ivpn / desktop-app

Official IVPN Desktop app
https://www.ivpn.net/apps/
GNU General Public License v3.0
373 stars 50 forks source link

Anti-Traffic Analysis measure like Mullvad #375

Open TimmyBoi155 opened 6 months ago

TimmyBoi155 commented 6 months ago

https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita

"With the sophisticated AI of today, traffic analysis can potentially be used for mass surveillance. The extent to which traffic analysis is used today is difficult to ascertain. But the ambition is there. In 2021, Vice reported that the FBI purchased netflow data from a data broker claiming to cover over 90 percent of the world’s internet traffic."


How we combat traffic analysis: this is how DAITA works.

DAITA has been developed together with Computer Science at Karlstad University and uses three types of cover traffic to resist traffic analysis.

  1. Constant Packet Sizes

The size of network packets can be particularly revealing, especially small packets, so DAITA makes all packets sent over the VPN the same constant size.

  1. Random Background Traffic

By unpredictably interspersing dummy packets into the traffic, DAITA masks the routine signals to and from your device. This makes it harder for observers to distinguish between meaningful activity and background noise.

  1. Data Pattern Distortion

When visiting websites (or doing any other activity that causes significant traffic), DAITA modifies the traffic pattern by unpredictably sending cover traffic in both directions between client and VPN server. This distorts the recognizable pattern of a website visit, resisting accurate identification of the site.


Will IVPN plan on doing something similar?

stenya commented 6 months ago

Currently, IVPN apps support obfuscation options that can be used as part of a defense strategy against AI-guided traffic analysis:

TimmyBoi155 commented 6 months ago

@stenya if IVPN wants to look at doing some advanced anti-traffic analysis like mullvad, here is the following info for it:

DAITA is built using the open-source Maybenot defense framework, which Mullvad helps to fund development of. The work has been academically peer reviewed and published as open access.

https://dl.acm.org/doi/pdf/10.1145/3603216.3624953

Quote from PDF: "The Maybenot Framework and Simulator are available at https://crates.io/crates/maybenot and https://crates.io/crates/maybenot-simulator. They are both dual-licensed under either the MIT or Apache 2.0 licenses. Our implementations of FRONT and RegulaTor are available on GitHub under the BSD-3-Clause license at https://github.com/ewitwer/maybenot-defenses."

gyrusdentatus commented 5 months ago

@TimmyBoi155 what you are describing sounds like something where you'd want a mixnet architecture instead of a VPN. Looks like an interesting paper though, thanks for sharing !

It all depends on your security profile and use case. I do not want to be watching YouTube over Tor or mixnet. If you do not want to be fingerprinted AT ALL, just don't use internet at all. Otherwise the existing solutions are pretty painful to use as a daily-driver...

Does not mean I do not agree with you that we have to do something about it either way !!!