Skip to main content

Strong vs Weak Anonymity

· 4 min read

In a surveillance-heavy digital era, protecting your online anonymity is more important than ever. This article delves into the distinctions between strong and weak anonymity, examining the limitations of common tools like VPNs and Tor, and highlighting how mix networks can provide superior privacy. Discover the critical trade-offs and why robust anonymity for secured digital communications requires advanced solutions.

The Importance of Anonymity in a Surveillance Society

We are surrounded by surveillance. Corporations datamine our habits for profit, governments seek as much control over the internet as they can get, and scammers look for a way to make a quick buck. Some of these forces managed to get enough power over the network that they can keep track of a significant proportion of traffic being made on it, especially if we think of the data as it is crossing the wires between your device and the servers you're trying to reach. That's why it is so important to use end-to-end encryption, so that the contents of what you're doing can't be seen on the way. The good news is, we know how to do that. An arguably harder problem is to make sure a powerful surveillance adversary can't see that you're talking to somebody at all.

Assuming that we want to protect this information from someone who can see all (or a significant portion) of traffic on the network as they are in transit, we are talking about a global passive adversary, often abbreviated as GPA. This is a tall order, and comes at a cost of resources and comfort. Many tools concerned with anonymity on the internet are happy with delivering only protection from less powerful adversaries. We are about to give an overview of why someone might make that decision, and why we don't. This is the difference between strong and week anonymity.

The Trade-Offs of Anonymity

The most prevalent types of anonymity tools offer weak anonymity by means of proxying traffic so that the connection doesn't go directly from one device to another. It's the fundamental building block of VPNs and Tor. And it helps - If someone is watching traffic leaving your device, even just relaying it through a VPN can obscure their destinations. However, what if that same person is watching traffic both entering and leaving the VPN? They could figure out the linkage between input and output VPN stream segments by how much data is being transmitted, or by the precise timing. That's why if we want to make sure they don't, we have to at the very least obscure both the timing and the bandwidth.

If Tor or VPNs added delays in their transmitting stream segments this could possibly protect against statistical analysis if they also added decoy stream segments as well. This immediately creates a trade-off. You can't browse the internet with the same comfort as if you weren't masking your traffic this way. Transfers of data will take longer, and you can't expect to have access to high bandwidth if the entire time you'd have to pad your traffic to that very high traffic. This trade-off is why the tools that aim to simulate the experience of browsing the internet comfortably, like VPNs or Tor, don't achieve strong anonymity.

Achieving Strong Anonymity with Mix Networks

Instead, our approach is different. You can, with a carefully constructed mix network, achieve strong anonymity for certain kinds of communication, like sending and receiving message to/from a blockchain node. These are the kinds of communication that are not particularly bandwidth-heavy, and are somewhat latency-tolerant. Additionally, it's very important that protocols do not force interaction, otherwise there will be attacks that will break the privacy/anonymity notions. Our goal in producing mix networks is to protect your communication from someone who might see all traffic on the network.

For a deeper dive into mix networks, please see our introduction to mix networks.

VPN over Mixnet: Does It Achieve Strong Anonymity?

VPNs superimposed over mixnets have weak anonymity properties just like Tor or a normal VPN, and we should take care not to conflate the two threat models.

Conclusion

The world needs a global communications network that has strong anonymity. We believe mix networks are the very best and most practical way forward, while also absorbing tools and ideas from other kinds of anonymity tools.

Further resources

The concepts we glimpsed above are based on decades of research. The trade-offs between anonymity, latency overhead, and bandwidth overhead are best summed up as the Anonymity Trilemma.

An overview of the evolution of mix network designs to date is available at the Katzenpost website.