
Vuvuzela – Private messaging system that hides metadata - speps
https://github.com/davidlazar/vuvuzela
======
willvarfar
The added noise reminds me of WASTE, which was infamously created by Justin
Frankel at Nullsoft to protest the post-acquisition atmosphere at AOL...

[https://en.wikipedia.org/wiki/WASTE](https://en.wikipedia.org/wiki/WASTE)

[https://web.archive.org/web/20100317095429/http://www.rollin...](https://web.archive.org/web/20100317095429/http://www.rollingstone.com/news/story/5938320/the_worlds_most_dangerous_geek)

~~~
abcd_f
IIRC release of WASTE was closely tied to the vesting of his AOL options and
his departure from AOL that followed. So it was more of a farewell finger
really than a "protest".

------
mintplant
> In practice, the message latency would be around 20s to 40s, depending on
> security parameters and the number of users connected to the system.

Haven't had time to read the paper yet - is this an inherent property of the
system, or a number that could be reduced by future work?

~~~
LoSboccacc
seems inherent - servers operate in rounds and each round carries legit
traffic plus enough noise to allow traffic metadata to drown in nothingness
and forward it to a whole server chain to avoid an adversary to control all
the servers, so as you scale servers need more time to forward and mixin
traffic

~~~
deanCommie
Could someone much smarter than me do some napkin math and figure out roughly
what kind of tradeoff in security you make by limiting the noise?

20-40 seconds is fine if you are releasing NSA secret files and want the
chance of metadata discovery to be <0.1% (number made up)

But it's too much to use as a regular form of conversation between average
parties who just want to set a precedent that all conversations by default
should be un-monitorable.

However what if that number was down to ~5 seconds? Now it's tolerable. But
the tradeoff is, what does the chance of detectability go up to? 1%? 5%? 50%?

~~~
creshal
> 20-40 seconds is […] too much to use as a regular form of conversation
> between average parties

With the current irc-ish UI the latency would clash with user expectations,
but e-mail, message boards and quite a few other forms of communication
regularly deal with much higher latencies. I suppose it depends on how you
market it.

~~~
mc808
I'll create a GUI interface using Visual Basic that prints

    
    
        Tracking IP address ... [30 seconds] ... Failed! Message delivered!

------
Perceptes
I'm very happy to see work going into this topic. Hiding metadata is the major
part of private communication that's not accounted for by any major chat
system. I've recently started studying the matrix.org specification, which
seems like the best bet for a next generation chat system, but it doesn't
account for metadata privacy. It'd be very difficult to hide metadata while
also offering many of the other features of a modern chat system that make it
useful and convenient for people (e.g. message history that a new client can
sync with later).

------
fulafel
Here's a summary and commentary of the paper from Adrian Colyer's
'important/interesting CS papers' review blog:
[http://blog.acolyer.org/2015/10/23/vuvuzela-scalable-
private...](http://blog.acolyer.org/2015/10/23/vuvuzela-scalable-private-
messaging-resistant-to-traffic-analysis/)

"The cost of running a Vuvuzela server on AWS at current prices is about
$10K/month, dominated by bandwidth usage."

~~~
jlgaddis
Or probably about $50 for a VPS...

The amount of bandwidth used per month isn't mentioned but when the Snapchat
database was leaked I hosted it on a server of mine and _snapchatdb.info_ was
pointed at it. Bandwidth over the first three days was just over 27 TB and
didn't cost a dime extra (I work for an ISP and my servers are housed in our
cages in datacenters but I pay _very_ little for them).

What's 27 TB cost on AWS?

~~~
sschueller

      First 1 GB / month	$0.00 per GB
      Up to 10 TB / month	$0.09 per GB
      Next 40 TB / month	$0.085 per GB
    

So around USD 2,345.-

------
Legogris
Another approach at a more general messaging system that can be used to
similar ends is Whisper, by the same community that makes Ethereum:
[https://www.youtube.com/watch?v=BrWlAtfqF6s](https://www.youtube.com/watch?v=BrWlAtfqF6s)

------
gionn
you win just for the project name.

~~~
maaarghk
I thought the example conversation was quite cute also :p

~~~
StavrosK
It's an actual conversation from Citizenfour.

~~~
maaarghk
Citizenfour is still on my "to-watch" list at the minute, but yeah, I had
figured it was an excerpt of an actual conversation.

------
TazeTSchnitzel
One if the problems with Tor is that adding noise has too much of a latency
and bandwidth cost, thus it doesn't. But an IM client has much less
restrictive latency and bandwidth costs, so it makes sense that it adds it.

------
chirau
Out of curiosity, why did you call it Vuvuzela? I'm from Southern Africa btw

~~~
nevi-me
Perhaps because it generates a lot of noise (latency, active users) in the
process, like the vuvuzela does :)

I was hoping to find the rationale in the name on the link, but didn't see
anything.

------
lez
for the record: bitmessage also has this kind of metadata & data privacy

~~~
OR13
BitMessage has greater latency (~2 Mins?) but is fully P2P, given the cost
estimates for a server upthread, I wonder if bandwidth concerns are the
reasons for a client server architecture over P2P...

My understanding is that BitMessage achieves its non-content privacy
guarantees by sending each message to all clients, and then the latency is the
result of the Proof of Work and some other concepts borrowed from BitCoin.

I'd love to hear more about it if you have time.

In particular, I'm interested in the P2P vs Client-Server trade off, is
Vuvuzela workable in a fully P2P network, say over WebRTC?

------
irremediable
This is cool! Need to read the paper, and I'm not that knowledgeable anyway,
but it seems to be offering something genuinely new.

Edit: Should have more explicitly asked -- can anyone who knows more about
this chime in? Is it as novel as it seems? Does it look secure?

~~~
anonymousDan
It was published at one of the top systems conferences (SOSP), so I would
presume it's at least somewhat novel. Link to full paper here:
[http://sigops.org/sosp/sosp15/current/2015-Monterey/printabl...](http://sigops.org/sosp/sosp15/current/2015-Monterey/printable/136-hooff.pdf)

