Skip to main content

Introducing Defense against AI-guided Traffic Analysis (DAITA)

News Features Privacy 

Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.

Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.

When you connect to the internet through a VPN (or the Tor Network) your IP address is masked, and your traffic is encrypted and hidden from your internet service provider. If you also use a privacy-focused web browser, you make it harder for adversaries to monitor your activity through other tracking technologies such as third-party cookies, pixels or browser fingerprints. 

But still, the mass surveillance of today is more sophisticated than ever, and a growing threat against privacy is the analysis of patterns in encrypted communication through advanced traffic analysis.

This is how AI can be used to analyze your traffic – even if it’s encrypted.

When you visit a website, there is an exchange of packets: your device will send network packets to the site you're visiting and the site will send packets back to you. This is a part of the very backbone of the internet. The fact that packets are being sent, the size of the packets, and how often they are sent will still be visible for your ISP, even if you are using a VPN (or the Tor network). 

Since every website generates a pattern of network packets being sent back and forth based on the composition of its elements (like images and text blocks), it’s possible to use AI to connect traffic patterns to specific websites. This means your ISP or any observer (authority or data broker) having access to your ISP can monitor all the data packets going in and out of your device and make this kind of analysis to attempt to track the sites you visit, but also who you communicate with using correlation attacks (you sending messages with certain patterns at certain times, to another device receiving messages with a certain pattern at same times). 

How we combat traffic analysis: this is how DAITA works.

DAITA has been developed together with Computer Science at Karlstad University and uses three types of cover traffic to resist traffic analysis.

1. Constant Packet Sizes

The size of network packets can be particularly revealing, especially small packets, so DAITA makes all packets sent over the VPN the same constant size. 

2. Random Background Traffic

By unpredictably interspersing dummy packets into the traffic, DAITA masks the routine signals to and from your device. This makes it harder for observers to distinguish between meaningful activity and background noise.

3. Data Pattern Distortion

When visiting websites (or doing any other activity that causes significant traffic), DAITA modifies the traffic pattern by unpredictably sending cover traffic in both directions between client and VPN server. This distorts the recognizable pattern of a website visit, resisting accurate identification of the site.

The future of data brokers selling traffic data is already here

With the sophisticated AI of today, traffic analysis can potentially be used for mass surveillance. The extent to which traffic analysis is used today is difficult to ascertain. But the ambition is there. In 2021, Vice reported that the FBI purchased netflow data from a data broker claiming to cover over 90 percent of the world’s internet traffic

How traffic analysis can be used in the future is hard to overview. That’s why we need to work on a resistance today. This initial version of DAITA is our first response to the evolving challenges of online privacy. DAITA is released as open source and as we gather feedback we will continue to refine and develop, ensuring it remains at the forefront of privacy technology.

We don't need to speculate on the extent to which traffic analysis is being used today. We just observe the development of AI and the development of authoritarian societies. There is also no need to speculate on which role traffic analysis will play in future mass surveillance. What we must do is to recognize the threats and opportunities – and work on resistance”, says Jan Jonsson, CEO at Mullvad VPN.

The building blocks of DAITA are open source

DAITA is built using the open-source Maybenot defense framework, which Mullvad helps to fund development of. The work has been academically peer reviewed and published as open access.

Putting traffic analysis defenses to practice is long overdue. Because the area is changing due to the rapid development of AI, investing time and energy into a framework makes perfect sense”, says Tobias Pulls, researcher at Karlstad University.

To begin with, DAITA 2024.3-beta1 is available in our VPN app on Windows 10 and 11.

To start using DAITA: Download the beta version of Mullvad VPN for Windows. Go to Settings – VPN settings – WireGuard settings – turn on DAITA.