It's worrying to think about spies or hackers reading the content of your texts and emails, but we sometimes forget about another sort of snooping that can be just as invasive: access to metadata — when you sent a message, who to, and where from. Obtaining this information is usually much less hassle for spy agencies than looking inside messages, but it still reveals a lot about individuals' lives. As a former general counsel of the NSA put it: "If you have enough metadata you don’t really need content." With this in mind, a group of researchers from MIT have created a new messaging system specifically designed to mask metadata, using misdirection and deluge of false messages that "[guarantee] metadata privacy."
The software uses a number of mechanisms to achieve this. Firstly, it operates a dead-drop system, storing messages on a server rather than sending them directly to their recipients. Secondly, these messages are released only in delayed rounds and not when each user requests them. (The delay varies, but is measured in the "tens of seconds.") Thirdly, and most importantly, the system generates a ton of dummy messages. Even when users are not talking to one another, false messages are being sent on their behalf, making it difficult to track the real metadata among all the noise. It's this last technique that gave the system its name, Vuvuzela — in honor of the blaring plastic horns that were so popular during the 2010 FIFA World Cup.
Vuvzela is all about hiding metadata — but it encrypts messages too
With all these mechanisms working, the researcher behind the project say that the only variables Vuvuzela reveals are "the total number of users engaged in a conversation, and the total number of users not engaged in one." And even then, it doesn't reveal which group the user is part of. All of this is intended to obscure the metadata only, but the servers themselves also encrypt the message content the same as any other encrypted chat system.
The main drawback of Vuvuzela (which is still under development) is that it's inefficient — users would have to get used to delays between messages. However, these gaps wouldn't be too annoying. In order to scope out the system's limits, the researchers behind the project (led by PhD student David Lazar), tested Vuvuzela on hired servers, simulating 1 million users generating 15,000 messages per second. Even with this volume of data, the message latency was only around 44 seconds. And while this would be too annoying for the system in its current state to find commercial uses, that might just be an acceptable delay for the privacy-conscious.