SummaryIn many traditional mobile network scenarios, nodes establish communication on the basis of (public) identities. However, in some hostile and suspicious MANET settings, node identities must not be exposed and node movements must not be traceable. Instead, nodes need to communicate on the basis of their current locations. In this work, we address some interesting issues arising in such MANETs by designing an anonymous routing framework (ALARM). It uses nodes' current locations to construct a secure MANET "map". Based on the current map, each node can decide which other nodes it wants to communicate with. ALARM takes advantage of some advanced cryptographic primitives to achieve node authentication, data integrity, anonymity and untraceability (tracking-resistance). It also offers resistance to insider (including Sybil) attacks.