We are living in times where governments and corporations are spying on internet users, and some countries are banning or threatening to weaken privacy enhancing technologies such as Virtual Private Networks (VPNs) and encryption, and calling for more surveillance and data retention. Now more than ever internet users need technology which preserves their digital privacy rights. Currently there are only a couple of good choices available to help users anonymously and securely communicate online, but a new project is in development which could add another good anonymization service for internet users. Loopix is an anonymization network like Tor and I2P. The new anonymity network is being developed by researchers from the University College London’s Information Security Research Group. Like other anonymization services such as Tor and I2P, Loopix uses a low latency mixing network to route data through a chain of proxies. However, unlike Tor and I2P, Loopix is focused on providing an anonymization system for communications, rather than for browsing websites or torrenting.
The researchers recently gave a presentation on Loopix at the 26th USENIX Security Symposium. They also released a research paper on the Loopix Anonymity System. Loopix uses cover traffic and Poisson mixing to provide anonymity. According to the paper that the researchers from the University College London released, “Loopix leverages cover traffic and Poisson mixing—brief independent message delays—to provide anonymity and to achieve traffic analysis resistance against, including but not limited to, a global network adversary.”
In the paper, the researchers continue to expand on how their anonymization service resists attacks against users, saying that, “Mixes and clients, self-monitor and protect against active attacks via self-injected loops of traffic. The traffic loops also serve as cover traffic to provide stronger anonymity and a measure of sender and receiver unobservability. Loopix is instantiated as a network of Poisson mix nodes in a stratified topology with a low number of links, which serve to further concentrate cover traffic. Service providers mediate access in and out of the network to facilitate accounting and off-line message reception.”
Message based mix networks are not new. High latency anonymous remailers such as Mixmaster and Mixminion used to be popular. The idea for mix networks was first put forth by American cryptographer David Chaum in a paper he wrote which was published in 1981 and titled, “Untraceable electronic mail, return addresses, and digital pseudonym.”
While Tor’s onion routing, and I2P’s garlic routing, may currently be the more popular anonymizing mix networks, Loopix hopes to bring back mix networks which focus on communicating messages, but over a low latency network. Loopix protects the sender and recipient of a communication from being observed by third parties, even if there are malicious mixers and providers. When using Loopix, it is not possible for an attacker to observe when the sender of a communication is online. Loopix’s anonymity features are designed to be resistant to attacks from hackers and state adversaries such as the NSA and the CIA. In their paper, the researchers refer to these state actors as global passive adversaries, or GPAs. GPAs have the ability to monitor the entire network, including traffic from users, providers, and mix servers.
For people who are curious to look at the source code and to test the Loopix mix system, the researchers have uploaded their Loopix mix network software onto an online public code repository on GitHub. The Loopix software is written in Python. Loopix uses the Sphinx secure encrypted message format that is used to relay the messages over the mix network. Based on a look at the code on GitHub, it appears Loopix supports or integrates the Tox protocol. Tox allows users to send and receive messages, as well as make voice and video calls, all of which are end-to-end encrypted. During testing of Loopix, the researchers found that they were able to send up to 300 messages “at a small delay overhead of less than 1.5 ms on top of the delays introduced into messages to provide security,” BleepingComputer reports.