Sigh…
At this point I do not think implementing it is worth it.
This thread went from questions of Post Quantum Privacy to extreme ways to try to stay anonymous.
I don’t think true anonymity is possible with our technology while maintaining reasonable usability. Some of the replies and the proposal is all about how we can actually stay anonymous when we are still using an underlying public IP Protocol. An attacker with enough resources is always going to be able to tell someone was connected and sent and received something. The real protection is in the cryptography to protect that data.
Changes for basic networking connectivtiy to provide anonymity is going to need to be something standards based at the IETF level… and I can imagine the regulation pushback or bans from governments if that happened. Governments already want to backdoor encryption!
Points about small pools of nodes and malicious nodes are valid, but what can an attacker do with that information? They can see or possibly trace back to an IP that someone did something without knowing what or they can DoS and block a transaction from propagating. The same thing happens with tor - the attacker either knows something was sent or they block the transaction.
The problem with the anonymity level being discussed is you need a large pool of components that look identical to each other. Once a system becomes a larger pool of the whole system, then more anonymity can be assured. But when using tor or not, or a smaller network like Zcash, the users will always stick out when analyzed because they are in the minority. Attempts to keep the transmission packet sizes constant and randomize the sending time (usually not as desirable) and randomized destinations can help a lot more. I briefly looked at node-tor and it is set to use user browsers running peersm, but I have my doubts to how large a pool that will be and how well that will increase any real anonymity. Perhaps if it gets absorbed into a large project like Chromium it will be worth it as it would greatly increase the pool size.
So what about solutions that I mentioned like Lokinet/OXEN? It suffers the exact same problem - it’s still based on IP and if you want to talk to the rest of the world, you have to exit somewhere… and the number of exits and swarms connections is relatively extremely small.
Comments on using tor/onion further try to obfuscate the connection and most regular entities are not going to get any useful data from that, but well funded adversaries might. This is the case with Dandelion++ as well. It is an improvement on the gossip protocol but still not a guarantee against an attacker with resources to monitor at the ISP level. At this point, the best protection (legally) would be deniability - because it would be difficult to prove that a connection through an exit node really came from a specific source.
All this being said, I am not against improving the anonymity layer of Zcash. Adding things like Dandelion++ and implementing ways to control tor connections like the tor browser would be helpful. However, I think we need to keep it real in understanding that as big data and processing power increases, it is increasing more and more difficult to obtain true anonymity. Instead we should be aiming for sufficient enough so that is it not worth an attackers time and resources. Smart attackers are always going to go for the weakest link… and unless you never “exit” the Zcash network, you can never actually use its value. At some point if you ever send to someone else or an Exchange, chances are that attacker will be watching there to start linking transactions.
