There are lots of ways people try to protect their privacy in the modern world, where techniques like encryption are under fire. While hiding message content can be effective, the ability to collect a mass of metadata can be just as invasive to your privacy if a company, government body or nefarious element were able to gain access to when, where and to whom you communicated with. A team of researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have come up with a system named “Vuvuzela”, after the popular (and annoying) plastic horn, that adds noise to any messages sent, rendering them untraceable.
Vuvuzela relies on a number of nodes to function, similar to Tor router for internet traffic, it relies on fewer nodes and more traffic. A sender deposits an encrypted message in a secure “dead drop” server, which can then be retrieved by its receiver. On top of that, traffic is not controlled by the user sending a message, instead message circulation takes place over 10-20 seconds, so as not to allow attackers to detect and track messages being sent. A user stopping sending or joining a chat may also cause hackers to be able to trace activity based on the number of messages sent. This is where the spam comes into effect. All of the server nodes that are part of Vuvuzela send junk messages to random inboxes at the same time that messages are propagated normally, hiding the activity of normal users. It is even resilient against a server being compromised or knocked offline, as the noise can be enough to obfuscate messages even with only a few nodes remaining. As a result, the only data that Vuvuzela exposes is the amount of nodes engaged in a chat.
It may seem like the holy grail of privacy at this point, but the assurance of data being hidden comes at a price, namely speed. Vuvuzela, while still in early development, is incredibly slow due to the timed sending of messages. In a test run by the researchers at MIT, they simulated 1 million users generating 15,000 messages per second. With this volume of data, the average time for a message to be delivered was 44 seconds, a time that many would consider unacceptable for every day or commercial use. For those in high-risk situations where their communication privacy is paramount, a small delay is not a massive trade-off.
