Haven't had time to read the paper yet - is this an inherent property of the system, or a number that could be reduced by future work?
The latency can be reduced by future work. For example, Section 9 in the paper mentions an idea for reducing the amount of noise (and thus reducing latency) by treating honest users as noise.
Vuvuzela can also be configured with a smaller "privacy budget" to reduce latency.
20-40 seconds is fine if you are releasing NSA secret files and want the chance of metadata discovery to be <0.1% (number made up)
But it's too much to use as a regular form of conversation between average parties who just want to set a precedent that all conversations by default should be un-monitorable.
However what if that number was down to ~5 seconds? Now it's tolerable. But the tradeoff is, what does the chance of detectability go up to? 1%? 5%? 50%?
With the current irc-ish UI the latency would clash with user expectations, but e-mail, message boards and quite a few other forms of communication regularly deal with much higher latencies. I suppose it depends on how you market it.
Tracking IP address ... [30 seconds] ... Failed! Message delivered!
now the problem is, the adversary modelled here is one that can drop a node out of the network and see if any other node message frequency drops.
that's why traffic, noise and latency are strictly correlated. if a conversation suddenly drop you have to make sure that the noise level doesn't drop, and vice versa.
when you start a conversation you need to tune down the noise, to maintain the frequency. thus the more noise you generate the more packet you can send when you need it, but the more the load on the servers.
it's not about hiding the message in the noise (that's tor model) it's about making messages statistically indistinguishable. for that there is no confidence interval, you need to send random noise out, randomly, at a fixed randomized frequency.
now I think they don't actually send a message every round, but do generate noise and messages interlocked so that the frequency remains constant. that frequency must be slower than rounds frequency and you cannot really tune it in the way you're suggesting. There might be probably other way to relax the confidence, but it might have impacts on other clients on the network, even those unrelated to your conversation.
also, under this round model, if a client drop after handshaking and before collecting the message the message for that handshake is lost (no retransmission and no chance to pick it up later)
"The cost of running a Vuvuzela server on AWS at current prices is about $10K/month, dominated by bandwidth usage."
The amount of bandwidth used per month isn't mentioned but when the Snapchat database was leaked I hosted it on a server of mine and snapchatdb.info was pointed at it. Bandwidth over the first three days was just over 27 TB and didn't cost a dime extra (I work for an ISP and my servers are housed in our cages in datacenters but I pay very little for them).
What's 27 TB cost on AWS?
First 1 GB / month $0.00 per GB
Up to 10 TB / month $0.09 per GB
Next 40 TB / month $0.085 per GB
I was hoping to find the rationale in the name on the link, but didn't see anything.
My understanding is that BitMessage achieves its non-content privacy guarantees by sending each message to all clients, and then the latency is the result of the Proof of Work and some other concepts borrowed from BitCoin.
I'd love to hear more about it if you have time.
In particular, I'm interested in the P2P vs Client-Server trade off, is Vuvuzela workable in a fully P2P network, say over WebRTC?
Edit: Should have more explicitly asked -- can anyone who knows more about this chime in? Is it as novel as it seems? Does it look secure?