Yes, it’s the next step and an evolution because it is far more of a trust less approach. With VPNs you need to trust your provider. If they “give you up” then you’re well and truly fucked. For I2P there is no way for a malicious node operators to parse out who is doing what. And the source code you can vet yourself so no need to trust it. Still if you have actors working together in the nodes, the torrent provider and at the ISP level then you can most certainly find a way to break the layer of secrecy. The barrier is however vast and so far police haven’t spent that much effort on piracy because it isn’t a serious crime in the eyes of the law. And I don’t foresee that they will for many years.

It’s also far more accessible than say Usenet and VPN+private trackers. Which is a very good thing for privacy in general.

But at the same time I2P is still built upon TCP/IP so it’s still like encrypted yodeling. Finding out who’s likely yodeling down movies is rather easy. The protection instead lies in the high barrier to prove exactly which movie and when so as to pass the barrier for court admissable evidence.

Now don’t misunderstand me, I2P is great stuff and I’ve used it on and off for years, but it shouldn’t be treated as the holy grail of safe and secure communication. Nothing can truly be that if it’s built on TCP/IP for fairly obvious reasons.