Online privacy is an Internet buzzword nowadays. If you are also concerned about the privacy of your web surfing, the most efficient way is to use TOR – a free software that lets users communicate anonymously by hiding their actual location from snoopers.
Although TOR is a great anonymous network, it has some limitations that could still allow a motivated hacker to compromise the anonymity of legions of users, including dark web criminals as well as privacy-minded innocents.
Moreover, TOR (The Onion Network) has likely been targeted by the FBI to arrest criminals, including the alleged Silk Road 2 lieutenant Brian Richard Farrell, who was arrested in January 2014.
Even the TOR Project accused the FBI of paying the researchers of Carnegie Mellon University (CMU) at least $1 Million to disclose a technique that could help the agency unmask TOR users and reveal their IP addresses as part of a criminal investigation.
So, what’s next? Is there an alternative?
Well, most probably, YES.
RIFFLE – A New Anonymity Network
Researchers from the Massachusetts Institute of Technology (MIT) and the École Polytechnique Fédérale de Lausanne (EPFL) have created a new anonymity network, which they claim fixes some of Tor’s weak points.
Dubbed Riffle, the anonymity network promises to provide better security against situations when hackers introduce rogue servers on the network, a technique to which TOR is vulnerable.
Riffle maintains users’ privacy as long as at least one of its server remains safe.
Here’s How Riffle Works:
The secret behind Riffle is the use of a Mixnet or Mix Networks – a system that routes each user’s messages through a chain of proxy servers known as Mixes in order to prevent traffic analysis.
Like TOR, Riffle also uses Onion protocol to encrypt its messages with different layers of encryption, which are peeled off as the message passes through every server in the anonymity network.
So a malicious actor will still have to break several layers of encryption in an effort to reach Riffle content.
Riffle’s 2-Phase Authentication makes it more Secure than TOR
Any dedicated attacker could easily target Riffle as they target TOR by tampering with some servers in the anonymity network using their own code.
To defend against these types of attacks, Riffle uses a technique known as ‘Verifiable Shuffle,’ which works on top of Onion protocol.
Verifiable Shuffle is a method that generates a verifiable mathematical proof indicating that the messages it sends are the same as the messages it receives.
Once a secure connection to all servers is established, the system then makes use of ‘Authentication Encryption‘ in order to verify the authenticity of the encrypted messages, using less computation power, but providing better speeds for data transfers compared to TOR.
In this way, even malicious servers can not mess things up – they have to shuffle the messages correctly so that the good servers can accept the incoming data. If server tampered with the messages, it would be spotted at once.
Therefore, as long as one single server on the anonymity network is safe, Riffle is Secure.
Riffle is faster than TOR
More importantly, file transfers in Riffle required one-tenth of the time as compared to TOR and other anonymity networks during experimental tests.
In the case of file sharing, Riffle can achieve a bandwidth of over 100KB/s per client in an anonymity set of up to 200 clients, researchers explained in a paper [PDF]. While in the case of microblogging, Riffle could handle 100,000 users with 10 seconds of latency.
Riffle is a long way from becoming reality, but its tougher security and less overhead could change the way we browse anonymously today. More details on the system will be presented at the Privacy Enhancing Technologies Symposium in July, in Germany.