If I may, let me attempt to assist with a general understanding of TCP/IP. Every packet you transmit and receive is composed of two basic parts, a header and the payload. The header contains the source and destination of the transmission, the payload contains data. You can not hide these things, they are part of the protocol. The payload data can be encrypted to some degree, but the public is generally prohibited from using any quality encryption. Now, if your clever, you can attempt some custom scheme to encrypt your data (i.e. bitshifting, hashing, symmetric and asymmetric, etc.), but I can guarantee there is literally no way to conceal what you are doing online.
I have been curious about Blackphone: https://silentcircle.com
Phil Zimmerman, formerly of PGP fame, is a principal in Blackphone. When PGP transitioned from open source to proprietary, I understand that a "back door" was inserted, so I wonder if it s the same with Blackphone.
Any speculation?
I would hazard an educated guess that as soon as the suspicious packet is noticed, the gears are in motion to track down the author.
For example, some time ago, I created supersecret.net - the purpose was to provide absolute autonomy for one to one or one to many communication. It was beautiful, a centralized server (Solaris 7 hardened to 12 packets, yea, and that's with apache, ssh, sftp). Poking around in a lab, I found a security supplement for Solaris 7, 1024bit DES encryption, which I installed. Ok, so the server hardware was an old X-1, a SPARC architecture. I built the data filesystem in memory, so if power was removed so was the data. Users interaction was two key encrypted, personal password and content password. Basically, a unix shell supporting html for the user to communicate through.
Inside two weeks from activation of the DES encryption, I got a call from my service provider informing me that I was in violation of the law. Inquiring what law I was breaking, I was informed that the encryption was non-exportable. Arguing that my server was on US soil, I was further informed that the location of the users screen is where I am exporting to. Needless to say, I toned the encryption back to 52bits.
Now, I can't say for sure how my packets were identified, because later that year, at a security breakout, a representative from the University of Oklahoma had a real nice presentation of this massive denial of service attack. I was somewhat detached from the presentation (likely from playing Craps most of the night) until he says, "and the whole thing was orchestrated from supersecret.net! (which caught me offguard, because a let a small laugh out) He and others turned in surprise, so I apologized (they assumed I meant for laughing). Anyways, after the session, I introduced myself and further apologized.