Latest in Science

Image credit:

Researchers hide messages in a sea of spam

The system mimics Tor by bouncing messages around servers, but shields metadata with fake 'noise.'
34 Shares
Share
Tweet
Share
Save

Sponsored Links

Researchers are trying quantum cryptography and other exotic ways to keep your missives safe, but here's a new one: junk mail. A team of computer scientists from MIT's CSAIL have devised a system called "Vuvuzela" that adds noise to messages, making them virtually untraceable to the recipient or sender. While it uses nodes like the Tor "dark internet" router, it only requires a few servers and relies more on numerous fake messages to confuse hackers. If scaled up, the technique could give you nearly mathematical certainty that your messages and even metadata are secure.

With the system, messages are never sent directly; instead, users deposit encrypted messages in a "dead drop" server mailbox. The exchange of messages is never initiated by the user -- something that could be detected by hackers -- but instead happens in "rounds" every 10-20 seconds. That increases security dramatically, but bad guys could still access metadata info by, say, knocking one user offline to see if the number of messages decreases. That's where the spam comes in -- each server sends "cover traffic" messages to random mailboxes to hide individual users' activities. The system even works even if many of the servers have been infiltrated, provided some are still "clean."

The scheme would be particularly useful to users worried about NSA-style mass surveillance, like whistleblowers or reporters. (Of course, like many legitimate services, it could also be misused by bad guys.) The drawback is the speed -- since server rounds are performed at set intervals, message speeds are limited to those times. The researchers ran a simulation on Amazon EC2 servers, and with a million simulated users and 15,000 messages per second, system latency was a foot-tapping 44 seconds per message. They plan to scale it up to see if that time can be improved, but we imagine that users who absolutely can't have messages traced back to them are cool with a small delay.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
34 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Sony says the PlayStation 5 won't waste as much energy as the PS4

Sony says the PlayStation 5 won't waste as much energy as the PS4

View
Google vows to never store Assistant recordings without permission

Google vows to never store Assistant recordings without permission

View
24 hours with Huawei’s Mate 30 Pro: Incredible cameras, gloomy future

24 hours with Huawei’s Mate 30 Pro: Incredible cameras, gloomy future

View
YouTube Music counters Spotify with its own 'Discover Mix'

YouTube Music counters Spotify with its own 'Discover Mix'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr