Researchers at MIT have recently released a whitepaper detailing Riffle, “An Efficient Communication System With Strong Anonymity” that was quickly picked up by a number of news outlets including ThreatPost. There’s plenty of details in the PDF and linked articles but, for the TL;DR crowd, a couple of things stand out that I think are worth mentioning:
- This isn’t, as I understand it, presented as a replacement for TOR.
- I think that it’s a sign that folks are looking for things that may fit that bill, but I don’t think that this is it.
- The approach that Riffle is taking means that, if there is a single honest server, the privacy and integrity of the traffic can be assured (so simply compromising one of the servers in the mixnet isn’t sufficient, an attacker would have to control all of them).
The privacy discussion is polarizing (the FBI needs to be able to decrypt everything to protect us and, if you aren’t doing anything wrong you shouldn’t worry about it -vs- we have a right to privacy) so we won’t get into it here but it would be unwise to ignore this as a growth sector. New tools like TOR and Riffle as well as existing technologies like proxies and VPNs make it easier for us to safeguard our privacy but it also makes it easier for employees to violate acceptable use policies and it makes it easier for attackers to gain a foothold inside the network and exfiltrate data unnoticed.