Back to Security Pattern Catalog
: Exterior Security, Information Disclosure
Anonymity Set mixes an entity with equally probable entities. Pseudonymous Identity cloaks identity behind an alias, which reinforces the anonymity cover. However, a single anonymity solution may not guarantee strong privacy. For example, an attacker may observe the incoming and outgoing traffic of a single mix node, or even perturb the traffic (e.g., blending attack) to compromise anonymity. Users should also not trust a single mix network, because it may be owned by an active adversary.
How can anonymity solutions be strengthened to have defense in depth?
Adopt multiple instances of an anonymity mechanism in layers. Chain multiple mix nodes instead of one and route traffic through multiple nodes. Adopt multiple pseudonym covers to protect users.
All practical mix based networks for emailing and browsing are chained. Popular remailers such as Morphmix, Mixmaster and popular browsers such as Tor route user traffic through multiple mixes.
Anonymity Set, Layered Encryption
Hafiz Privacy Patterns
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz