A wireless ad hoc network is formed by a set of mobile hosts that communicate over wireless medium such as radio. Due to ease of deployment, it has many mission-critical applications in military as well as in civilian environments. Those applications usually have strong requirements for data confidentiality and privacy. In this chapter, we address one of the most challenging confidentiality and privacy issue with wireless ad hoc networks: anonymity of communication. Communication anonymity entails the hiding of information that two hosts communicate with each other. In general, there are three ways of achieving this goal, i.e., hiding the source, hiding the destination, or hiding the source-destination combination of a communication . In wireless ad hoc networks, all communications over a network are vulnerable to eavesdropping. A connection between two hosts can be exposed by the source and destination fields in the headers of data packets sent over the connection. As a solution, the two hosts can set up an anonymous connection between each other and encrypt each data packet in such a way that the two hosts never appear in the source and the destination fields of the packet header simultaneously . However, this solution requires that all data packets of a connection follow the same and predetermined routing path for delivery, while in a wireless ad hoc network, there is no guarantee of a fixed routing path between any two hosts, due to node mobility and changing topology. To overcome this problem, a set of anonymous routing protocols were proposed recently in the literature [7, 3, 14]. ANODR  is an anonymous on-demand routing protocol for wireless ad hoc network. It has two functions. First, it discovers a route between two hosts on demand and sets up an anonymous connection. Second, when the route is broken, it repairs the route or discovers a new route and maintains the connection. On a multi-hop route, each hop is assigned a unique route pseudonym and each intermediate node stores the mapping between the route pseudonyms of its previous hop and its next hop in a forwarding table. When a data packet is sent, both its source and destination addresses are masked, and it is forwarded based on the route pseudonym it carries. In the beginning, it carries the route pseudonym of the first hop on its route. The source host then broadcasts the packet within its transmission range. After receiving the packet, the first node will look up its forwarding table, modify the packet to carry the route pseudonym of the next hop, and broadcast the packet. So after each transmission, the packet will carry a different route pseudonym. In addition, each intermediate node also changes the appearance of the packet (i.e., bit pattern) and uses mixing techniques  such as random delay to thwart all tracing attempts. From the above description, we see that ANODR utilizes the link-layer broadcast and link layer encryption mechanism during data forwarding process. In order to improve reliability of link layer broadcast, it uses a simple anonymous acknowledgment protocol. In the protocol, upon receipt of a data packet, the receiver node should locally broadcast an anonymous ACK packet. Obviously, there exists a timing link between a data packet and its triggered ACK packet, which can be utilized by an eavesdropper to deduce the intended receiver of a data packet. ANODR assumes that an eavesdropper can only learn the transmitting node of a packet from its MAC address and sets it to all-1's. Unfortunately, this is not a sound assumption. There are technologies for locating a transmitting node based on physical layer characteristics such as signal strength [1, 13]. In addition, the adversary can deploy many near-invisible sensors (e.g., camera) to locate and track all node movements in a particular area. In this situation, ANODR cannot meet its reliability requirements without compromising anonymity. In this chapter, we propose a MAC protocol to address the needs for anonymity and reliability with respect to link-layer broadcasts simultaneously. Our protocol is resistant against powerful eavesdroppers we described above, who can reveal the senders of all transmissions. In our protocol, each node broadcasts a batch of data packets, instead of one data packet, at a time. The packets in the batch may be addressed to different receivers. It is possible that some packets are lost due to collisions or interferences. In order to deliver as many packets as possible, the sender needs to query every receiver about their receiving status and decide which packets need to be retransmitted. This is achieved by a polling scheme. The sender selects a subset of neighbors and sends POLL messages to each of them individually. Each node being polled should send a REPLY message back. All messages are encrypted, which contain information such as the sequence numbers of received packets. The polling list is constructed independently from the list of receivers to which data packets have been sent. So the adversary cannot build strong links between the two lists. The rest of the chapter is organized as follows. In Sect. 2, we describe the details of the protocol design. In Sect. 3, we present a security analysis of the protocol. In Sect. 4, we show the performance evaluation results of the protocol obtained from ns-2  simulations. Sect. 5 is a summary of the chapter.