David Chaum invented the mix network in 1981, almost two decades before Tor. The construction was elegant: relay messages through a chain of servers ("mixes"), have each server delay and re-order messages before forwarding them, and you produce a system where even a global passive adversary — one who can see every packet on every link — cannot link sender to receiver.
Tor took a different path. It kept the chain of relays but dropped the delays. The result is a usable network you can browse the web on. The trade-off is that Tor is not designed to resist traffic correlation: if an attacker can observe your entry guard and your destination, statistical timing alone is often enough to deanonymize you. Mix networks accept the latency penalty in exchange for actually solving that problem.
What Tor Doesn't Promise
The Tor Project is explicit about this in its own threat model documentation. From the design paper: "Tor does not protect against an attacker who can see both ends of a user's connection." Onion routing was designed for low-latency interactive traffic, and the design choices that make web browsing tolerable — no artificial delays, no chaff traffic, packet sizes that pass through unchanged — are precisely the choices that leave the network vulnerable to end-to-end correlation.
In practice, this matters less for most users than the academic literature suggests. A nation-state with a global view of internet backbones is a powerful adversary, but most Tor users are not being individually targeted by one. For users who are in that threat model — investigative journalists, intelligence sources, dissidents under sophisticated surveillance — the limitation is real and load-bearing.
How a Mix Actually Works
A single mix server does three things to incoming traffic:
- Decryption. Each message arrives wrapped in onion-style nested encryption. The mix peels off its layer with its private key, learning only the next hop, not the original sender or final destination.
- Batching and delaying. The mix holds the message for some interval — fixed, random, or threshold-triggered depending on the design — accumulating other messages alongside it.
- Reordering. When the batch flushes, messages exit in a permuted order, not the order they arrived. The mathematical link between input arrival and output departure is broken.
A chain of these mixes compounds the effect. Even if an attacker watches a single mix, they see a batch of indistinguishable encrypted messages arrive and a batch leave. To trace one message through, they would need to compromise every mix on the path, or break the cryptography, or observe every link in the network with enough fidelity to defeat the batching.
An anonymity set is the group of senders a particular message could plausibly belong to. A larger anonymity set is harder to crack. Mix networks deliberately maximize anonymity sets by batching; Tor's anonymity set per circuit is effectively whoever happens to be using the same entry guard at the same time.
The Latency Tax
Batching is not free. To produce a meaningful anonymity set, the mix must wait until enough other messages have arrived to mix with. Early mix designs used threshold mixes (wait for N messages, then flush), which had a worst case of "your message sits indefinitely until enough others show up." Modern designs like Loopix use Poisson mixing — each message is independently delayed by a random interval drawn from an exponential distribution, with cover traffic generated by clients to keep the network busy enough that real messages have plenty to hide among.
The practical result: mix networks add seconds to minutes of latency. A message sent through Loopix or Nym is not loading a web page in real time. It is closer to email or chat in feel — fine for asynchronous communication, painful for browsing.
Loopix and the Modern Design
Loopix is a 2017 academic design (Piotrowska, Hayes, Elahi, Meiser, Danezis) that became the basis for several deployed systems. Its core innovations were:
- Poisson mixing — each mix delays each message by an independent exponential random variable, so timing analysis cannot exploit threshold flushes.
- Cover loops — clients send dummy messages to themselves through the network at random intervals, ensuring there is always traffic for real messages to mix with.
- Stratified topology — mixes are organized in layers, every message passes through exactly one mix per layer, defeating intersection attacks that could narrow down the sender by watching repeated connections.
The headline result from the Loopix paper: an adversary observing the entire network has a posterior probability of correctly identifying the sender of a given message that is essentially indistinguishable from random guessing within the anonymity set, even after watching for extended periods. That is a far stronger guarantee than Tor provides.
Nym and the Mixnet-as-a-Network
Nym is the most prominent production deployment of a Loopix-style mixnet, launched in 2021. It runs a public network of mixes incentivized through a token (so operators get paid to provide reliable service) and a public layer of clients sending real and cover traffic through them.
The token economics are controversial — they're an attempt to solve the fundamental "who pays for the mixes" problem that has dogged anonymity networks since the beginning. Tor relays are donated bandwidth from volunteers and grant-funded institutions. Mix networks need a denser network of always-on mixes shuffling traffic, which is harder to sustain on donations alone. Nym bets that paid operators are more reliable; critics argue tokens add a financial-surveillance vector that pure anonymity tools should avoid.
Mixnets vs Tor: When Each Wins
| Property | Tor | Mixnet (Loopix-style) |
|---|---|---|
| Latency | ~100ms–1s | Seconds to minutes |
| Interactive web browsing | Yes | No |
| Resists global passive adversary | No | Yes |
| Resists end-to-end correlation | No | Yes (with cover traffic) |
| Bandwidth efficiency | Moderate | Low (cover traffic overhead) |
| Onion services / hidden destinations | Yes (.onion) | Provider-specific |
| Network maturity | 20+ years, well-studied | Newer, smaller |
The right answer is not "one or the other" but "match the tool to the threat." For browsing the web while avoiding ISP-level surveillance and casual deanonymization, Tor is the right tool, and far better than a VPN. For asynchronous communications under threat from a powerful global adversary, a Loopix-style mixnet is the only family of tools that even tries to defend against that threat model.
Why Mixnets Aren't Everywhere Yet
Three reasons mixnets remain niche in 2026:
- The use case is narrow. Most people are not being targeted by a global passive adversary. The threat model that mixnets solve is real but applies to a small fraction of users.
- The UX is unforgiving. A 30-second delay on every message is a hard sell. Few applications are built to feel right at that latency.
- Funding the mixes is hard. Without volunteers or paid operators in sufficient density, the anonymity set shrinks and the guarantees weaken.
Research continues — the cryptography is well-understood, the deployments are improving, and the threat model that mixnets target is unfortunately becoming more relevant rather than less. Hybrid designs that route some traffic through low-latency onion routing and other traffic through high-latency mixing are also being explored.
Anonymity loves company. The strongest guarantee any anonymity system can give you is "you are indistinguishable from N other people doing the same thing." Mixnets make that guarantee provable. Tor makes it practical. The right choice depends on which of those you need more.
Where Haven Fits
Haven uses standard internet routing for its core messaging, not a mixnet — we're optimizing for usability and the threat model of "compelled access to your provider," not for resistance to a global passive adversary. For the latter, the right tools are still Tor for browsing and a dedicated mixnet for asynchronous communications.
What Haven does provide is honest cryptography — end-to-end encryption with forward secrecy, a passphrase that never leaves your device, and an architecture where the server cannot decrypt your messages. That's a different threat model from mixnet anonymity, but it's the one most users actually need.