I know I'm late to this particular party, but after catching up with the thread I'll add a few nuggets since I'm actually quite familiar with mesh networking and the security implications, on a theoretical as well as practical level. (Footnote: discrete mathematics is not my favourite pastime, which is why I've largely moved on in my career.)
First, the information theoretical consequences:
- The network, as a gestalt system, HAS to know where the destination of a transmission is (and this is true regardless of whether you're using packet technologies or not) because if it doesn't, it can't send the data where it has to be. Period. No known destination? No comms. Just a frownyface on your commlink's display. Bear in mind that if you have a small network of gear which talks to nothing else, this only applies within your mini-mesh.
- The proximal mesh node(s) to your device's location HAVE to know that you're there, otherwise they can't talk to you which means other nodes can't talk to you, which means nobody can talk to you. So anyone who has access to the information state of the mesh nodes proximal to you has a pretty good idea of where you are, within the limits of triangulation. (Corollary: If you're working through satellite only, and ignoring all other mesh nodes, your latency might be high but the satellite is not very helpful in pinpointing your location.)
- Distant (in networking terms) nodes which can reach your device don't know necessarily where you are (in fact it's demonstrably inefficient, in information theoretical terms, to the point of mathematical infeasibility as the network grows because of power law relationships between network size and communication overheads, compared to net communication capacity) but do know, or must be able to rapidly find out where to point to reach you; in other words, they have to be able to route to you.
These facts have some consequences. For instance, someone doesn't necessarily have to be able to reach your proximal networking environment. With an adequate (statistically speaking) insight into the behaviour and characteristics of backbone nodes they can (rapidly) infer your current networking context and establish which your proximal routing nodes are most likely to be. If they're determined, in Shadowrun terms, to get to you, a hacker/decker (version dependent) strike team can even try to get closer.
So what about proxies, as opposed to clear routing? Sure, a proxy can send encapsulated data to a range of its clients, and assuming functional encryption (excuse me while I point at the Shadowrun canon and laugh until I wet myself) one could possibly infer a range of possible destinations, but the more popular a proxy (assuming the proxy is, in security terms, honest and inviolate) the harder this process of inference becomes. If the proxy is compromised, it's no better than a regular routing node and possibly worse for the privacy of those with something to hide.
What about address hopping? Well, it turns out that if you're strictly a client node (i.e. establishing outbound data connections) that's fine. You can even use session persistence techniques (which are pretty much ubiquitous in synchronous, unstable network contexts anyway) to have your connection survive link drops and recreation. The downside is that your server side (which can be both ends, in peer to peer arrangements) needs a known address. Can you square this circle? Yes, you can, by privately arranging and communicating your next address before an address hop. Is this perfect? No, because someone who is close enough in networking terms to observe the traffic (such as someone controlling the building mesh nodes through which you're communicating, i.e. your target's spiders) can also observe the changing addresses and infer directly which continuing network connections are which.
The bottom line: if you don't want mesh networking to give away your location (and by cross-checking data, your identity) you need either:
- Rock solid, inviolate, utterly trustworthy encryption combined with a rock solid, inviolate, utterly trustworthy proxy of such popularity that the mere presence of its data is not an indicator of nefarious activity by itself.
- Communications working through proximal nodes of such a nature that the signal will not be observed by alternatives (think tight beam, laser, and so on), and where the proximal nodes do not usefully give location data through their activities (such as satellites).
- Rigidly enforce network isolation, combined with total out of band silence (such as an optic fibre between smart goggles and a smartlinked gun).
- Rigidly enforced comms silence.
Of course, some of these options are suspicious of themselves - if you're supposed to have a networking identity and there isn't one, or there are strange discontinuities, those are exactly the sort of things which would flag an event.
There are some ways of avoiding certain kinds of trouble. Example:
- Shadowrunning team arrives at rendezvous point, in the clear, with networking IDs which are not suspicious.
- Shadowrunning team leaves commlinks in place in circumstances which aren't suspicious - perhaps in an autopiloted van which cruises the highways while they get nefarious.
- Shadowrunning team gets into their action gear, including their combat-ready electronics.
- Shadowrunning team engages in ten minutes of sneaking, thirty seconds of mayhem then decamps.
- Shadowrunning team goes through total radio silence including a shutdown and readdressing of all their (assumed compromised) work-related networked gear.
- Shadowrunning team picks up their street electronics and rides off into the barrens.