Cryptology ePrint Archive: Report 2017/191

CoverUp: Privacy Through "Forced" Participation in Anonymous Communication Networks

David Sommer and Aritra Dhar and Luka Malisa and Esfandiar Mohammadi and Daniel Ronzani and Srdjan Capkun

Abstract: The privacy guarantees of anonymous communication networks (ACNs) are bounded by the number of participants. As a consequence, an ACN can only achieve strong privacy guarantees if it succeeds in attracting a large number of active users. Vice versa, weak privacy guarantees renders an ACN unattractive, leading to a low number of users. In this work, we show how to break this vicious circle. We develop CoverUp, a system that "forces" visitors of highly accessed websites to become involuntary participants of an ACN. CoverUp leverages basic browser functionality to execute server-served JavaScript code and to open remote connections to connect all website visitors to an ACN (which we instantiate by a mix server). We build two applications on top of CoverUp: an anonymous feed and a chat. We show that both achieve practical performance and strong privacy guarantees. Towards a network-level attacker, CoverUp makes voluntary and involuntary participants indistinguishable, thereby providing an anonymity set that includes all voluntary and involuntary participants (i.e., all website visitors). Given this, CoverUp provides even more than mere anonymity: the voluntary participants can hide the very intention to use the ACN. As the concept of forced participation raises ethical and legal concerns, we discuss these concerns and describe how these can be addressed.

Category / Keywords: anonymous communication, privacy enhancing technologies

Date: received 24 Feb 2017, last revised 27 Feb 2017

Contact author: mohammadi at inf ethz ch

Available format(s): PDF | BibTeX Citation

Version: 20170228:193104 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]