One attack can work against any sort of network with any sort of pseudonymity. Pretty much the only way to protect from it is for all posters to be anonymous in the true sense, meaning without a name. It simply consists of the attacker (who again, can see the links between all nodes on the network) taking note of all of the nodes who are on the network at a given time that the attacker receives a message from a user. Because messages are time delayed the attacker can not simply say that the sender of the message must be one of the clients currently on the network, but they can guess with high probability that the message was sent from a client they observed sending a message in the past week, or month, and realistically probably the last couple of hours or days. If the attacker is Alice, and she assumes that Bob has his messages delayed for no more than two days, after she gets a message from Bob she can cross out all of the clients she did not see send a message in the previous two days. Now ideally all clients send the same number of messages every day, but realistically clients will not be online every single day of the year. Maybe Carol went on vacation for two weeks and didn't connect her client at all, but Bob kept sending messages during this time period. Alice can find the maximum time delay of Bob's messages by simply seeing how long it takes her to get a response to one of her messages. If she gets a response to a message from Bob in one day, she knows that he did not delay that message for more than one day, and so he must be one of the nodes that sent a message in the previous day. This sort of attack even works against otherwise information theoretically secure systems such as DC-nets. In a network that maintains ideal conditions it can be protected from, but in the real world networks don't maintain ideal conditions. Also, a very powerful attacker can force a network to not maintain ideal conditions, by cutting internet access to certain countries even if need be. Oh Bob still wrote me messages while I had cut internet to Iran? Bob is probably not in Iran after all! The only way to really fully protect from this attack is to not have pseudonyms or other identifying characteristics, including writeprint. This attack only works if you can see at least two different snapshots of the network, associated with at least two actions of a target. If the target cannot have a second action identified, the attack cannot work. Other techniques could involve the use of covert channel networks to hide from Alice the fact that Bob's IP is in communication with an anonymity network, even if Alice can monitor the entire traffic of the entire internet. Note that once again the weakness is a result of variety, namely the clients that were online changed from action one to action two, and this led to an attack on anonymity. Invariety between actions, ie: the network has the same exact clients using it when both messages were sent, would protect from this attack. Thankfully in practice this attack can be made to take a long time to carry out. Provided there is a network with a substantial number of users, and that it bootstraps itself into its initial anonymous state. But it depends on the up time of the clients using the network. Ideally clients would start sending dummy traffic to the network, but not posting on it, for a period of several days to a month before actually using the network to send messages. This allows them to blend in with other new clients who join in the same time frame, and other people who may already be using the network but decide to make new identities. Maybe there will be a hundred or so people in your anonymity set from this attack. It could take quite a while for them to go offline long enough for you to be identified as not them. But slowly over time it is likely that your initial anonymity set will be chipped away, and in the end it will be only you left in it. Even anonymity systems that are proven as being as anonymous as any system can possibly be are weak to this attack if pseudonyms are used.