as a network addressbook for routers and services so things can be found without needing a centralized lookup service. Again, because for the network to work, routers need to be able to find eachother, or they can’t communicate.
But, routers function on a need to know basis. i2p uses separate up and down links for each tunnel, and your side of the tunnel by default has 3 hops. other side usually also has 3 hops. typical unidirectional tunnel looks like this with total of 7 hops:
A-x-x-x=x-x-x-B
None of the chains in the link know what position they’re in (except for the endpoints). They also don’t know how long the whole tunnel is. The sender and receiver only know their parts of the tunnel. On the dht side, by design no single router has a whole view of the network, but there isn’t a whole lot of information you get from that other than knowing that person at stated ip address uses i2p, which your isp would be able to tell for example anyway just like using tor or a vpn. There’s no reason to try to obfuscate that except for getting around restrictive countries firewalls.
The way i made sense of it was like you have an envelope that is inside several other envelopes, with each envelope representing a layer of encryption. You get an envelope from kevin, so you know kevin. You open the envelope and see another envelope addressed to george, you give the envelope to him. So you know kevin and george. But the rest is unknown to you. You don’t know who the true originator of the envelope is or where the message is ultimately going.
Not a perfect analogy, but because of this the ultimate sender and receiver are blind to each others ip address. It’s layered encryption allowing this to happen which is similar to onion routing. Called garlic routing in i2p since there are some tweaks.
main things:
imagine you have one of those multihop vpns setup, but instead of one connection you have several different multihop vpns running at the same time, and every one of those vpns gets a new server every 10 mins. very roughly, that’s how they work. Since there’s so many paths, they’re very long, and the paths are constantly changing, it’s hard for observers to make sense of what goes where. In i2p it’s usually 7 hops each way. there may be thousands of connections at a time for each node, all changing every 10 minutes.
with both tor and i2p, we encrypt and decrypt at each hop, so no node in the chain can read messages. an observer can listen in, but they don’t know for sure what goes where, and they wouldn’t be able to understand what’s being said. in tor and i2p, this protects everyone running a node (except for exit nodes), since they maintain plausible deniability regardless of what passes through them.
i2p goes further. with the vpn analogy, you would get 2 sets of vpns: one for outgoing traffic and one for incoming. everyone else is doing the same thing, so if you want to share an image with someone the other person will run their own chain of vpns to meet with your chain of vpns to see it. you never connect directly. where the vpn analogy falls apart is since you’re routing traffic for other people in i2p, you’re also a server hop for other people. so you mix their traffic in with your own. there’s also some random noise added in all to make the life of an observer even more confusing. it’s all mixed together like cloves of a garlic bulb to make the life of an observer as hard as possible. traffic mixing and separate outbound/inbound tunnels are the major differences with garlic (i2p) and onion (tor) routing.
since tor doesn’t maintain many connections to hide your traffic in the mix with other users, tor uses stream isolation to use a different path for each website so you look like a new person each time. it uses the same set of nodes for up and down traffic like a vpn does. it does not mix traffic with peers. getting to clearnet with tor (and i2p) is a weak link since whoever runs the server has power to snoop your traffic (or inject things). but tor has many exit nodes, all automatically changing for you. there’s only 3-4 exit nodes (outproxies) in i2p.