If it is based on DC-net's it is probably indeed provably anonymous to the set size, but the set size will be small. Also they will really need to be able to boot misbehaving spammers because only one person at a time can send a message on a DC-net. edit: though you can have redundant DC-nets using the same infrastructure the get around that. It still isn't considered a very scalable solution. I should also point out that a DC-net actually isn't totally immune to traffic anaylsis over time. If three people get together and want to anonymously answer the question "did one of us pay for the meal we are sharing", then yeah , if it is implemented correctly it is indeed perfect anonymity in that the question can be answered without the possibility of anybody knowing who paid for the meal. But once you get to the point of anonymous communicating pseudonyms in a large network that changes over time, although you cannot tell who sent a bit as a certain pseudonym from a single snapshot of the network, over time intersection attacks are still possible with node churn. So a DC-net is only perfect anonymity to the set size if the set size starts at X members and never loses a single member or gains a single member. Theoretically they can indefinitely be perfectly anonymous to the maximum degree possible (to the entire set size) but in the real world the anonymity they provide doesn't stay perfect for long. I suppose it is almost but not quite like how a one time pad is perfectly secure encryption.....until you send the key encrypted with RSA. Or forget that you only send two messages of different sizes and forget to pad them . DC-net is perfectly anonymous communication, until people leave the network, or new people join the network, or the NSA cuts the internet to your country and waits to see if your pseudonym keeps communicating on the network.