Back to Security Pattern Catalog


Classification Key : Exterior Security, Information Disclosure


Anonymity Set mixes an entity with equally probable entities. Pseudonymous Identity cloaks identity behind an alias, which reinforces the anonymity cover. However, a single anonymity solution may not guarantee strong privacy. For example, an attacker may observe the incoming and outgoing traffic of a single mix node, or even perturb the traffic (e.g., blending attack) to compromise anonymity. Users should also not trust a single mix network, because it may be owned by an active adversary.
How can anonymity solutions be strengthened to have defense in depth?


Adopt multiple instances of an anonymity mechanism in layers. Chain multiple mix nodes instead of one and route traffic through multiple nodes. Adopt multiple pseudonym covers to protect users.

Known Uses

All practical mix based networks for emailing and browsing are chained. Popular remailers such as Morphmix, Mixmaster and popular browsers such as Tor route user traffic through multiple mixes.

Related Patterns

Anonymity Set, Layered Encryption


Hafiz Privacy Patterns


Anonymity, Privacy


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz