Freenet isn't a bad choice. Tor is a featherweight boxer, quick but easily knocked out by a heavyweight attacker. Freenet is kind of a medium weight boxer. Mix networks are the heavyweights, slow but powerful. But it is likely if the NSA can pwn Tor they can pwn Freenet as well. It is a bit harder to pwn Freenet, but an attacker who can watch most links on the internet + who owns a decent number of Freenet nodes can break Freenet. We are assuming that the NSA can watch most links on the internet, it isn't going to be hard for them to own a decent number of Freenet nodes as well. In the case of Tor the attacker doesn't need to own a single Tor node if they can watch the majority of links on the internet. So the cost to attack Freenet in a major way is more than the cost to attack Tor in a major way, but it might in this case be the difference between someone in the Forbes top 100 buying a ten million dollar house or a twenty million dollar house. This is not a realistic goal to have if you want strong anonymity. The only systems that allow for strong bidirectional anonymity and low latency require so much bandwidth that they only exist on paper. Strong unidirectional anonymity is in the realm of possibility, but even that doesn't scale so well in most cases. BitMessage is a good example, since everybody gets every message it has ideal receive anonymity, and it isn't very high latency either since messages are only slightly delayed at each node. But it wont scale very large and has a host of other problems with it. It is not impractical for many applications. For E-mail is certainly is not impractical there have been deployed mix networks for E-mail that removed all message variance. I think in many cases it is not impractical at all. For uploading and downloading high definition movies it isn't really practical, but for posts on a forum? For small and simple websites? For E-mail? For sharing small files like .pdf? For a blog? The general rule of thumb is that uniformity is always good, and randomness is good sometimes but much less often. This can be seen in timing attacks against cryptographic systems as well. Random variance can often be filtered, invariance can never be filtered. In the case of layered encryption, randomization is secure. When it comes to inserting random jitter at each hop, I think it would either be insecure (in that even if it makes attacks harder, they would be realistic to carry out), or require such a massive range of time delays that it would actually be many orders of magnitude faster to just use a mix network and remove variance. I am sure some of the literature on anonymity discusses the idea of adding random jitter in depth, but I cannot off the top of my head think of a paper for you. The following paper on flow watermarking has demonstrated that attackers can filter substantial amounts of jitter in low latency networks though: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.123.3789&rep=rep1&type=pdf  Actually they did an analysis on a rather sophisticated low latency system that utilized mixing, artificial jitter, dummy packets, etc, and were still able to insert readable interpacket fingerprints. So I think we will not have luck with this approach, and rather must take care to make messages totally uniform between hops (which means obtaining all packets before sending them forward to the next mix, to remove any interpacket timing fingerprint. which means significant time delay). Mix networks are actually much better protected from attackers who own a lot of nodes. This is because a single good mix on a messages path buys it significant anonymity, and there is no hard limit to the number of mixes on a path. This is in contrast to systems like Tor, where adding more nodes to a circuit doesn't help from some of the most dangerous and easy to carry out attacks. If you have three nodes or fifty nodes it doesn't matter if packet streams can be linked regardless of their location on the circuit. The attacker who owns the entry and exit can still link clients to destinations. In the case of a mix network, the attacker can own 49 of the mixes on your messages path and still not be able to deanonymize you if your message went over a single good mix at any point in time.