FINDING · DETECTION

I2P payload entropy is close to 8 bits per packet (Figure 9), confirming strong encryption that renders payload content analytically unusable. Across all CNN experiments, models trained on payload data alone achieved 72.5–76.5% accuracy versus 95.17–99.5% for metadata-only variants; encrypted payload acted as 'noise that confused the model' rather than as a signal.

From 2026-rohrer-convolutional-neural-networks-deanonymisation-i2p — Convolutional-Neural-Networks for Deanonymisation of I2P Traffic · §IV-A, §V Experiment 2, Table IV · 2026 · arXiv preprint

Implications

High payload entropy is necessary but not sufficient for traffic protection — protocol designers must treat metadata (packet sizes, timing, port numbers, TCP fields) as the primary leakage surface requiring obfuscation.
Fully-encrypted protocols that randomize payload are already defeating payload-based classifiers; the next hardening priority is metadata normalization to prevent metadata-only models from operating.