Pseudonymity uses persistent identifiers other than real names, enabling accountability while providing partial unlinkability; however, use of the same pseudonym across different contexts enables linkability: the attacker can link all data related to a pseudonym. Unlinkability of two messages requires that the attacker cannot sufficiently distinguish whether they share a sender or recipient; for a scenario with n senders, this holds iff the probability of common authorship is sufficiently close to 1/n.

Global anonymity is maximized when the anonymity set is large and behavior is uniformly distributed: 'global anonymity is maximal iff all subjects within the anonymity set are equally likely.' Strong global anonymity does not protect individual 'likely suspects' — even in a strong-anonymity system, one user with distinctive behavior may have weak individual anonymity. Strong or even maximal global anonymity does not imply strong anonymity of each particular subject.

§3 defense

Adding dummy traffic to any anonymity mechanism yields the corresponding kind of unobservability: 'A mechanism to achieve some kind of anonymity appropriately combined with dummy traffic yields the corresponding kind of unobservability.' DC-nets achieve sender anonymity and MIX-nets achieve relationship anonymity; with dummy traffic both achieve the corresponding sender and relationship unobservability respectively.

§8 defense

Undetectability of a message requires that it be indistinguishable from 'random noise' — an attacker cannot sufficiently distinguish whether the message exists or not. This is distinct from anonymity, which protects only the relationship between an IOI and a subject, not the IOI's existence itself. Undetectability is possible only for subjects not involved in the IOI; senders and recipients cannot achieve it against each other.

§6 defense

The paper establishes a strict property hierarchy: unobservability ⇒ anonymity, and sender/recipient anonymity ⇒ relationship anonymity. Unobservability is strictly stronger than anonymity because it additionally requires undetectability against all uninvolved subjects — the IOI's very existence must be hidden — while anonymity only hides the subject's relationship to the IOI.

§7 defense

A three-stage detection pipeline exploiting the "dual-role" behavioral fingerprint of single-IP circumvention relays achieved 23.2% recall (96/414 ground-truth relays) with a 0.18% false-positive rate against 97,651 benign TLS servers, for an overall accuracy of 99.5%. The ground-truth set covered OpenVPN, WireGuard, and SOCKS relays identified in a 17 TB single-day backbone trace (WIDE Project, April 9, 2025).

2026-almutairi-server §3.4, Table 1 traffic-shapedpiflow-correlation

The paper concludes with design guidelines for future FIA-based privacy-enhancing technologies, identifying that path-aware routing in SCION and NDN's in-network caching both create new surveillance exposure: SCION path headers reveal routing metadata to on-path censors; NDN caching at routers means content is replicated at points under censor control. The authors recommend that PETs built on FIAs treat these architectural features as threat vectors, not privacy benefits.

2025-wrana-sok-surveillance §6 dpiflow-correlation

Wrana et al. systematically assess how well existing surveillance and censorship mechanisms can target users of Future Internet Architectures (FIAs) — including NDN, SCION, XIA, and MobilityFirst — finding that DPI and flow-correlation techniques from the current internet map onto FIA traffic with moderate adaptation. The paper identifies that FIA naming/addressing schemes introduce new censorship attack surfaces (e.g., content-name-based filtering in NDN) not present in IP-based architectures.

2025-wrana-sok-surveillance §4, §5 dpiflow-correlationmeasurement-platform

The original Slitheen appended covert upstream data directly to overt HTTP requests, significantly changing upstream traffic patterns and enabling censor identification even when traffic is encrypted. This upstream traffic analysis vulnerability—absent from Slitheen's original threat model—is the primary weakness Slitheen++ addresses.

2020-birtel-slitheen §1, §4 traffic-shapeflow-correlationdpi

Centralized communication architectures have a single global point of failure: governments can leverage centralization to surveil with or without operator cooperation, as demonstrated by the Snowden revelations about Skype, Facebook, and Google. A compromised broker in a centralized design enables monitoring and censorship that spans all users of the service.

2014-tan-censorship §2.1 flow-correlationdpi

During the June 2025 Iran shutdown, circumvention tool performance diverged sharply by transport design. Psiphon's multi-protocol architecture sustained 1.5 million concurrent users—roughly one-third of its normal Iranian base. Lantern's "proxyless" protocol (domain-fronting via CDN, ~40% of Lantern's Iranian traffic) showed moderate success. Tor usage collapsed during the blackout but bridge connections surged and rebounded quickly after lifting. BeePass (serving 500k+ daily users at shutdown onset) used live A/B testing of port/obfuscation-prefix combinations to probe the censors' blocking parameters in real time. The Ceno Browser's P2P network grew from 600 active peers on June 13 to ~8,000 by July 11, indicating that decentralized fallback paths stayed up even during peak blocking.

2025-iran-shutdown-measurement §Tool Performance dpithrottling