Figured I would add this here, or maybe we should create a separate thread for publishing literature about anonymity network security. AnonBib is focused mostly on Tor. Here's a new paper about deanonymizing I2P users: http://wwwcip.informatik.uni-erlangen.de/~spjsschl/i2p.pdf There's no date in the paper, but a thread was started about it 2 weeks ago here: http://zzz.i2p.us/topics/1414?page=1#p6850 It also references papers from 2012. So, I think it was published in the last month or two, and it was definitely published this year. Practical Attacks Against The I2P Network In this paper, we describe an attack that can be used to break the anonymity of a victim who is using anonymized resources in I2P  for example, a user browsing eepsites (I2Ps terminology for anonymous websites) or chatting. We are able, with high probability, to list the services the victim accesses regularly, the time of access, and the amount of time that is spent using the service. We first show how an attacker can tamper with the group of nodes providing the netDB, until he controls most of these nodes. This is possible because I2P has a fixed maximum number of database nodes (only a small fraction of nodes in the entire network host the database). The set of nodes can be manipulated by exploiting the normal churn in the set of participating nodes or by carrying out a denial of service (DoS) attack to speed up the change. We show how a Sybil attack [6] can be used as an alternative approach to control the netDB. By leveraging control over the network database, we demonstrate how an Eclipse [7, 8] attack can be launch. This results in services being unavailable or peers getting disconnected from the network.Finally, our deanonymization attack exploits the protocol used by peers to verify the successful storage of their peer information in the netDB. The stor age and verification steps are done through two independent connections that can be linked based on timing. Using the information gathered by linking these two interactions, an attacker can determine (with high probability) which tunnel endpoints belong to specific participants (nodes) in the I2P network, and, therefore, deanonymize the participant. Experimental results were gathered by tests performed both on our test network and on the real I2P network (against our victim nodes running the unmodified I2P software; no service disruption was caused to the actual users of the network). In summary, the main contributions in this paper are the following: 1. A novel deanonymization attack against I2P, based on storage verification 2. Complete experimental evaluation of this attack in the real I2P network 3. Suggestions on how to improve the I2P to make it more robust