Open TimmyBoi155 opened 6 months ago
Currently, IVPN apps support obfuscation options that can be used as part of a defense strategy against AI-guided traffic analysis:
@stenya if IVPN wants to look at doing some advanced anti-traffic analysis like mullvad, here is the following info for it:
DAITA is built using the open-source Maybenot defense framework, which Mullvad helps to fund development of. The work has been academically peer reviewed and published as open access.
https://dl.acm.org/doi/pdf/10.1145/3603216.3624953
Quote from PDF: "The Maybenot Framework and Simulator are available at https://crates.io/crates/maybenot and https://crates.io/crates/maybenot-simulator. They are both dual-licensed under either the MIT or Apache 2.0 licenses. Our implementations of FRONT and RegulaTor are available on GitHub under the BSD-3-Clause license at https://github.com/ewitwer/maybenot-defenses."
@TimmyBoi155 what you are describing sounds like something where you'd want a mixnet architecture instead of a VPN. Looks like an interesting paper though, thanks for sharing !
It all depends on your security profile and use case. I do not want to be watching YouTube over Tor or mixnet. If you do not want to be fingerprinted AT ALL, just don't use internet at all. Otherwise the existing solutions are pretty painful to use as a daily-driver...
Does not mean I do not agree with you that we have to do something about it either way !!!
https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita
"With the sophisticated AI of today, traffic analysis can potentially be used for mass surveillance. The extent to which traffic analysis is used today is difficult to ascertain. But the ambition is there. In 2021, Vice reported that the FBI purchased netflow data from a data broker claiming to cover over 90 percent of the world’s internet traffic."
How we combat traffic analysis: this is how DAITA works.
DAITA has been developed together with Computer Science at Karlstad University and uses three types of cover traffic to resist traffic analysis.
The size of network packets can be particularly revealing, especially small packets, so DAITA makes all packets sent over the VPN the same constant size.
By unpredictably interspersing dummy packets into the traffic, DAITA masks the routine signals to and from your device. This makes it harder for observers to distinguish between meaningful activity and background noise.
When visiting websites (or doing any other activity that causes significant traffic), DAITA modifies the traffic pattern by unpredictably sending cover traffic in both directions between client and VPN server. This distorts the recognizable pattern of a website visit, resisting accurate identification of the site.
Will IVPN plan on doing something similar?