Link Us if You Can: Enabling Unlinkable Communication on the Internet

For online conversations with top privacy, we often need to erase the existing contact behavior. Thus we want communications in which adversaries can not link you to the person you contact, namely communications with unlinkability. However, most current communication systems including variations of Mix networks fail to maintain unlinkability against global active adversaries (GAA) who can monitor global traffic and easily compromise clients and infrastructures. Therefore, designing an unlinkable communication system against GAA is challenging. By analyzing limitations of current communication systems, we propose two other features to assure unlinkability: covertness and deniability. In this paper, we design HTor, a novel and practical communication system with unlinkability, via a single web server. HTor interpolates the server to cut off the direct connection between two people in one communication and exploits covert channels (CCs) to hide communications between clients and the server. Considering servers might be corrupted, HTor utilizes a group mechanism to protect the receiver for each message. By extensive large-scale evaluations, we show that communications over HTor are robust and difficult to detect. Besides, HTor is easily implemented and, with multiple servers, it can provide enough bandwidth and relatively low latency for chatting.