Saw that Monero is partnering with I2P:
https://geti2p.net/en/blog/post/2014/05/25/Monero-partnershipEither the Monero developers don't intend to provide anonymity against the NSA or don't understand that (especially low-latency) Chaum mix-nets are not immune to timing analysis by a global adversary such as the NSA, GCHQ, and other national security agencies:
https://geti2p.net/en/comparison/torThe I2P/Tor outproxy functionality does have a few substantial weaknesses against certain attackers - once the communication leaves the mixnet, global passive adversaries can more easily mount traffic analysis. In addition, the outproxies have access to the cleartext of the data transferred in both directions, and outproxies are prone to abuse,
Here are more citations:
https://tails.boum.org/doc/about/warning/index.en.html#index4h1Confirmation attacks
The Tor design doesn't try to protect against an attacker who can see or measure both traffic going into the Tor network and also traffic coming out of the Tor network. That's because if you can see both flows, some simple statistics let you decide whether they match up.
That could also be the case if your ISP (or your local network administrator) and the ISP of the destination server (or the destination server itself) cooperate to attack you.
Tor tries to protect against traffic analysis, where an attacker tries to learn whom to investigate, but Tor can't protect against traffic confirmation (also known as end-to-end correlation), where an attacker tries to confirm an hypothesis by monitoring the right locations in the network and then doing the math.
Quoted from Tor Project:
"One cell is enough to break Tor's anonymity".
Note the NSA is sharing data with relevant authorities in each country in the G20 to help them hunt down the wealth:
Good to see the I2P developers updated their website about timing analysis after I gave them the heads up (about such vulnerability of low-latency mix-nets) nearly a year ago quoted as follows.