Can Anonymity on the Internet Really Happen? MIT Says Yes.

Privacy is something that many people think they want and have on the internet. Of course, most of us actually know that Privacy is not something that really exists in the broader internet. Unless you control all points in the traffic stream, someone can read your communication. Even proxy services like TOR are no guarantee of privacy or anonymity. Proxy services are vulnerable to a multitude of packet and flow monitoring that allow for some fairly easy unmasking techniques.

According to MIT this is the problem with most, if not all, proxy services in existence. They direct your traffic to a single entry point and then start a (supposedly) random path to your target. Even then your traffic has to exit a node and connect, unsecured, to the target service or web server. Even using a VPN to connect in is not going to offer much more protection. For messaging things can be even more unsecure (regardless of encryption). As most communication goes through a broker before beginning the session someone can listen in or capture the conversation fairly easily. On the encryption side the right National Security Letter gets the keys to the kingdom and all of your secrets are laid bare.

So how do you have a private text message? How about a good old fashioned dead drop? MIT associate professor, Nickolai Zeldovich seems to think that combined with random “noise” is a nice method. The new system is named Vuvuzela, you know the name. These are the noise makers that get so much press during the World Cup. How does this work? If you are familiar with the dead drop then you know that this is simply putting a message in a location for someone else to retrieve. If you rotate the locations and times you can make it almost impossible for someone to figure out that anything is being communicated. Normal traffic patterns along the same areas will make identifying someone dropping or picking up a message, while rotating the drop locals helps to prevent observation of the actual drop or notification.

Vuvuzela works in a similar manner. Making use of at least three servers it received messages from users in multiple layers of encryption. When a message is received by one server it strips one layer of encryption off and forwards it on to the next server. At the same time it sends out a dummy message (complete) with encryption to the next server. When server two gets the message it does the same thing before putting the message in the final location for retrieval.  There are limitations to the system as designed right now, but it offers a glimpse into a potentially powerful form of privacy/anonymity.

The systems is all in the theoretical stage right now and is nowhere near ready for use (although you can get a version online, but the hope is that this will one day lead to systems that help lead to greater privacy and security when it comes to personal communication and data transmission. It is not 100% fool proof (nothing really is), but it is a step in the right direction.

No comments

Leave your comment

In reply to Some User