# Superball Example: Anonymous Posting

## Scenario
Alice wants to post a message under her real identity while hiding her location from surveillance.

### Participants
- **Alice**: Original sender (pubkey: `alice123...`)
- **Thrower A**: First hop (pubkey: `thrower_a789...`)
- **Thrower B**: Second hop (pubkey: `thrower_b012...`)
- **Relay1**: `wss://relay1.com` (where Alice posts)
- **Relay2**: `wss://relay2.com` (intermediate relay)
- **Relay3**: `wss://relay3.com` (where final message appears)

## Step-by-Step Flow

### 1. Alice Creates Her Final Message That Will Be Posted
```json
{
  "kind": 1,
  "pubkey": "alice123...",
  "content": "The government is lying about inflation statistics",
  "tags": [],
  "created_at": 1702222200,
  "id": "alice_event_id",
  "sig": "alice_signature"
}
```

### 2. Alice Encrypts Instructions for Thrower B (Final Hop)
Payload for Thrower B (final hop - no `p` field):
```json
{
  "event": { /* Alice's signed event above */ },
  "routing": {
    "relays": ["wss://relay3.com", "wss://relay4.com"],
    "delay": 15,
    "audit": "audit_tag_b_456def",
    "payment": "eCash_ZYX321..." // Optional payment
    // No "p" field - this means final posting
  }
}
```

Creates routing event:
```json
{
  "kind": 22222,
  "pubkey": "ephemeral_key_2",
  "content": "<encrypted_payload_for_thrower_b>",
  "tags": [["p", "thrower_b012..."]],
  "created_at": 1703000100,
  "id": "routing_for_b",
  "sig": "ephemeral_signature_2"
}
```

### 3. Alice Encrypts Instructions for Thrower A (First Hop)
Payload for Thrower A (continuing chain):
```json
{
  "event": { /* routing event for Thrower B above */ },
  "routing": {
    "relays": ["wss://relay2.com"],
    "delay": 45,
    "add_padding_bytes": 200,
    "p": "thrower_b012...", // Next Thrower in chain
    "audit": "1a2b3c4d5e6f7890abcdef1234567890abcdef1234567890abcdef1234567890",
    "payment": "eCash_A1B2C3..." // Optional payment
  }
}
```

Alice posts this to Relay1:
```json
{
  "kind": 22222,
  "pubkey": "ephemeral_key_1",
  "content": "<encrypted_payload_for_thrower_a>",
  "tags": [["p", "thrower_a789..."]],
  "created_at": 1703000200,
  "id": "routing_for_a",
  "sig": "ephemeral_signature_1"
}
```

## Execution Timeline

**T+0**: Alice posts routing event to Relay1
```
Relay1: kind 22222 event (p tag = thrower_a789...)
```

**T+5**: Thrower A processes
- Decrypts payload
- Sees: relay2.com, delay 45s, add_padding_bytes 200, next hop thrower_b012...
- Creates padding-wrapper payload around the inner encrypted event
- Queues for 45-second delay

**T+50**: Thrower A forwards with padding wrapper
```
Relay2: NEW routing event with padding wrapper
{
  "kind": 22222,
  "pubkey": "thrower_a_ephemeral_key", // Fresh key
  "content": "<padding_wrapper_payload>", // Contains inner event + padding
  "tags": [
    ["p", "thrower_b012..."], // Real next hop
    ["p", "1a2b3c4d5e6f7890abcdef1234567890abcdef1234567890abcdef1234567890"] // Audit tag
  ]
}
```

Where the padding_wrapper_payload contains:
```json
{
  "event": { /* The still-encrypted inner event for Thrower B */ },
  "padding": "random_padding_data_200_bytes_worth"
}
```

Alice monitors relay2.com and sees her audit tag `1a2b3c4d5e6f...` appear at T+50, confirming Thrower A is honest.

**T+55**: Thrower B processes
- First decrypt: Gets padding wrapper payload - discards padding
- Second decrypt: Gets Alice's event + routing instructions (relays=[relay3.com, relay4.com], delay 15s)
- NO `p` field - this means final posting, extract and post Alice's event exactly as-is
- Queues for 15-second delay

**T+70**: Thrower B posts Alice's final event (end of chain)
```
Relay3 AND Relay4: Alice's original signed event appears exactly as she created it
{
  "kind": 1,
  "pubkey": "alice123...",
  "content": "The government is lying about inflation statistics",
  "tags": [], // Original tags preserved
  "created_at": 1702222200,
  "id": "alice_event_id",
  "sig": "alice_signature" // Original signature preserved
}
```

Alice's message now appears on both relay3.com and relay4.com for redundancy.

## Privacy and Security Achieved

- **Alice's location**: Completely hidden from surveillance
- **Message origin**: Appears to come from Thrower B's location
- **Traffic analysis**: 65-second delay + size changes prevent correlation
- **Identity preserved**: Alice's real pubkey and signature maintained
- **Plausible deniability**: No proof Alice initiated the posting
- **Malicious node detection**: Audit tags allow Alice to verify proper forwarding
- **Accountability**: Bad Throwers can be identified and avoided

### Audit Trail for Alice
- **T+50**: Audit tag `1a2b3c4d5e6f...` appears on relay2.com (✓ Thrower A honest)
- **T+70**: Final message appears on relay3.com and relay4.com (✓ Thrower B honest)
- **Size verification**: Event sizes match expected padding operations
- **Timing verification**: Delays match requested timeouts

Alice successfully posts controversial content under her identity while protecting her physical location AND maintaining the ability to detect and avoid malicious routing nodes.