AI surveillance is on the horizon, but Mullvad VPN might have a fix

The original article was amended on May 13, 2024, to include clarifications from Harry Halpin, CEO at NymVPN.

The security gap between our expectations and the harsh digital reality is deepening as AI-powered tools enable internet service providers (ISPs), authorities, and even data brokers to trace back our online activities despite being encrypted. That's why one of the best VPN services on the market, Mullvad VPN, just dropped a new feature to prevent AI-powered snooping.

The provider says its Defense against AI-guided Traffic Analysis (DAITA) is "the first step" in the battle against sophisticated traffic analysis. Fully built on an open-source framework, DAITA's beta version is now available on Mullvad's Windows VPN apps on Windows 10 and 11.

Online surveillance meets AI

Whether you're using a secure VPN, the Tor Network, or any other privacy-focused web browser, encryption alone cannot shield you from increasingly invasive surveillance practices. That's because, every time you access a website, there is an invisible exchange of data packets occurring in the background between your device and the site you're visiting. 

When you use a VPN, this traffic gets encrypted meaning that a third party cannot record the information shared between you and your destination. However, your ISP can still see that some packets are being sent, how big these are, and how often this exchange occurs.

"Even if data is encrypted using a VPN and all packages of information leaving your computers are impossible to read, you will at a minimum level leak the fact that your computer is on, and you are communicating," Jan Jonsson, CEO at Mullvad VPN, told me. "An analysis of [what's known as] metadata can reveal a lot. especially if collected massively over the planet."

Vice already unveiled in 2023 how the FBI has been using a tool to access users' netflow data to fight crime. According to Jonsson, this type of surveillance is now on the rise due to AI tools that can empower your ISP or any other snooper, like a data broker or law enforcement officer, to trace these traffic patterns back to specific websites and users. Pattern recognition is indeed the core strength of AI. All of this, ultimately, makes also VPN users vulnerable to online surveillance.

"We don't need to speculate on the extent to which traffic analysis is being used today. We just observe the development of AI and the development of authoritarian societies. There is also no need to speculate on which role traffic analysis will play in future mass surveillance," said Jonsson. "What we must do is to recognize the threats and opportunities—and work on resistance."

How Mullvad DAITA fights back AI tracking

Mullvad partnered with the Computer Science department at Karlstad University to develop a proactive solution against AI-powered traffic analysis. That's when DAITA was born.

On a simple level, Mullvad's objective is to confuse observers by modifying the appearance of these data packets. As Jonsson put it, "to make analyzing the encrypted traffic and correlating with website traffic damn hard."

DAITA does so by, for instance, making all packets sent over the VPN the same constant size. It also adds some random traffic to make it harder for third parties to distinguish between meaningful activity and background noise. It then modifies the traffic pattern by unpredictably sending cover traffic in both directions between the client and the VPN server.

DAITA is built entirely using an open-source defense network called Maybenot, an academic work Mullvad partly funded. According to Tobias Pulls, a researcher at Karlstad University who took part in the project, putting traffic analysis defenses into practice is long overdue considering how "the area is changing due to the rapid development of AI."

While Mullvad's DAITA is a unique security feature across the VPN market, another provider recently developed an innovative solution for protecting its users against these sophisticated surveillance practices. 

NymVPN employs a tool called Mixnet to reroute data packets via five different VPN servers while shuffling these like a deck of cards along the way. This process, the provider says, ensures that the traffic data gets out completely randomized, scrambling the ability for authorities, hackers, and any other snoopers to identify who sends what packet.

"I assume there are many ways of routing traffic between different relays to vary latency and make tracking harder. However, DAITA focuses on an attacker that can see ALL traffic on the net and use AI to analyze it all. Mixnet usually does not protect against this," Jonsson told me.

Harry Halpin, CEO at NymVPN, doesn't agree with Jonsson, though, arguing that mixnets are actually the only technology that can defend against an adversary that can see all the traffic on the network. 

"Of course, no technique is perfect, but mixing is in general more powerful than covering traffic," he told me, adding that besides DAITA's technique not being new, it's also a rather weak defense as "over time traffic analysis can de-anonymize the flows even with adaptive cover traffic."

On his side, Jonsson said that, despite other security software offering similar solutions, DAITA is the only open-source tool developed by university researchers specializing in this issue. To use DAITA, head to your app's Settings and click on VPN settings. You have to turn on the DAITA option under the WireGuard settings tab.

The initial version of DAITA is currently available only on Windows 10 and 11, with the plan to extend the functionality across all operating systems. Not in the Mullvad browser, though, as "it only protects browser traffic and would not be sufficient protection" Jonsson explains, adding that the team seeks to continue to refine and develop the feature according to feedback to ensure that privacy remains the priority.

He said: "We have funded this research for years, and there will be more research and more versions as we learn more. And also adapt to new threats."