Others have summarized it well but I'll add my perspective also.
I2P is a decentralized network of peers. All traffic gets routed through multiple peers before reaching its destination. Traffic is also encrypted by multiple layers of encryption and each connected peer can only decrypt one layer, that layer will only contain further routing info so that peer knows the next place to hand off your data. The encryption gets stripped layer by layer until it finally reaches its destination.
What this ultimately means is that by interacting with a website or service through I2P it is virtually impossible to identify any information the user is sending or receiving and it is also impossible to tell where the connections are going or coming from.
To make things even more interesting all I2P routers by default also contribute resources back into the network so while your I2P Router is handling your communication connections, it's also volunteering to be a connection node in someone else's connection. This adds further security because now you've got many Peer to Peer connections going in and out of your network, all encrypted so any prying eyes will have an exceedingly difficult time trying to make sense of any of your internet traffic.
Tor relies on the good faith of its community to contribute resources to the network and it's not very well incentivised causing its resources to be far more limited and bogged down. For this reason, Tor cannot sustain heavy torrent traffic without easily being overwhelmed. In I2P, every user is a contributor so the more people who use I2P, the faster and better it becomes.
The big advantage Tor has over I2P are outproxies and the beautifully prepacked Tor Browser. Tor has a lot more influence and money backing it so there are some large and well protected entities that can afford all the legal trouble that outproxies can bring. Unfortunately there just isn't enough money or legal support in the I2P community to reliably support outproxies even though I2P already has full support for it.
I2P is a fantastic tool for private communication across the Internet and the true ELI5 here is I2P natively supports "anonymous" torrenting (even encouraged it as it strengthens the network further) and will do so privately and securely without any need for a VPN. Adding support to QBittorrent makes it even easier to access I2P torrenting with very minimal set up required.
The only catch here is you can't go around downloading any old torrent from the Internet on I2P, someone needs to actually be seeding that torrent on the I2P network for you to get any data. There are fully functioning tracker sites exclusively within I2P that have a huge catalog of content but all is not lost for "clearnet" torrents either. Software like BiglyBT and now QBittorrent, allows users to "bridge" or "cross seed" torrents across the two networks, that way content is shared no matter what network you're a part of.
BiglyBT has been doing this for a while now but I'm so happy to see QBittorrent finally embracing this as well.
To summarise, I2P is similar to Tor, except that every client also serves as a node, and there are no exit nodes, so you can only access data shared by other I2P clients
What stops governments/LEO/copyright dragons from spinning up thousands of the fastest/most accessable i2p nodes so that clients connect to them first, then these hosts log the traffic paths to identify origin/destination?
All traffic gets routed through multiple peers before reaching its destination
I wonder why the whole internet is not designed like this.
if we designed basic protocols like TCP and UDP with user privacy (in practice hiding his IP-Adress) as the most important point we would have a more secure internet I currently think... or am I wrong here?
The main new feature is support for I2P, the Invisble Internet Project. It uses a fully encrypted privacy network layer to hide user activity and locations. The network does not use servers. Peers contributed "a portion of their resources" to other network particpants.
The maintainers promise that "non one can see where traffic is coming from, where it is going, or what the contents are" when the Invisible Internet Project is active.
It's a dark network. Instead of going to a website, you go to an "eepsite", and to get there you securely route through a bunch of random computers (as if you went through 10+ VPNs). It's similar to Tor, but the main difference Tor's primary goal is to visit websites (on Tor, "onion sites" exist, but unlike I2P, "onion sites" are not the primary focus of Tor).
Everybody contributes bandwith. And because everybody contributes bandwith, privacy is created because you can never know if you reached the end of the chain and found the creator of the first network request.
In theory it's a lot more secure than the tor network. In practice it gets 1/100th of the funding, because you have to be a computer nerd to even install it, need a computer to keep it running 24/7 (longer you run, more privacy) , while tor browser "Just works" and can start providing privacy to everybody right away.
I've been trying to connect qbittorrent to my local i2pd node for the last 30 minutes and for the life of me I cannot get it to work, even though other services work via SAM in the same port. Everything just times out.
It is experimental indeed. While it "works", it is no where near the reliability and efficiency of other I2P torrent clients like I2Psnark or BiglyBT, both of which are Java based.
It requires running additional software, a so called "I2P router".
This can be ran on Linux and Windows systems too, on localhost or for your local network.
What I'm curious about is, if I use I2P for torrenting, am I only routing connections for others who are sharing the same torrent, or am I also helping to route connections for any other torrent? In other words, can I2P lead a user's computer to inadvertently be routing transfers of gnarly stuff like CSAM, or is their device only ever helping to route connections for torrents they choose to download?