Purpose -The purpose of this paper is to model and study the effectiveness of an attack on the anonymity of Internet users by a group of collaborating eavesdroppers. Design/methodology/approach -The paper is based on an analysis of the Internet topology. The study is based on two methods for choosing nodes that contribute the most to the detection of as many communicating Internet users as possible. Findings -The paper illustrates that it is possible to compromise the anonymity of many Internet users when eavesdropping on a relatively small number of nodes, even when the most central ones are protected from eavesdropping. Research limitations/implications -It is assumed that the Internet users under attack are not using any anonymity enhancing technologies, but nodes can be protected from eavesdropping. It proposes a measure of the success of an attack on Internet users' anonymity, for a given deployment of collaborating eavesdroppers in the Internet. Practical implications -The paper shows that several, and not necessarily the most prominent, collaborating nodes can compromise the anonymity of a considerable portion of Internet users. This study also emphasizes that when trying to completely compromise the anonymity of Internet users, an eavesdroppers' deployment strategy that considers eavesdroppers' collaboration can result in substantial resource saving compared to choosing a set of the most prominent nodes. Originality/value -The paper proposes a new measure of anonymity level in the network, based on the linkability of the Internet users. This paper is the first to present results of a non-trivial Group Betweenness optimization strategy in large complex networks.