Vuvuzela anonymity system designed to conceal user metadata

By January 19, 2016
Vuvuzela protège nos métadonnées

Researchers at MIT have developed a messaging anonymity system, dubbed Vuvuzela, which can apparently conceal senders’ and recipients’ metadata in a mass of ‘noise’. This approach might well represent the future of anonymity tools.

Engineers at the Computer Science and Artificial Intelligence Laboratory (CSAIL), the largest research laboratory at the Massachusetts Institute of Technology (MIT), claim to have found a way to prevent text messages sent through an online network being traced back to the sender and recipient by third parties by obfuscating the metadata that would enable infiltrators to identify the two principals. The anonymity system they have developed, Vuvuzela, is named after the stadium horn popularised by South African football fans as it is designed to drown out personal sender-recipient information in a flood of ‘noise’.

How the new CSAIL approach works is that messages exchanged using the Vuvuzela anonymity network, which sits on top of the public Internet, are not transferred directly from sender to receiver but first stored on three different servers. Each message is wrapped in three layers of encryption. The system randomly changes the order in which messages are relayed from server to server, some seconds apart. The system also generates a large number of dummy messages even when users are not messaging each other, thus adding extra noise around the process. This, claim the MIT experts, makes it almost impossible to identify the critical metadata from a sizeable flow of unconnected messages.


Le protocole de conversation de Vuvuzela

Vuvuzela’s conversation protocol

This initiative appears to be a timely one, given that cybersecurity has become a major issue for both state authorities and commercial companies and that we have recently heard reports of potential  weaknesses in the much-praised anonymity network Tor, which is designed to hide users’ Internet activity, including website visits and online communication, from prying eyes. At any rate, Vuvuzela’s approach – not based on encrypting content but scrambling clues as to when, by whom and to whom an online message is sent – certainly looks to be a promising avenue for maintaining confidentiality and protecting identity.

Legal mentions © L’Atelier BNP Paribas