Vuvuzela: An untraceable messaging system aimed at thwarting powerful adversaries
A group of scientists from the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) believe they have created an effective and scalable text-messaging system that can guarantee user anonymity.
It’s called “Vuvuzela” and, like the infamous “instrument” (horn) it got its name from, it’s meant to achieve this by drowning out the traffic made by users with bogus traffic, i.e. hiding metadata from adversaries. It also hides the messages’ content by encrypting it.
“Vuvuzela aims to provide point-to-point messaging between users in a way that is private in the face of a strong adversary, who can observe and tamper with the entire network and all but one of Vuvuzela’s servers,” the scientists explained. “That is, an adversary should not be able to distinguish between a scenario where two particular users are communicating, and a scenario where they are not, even after interfering with the system.”
When compared to other similar systems like Dissent (offers privacy, but it’s not very scalable) and Tor (is scalable, but assumes that no single bad guy controls a large number of nodes in their system – an assumption that can no longer be counted on in this era of pervasive network monitoring), the scientists believe that Vuvuzela comes out ahead.
“Vuvuzela’s key insight is to minimize the number of variables observable by an attacker, and to use differential privacy techniques to add noise to all observable variables in a way that provably hides information about which users are communicating,” they noted.
“Vuvuzela’s privacy guarantees are expressed in terms of di erential privacy, which can be thought of as ‘plausible deniability.’ Each time a user sends a message in Vuvuzela, an adversary may be able to infer a small amount of statistical information—e.g., based on what the adversary observed, it seems a bit more likely that Alice and Bob were talking. However, Vuvuzela ensures that even the total information, over many messages exchanged by a user, still provides a strong level of differential privacy.”
More details about how the system works can be found in this presentation, this paper, and on the project’s GitHub page.
In tests, the scientists discovered that the system can support 1 million users, with an end-to-end latency of 37 seconds, achieving a throughput of 68,000 messages per second. “Scaling up to 2 million users increases the latency from 37 to 55 seconds,” they noted, which is still not that bad if you want guaranteed anonymity.