I made another two posts about this, but I made a mistake and then took a lot of time to explain it and kind of messed my thread up, so let me give this one more shot. Usually those sorts of attacks are called watermarking or tagging attacks (the source of my original confusion and mistake), but I see now that watermarking attacks actually use covert channels, so it is not incorrect to call them covert channel attacks. In any case, watermarking attacks are not particularly worrying because the attacker still needs to see the watermarked traffic at entry and exit. On the Tor network, and most other low latency networks (all implemented ones afaik), passive traffic correlation attacks can be used to accomplish everything that active traffic watermarking attacks accomplish. In the past Tor Project officials have expressed the belief that people focusing on watermarking attacks against Tor are often confused, as they are not really adding new capabilities to attack Tor (since all watermarking attacks are no more effective than passive correlation attacks against Tor traffic). You are a bit confused, mixmaster is a high latency E-mail specific network. JonDoNym routing nodes are called mixes, but this is hotly debated terminology (nobody else calls them mixes) because they don't actually do mixing (mixmaster routing nodes, on the other hand, do indeed engage in mixing). That said, yeah JonDoNym is often seen as a better solution than most VPN providers. Here you are misunderstanding the goal of a watermarking attack. The attacker does not need to follow the traffic flow, if they had to follow the traffic flow through all hops there would be no real point to a watermarking attack. Watermarking attacks are so that in a scenario such as this: Alice - Node 1 - Node 2 - Node 3 - Node 4 - Node 5 - Node 6 - Node 7 - Destination Node 1 can watermark the traffic, and then when it gets to node 7 the watermark can be extracted. This allows the attacker who owns node 1 and 7 to link Alice to her destination without having to observe the traffic as it passes from node 2 to node 6. The watermark can be seen as being sent through a covert channel from node 1 to node 7, which is why I now see that it isn't really incorrect to call these covert channel attacks (but I don't think I have ever heard them that before, almost always watermarking attacks). The thing is though that if the same attacker owns node 1 and 7, they don't even need to insert a watermark at node 1, because all of the low latency anonymity networks are already weak to passive traffic timing correlation attacks.