This is a rather interesting framework, highlighted on Mullvad's blog and with pilot integration into their servers -- see [1] and [2] -- with a fairly detailed deep-dive at [3].<p>The basic idea is very simple: defeat traffic analysis essentially by chaffing and winnowing [4] data to force packet sizes to be constant, and transmit a small amount of 'cover' garbage when the pipe is otherwise empty. I've often wondered why this is not done -- constant bandwidth channels are widely used by the military, for example. Combined with multi-hop routing, I suspect this will make VPNs far more secure for all of their users.<p>The cost, of course, is an overhead in both bandwidth and latency -- in principle these need to be very much for it to be cryptographically secure, but the current implementation roughly doubles bandwidth consumption and introduces a second per connection, which is probably...in need of improvement, let's say.<p>[1] <a href="https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita" rel="nofollow">https://mullvad.net/en/blog/introducing-defense-against-ai-g...</a><p>[2] <a href="https://mullvad.net/en/blog/evaluating-using-the-first-eight-daita-servers" rel="nofollow">https://mullvad.net/en/blog/evaluating-using-the-first-eight...</a><p>[3] <a href="https://pulls.name/blog/2024-06-05-eval-first-daita-servers/" rel="nofollow">https://pulls.name/blog/2024-06-05-eval-first-daita-servers/</a><p>[4] <a href="https://en.wikipedia.org/wiki/Chaffing_and_winnowing" rel="nofollow">https://en.wikipedia.org/wiki/Chaffing_and_winnowing</a>