The Crucial Difference Between Encryption And Anonymity

By now just about everyone understands what encryption is: We turn our transmissions into gibberish so that none but the intended parties can understand them. And so, what goes in to encryption looking like this:

Arise, you have nothing to loose but your barbed wire fences!

And comes out looking something like this:


Encryption is great because it’s more or less impregnable when implemented correctly. And that makes it a tremendous tool when facing overly powerful adversaries: No matter how powerful they may be in the usual sense, fighting encryption involves – literally – fighting mathematics.

The power-mongers may be able to put bullets through millions of bodies, but they can’t put bullets through a single math problem. Encryption, if well-implemented, is nothing but math, and so it is utterly immune to power.

So, yeah, encryption is an awesome thing, and we’ve done great things with it.


Now, as much as I love encryption (and I do), it’s not by itself sufficient in practical applications. Consider this, please:

A cadre of armed snoops are looking for something against you. And so, they steal all your Internet traffic and analyze it. Unlucky for them, it’s all encrypted, and they can’t read a single word. But… they can see who all your transmissions are sent to.

And so, they know what volume of transmissions go to your spouse, and at what times of day. No real problem there, but they also see that you’re communicating with a known dissident, and that you communicate with him regularly.

At this point the armed snoops are likely to pick you up. But they don’t have to; if they prefer, they can also analyze your traffic over longer periods of time to find patterns in it. And if they’re clever, they can probably figure out when you and the dissident will physically meet, and grab the two of you together.

They can also figure out who your mutual friends are, and pick up the lot of you.

So, we need to remember this: Even with perfect encryption, they can still nail you if they know who you talk to.

Said another way: If they have enough meta data, even encryption isn’t enough. We need encryption and anonymity.

Creating Anonymity

Back in the 1980s and 1990s some of the clever crypto lads came up with ways of mixing data streams so that no one could tell what came from where. We called these systems Mixmasters, after the kitchen appliances that chopped things into zillions of pieces.

Here’s the first system of cryptographically secure mixes, created by David Chaum:

I won’t go through a precise explanation, but you can see how things come out of the Mixmaster in radically different ways than they came in. The tricky thing about this was keeping all the streams properly encrypted through the process. But Chaum figured out how, and lots of other applied his tricks.

The snoops have gotten much, much better since the 1990s, sadly enough, and so more complex systems are needed these days. Here, roughly, is how Cryptohippie’s anonymity system is structured:

That big circle is our anonymity network. It bounces traffic, Mixmaster style, between widely separated servers in multiple jurisdictions.

And, there are other tricks beside the Mixmaster. We can pad traffic, crowd traffic, use various delays, and so on. In the end, all the tricks combine to produce strong anonymity.

The Point…

I think this little paper has made our point clearly enough: Encryption is wonderful and necessary, but for practical uses you need anonymity too.

Anonymity can be manufactured, but it’s a separate job, and not the easiest job. It is, however, available.