A next-generation anonymity network with comprehensive defenses against modern attacks on Tor, I2P, and VPN systems.
GPTL implements cutting-edge countermeasures against 10 major attack categories identified in academic research from 2005-2024:
- Traffic Confirmation Attacks (Murdoch-Danezis, 2005)
- Website Fingerprinting (Panchenko et al., 2011-2016)
- Circuit Fingerprinting (Kwon et al., 2015)
- Guard Discovery Attacks (Overlier-Syverson, 2006)
- Sniper Attacks (Resource Exhaustion) (Jansen et al., 2014)
- Sybil Attacks (Biryukov et al., 2013)
- BGP Hijacking Attacks (RAPTOR) (Sun et al., 2015)
- Timing Attacks
- DNS Leakage
- WebRTC Leakage
┌─────────────────────────────────────────────────────────────┐
│ APPLICATION LAYER │
│ - WebRTC Guard - DNS Guard - Protocol Hardening │
├─────────────────────────────────────────────────────────────┤
│ CIRCUIT LAYER │
│ - Circuit Shield - Vanguards - Guard Armor │
├─────────────────────────────────────────────────────────────┤
│ ROUTING LAYER │
│ - BGP Guard - AS-Aware Selection - Multi-Path │
├─────────────────────────────────────────────────────────────┤
│ TRANSPORT LAYER │
│ - Timing Shield - Traffic Shaping - Adaptive Padding │
├─────────────────────────────────────────────────────────────┤
│ RESOURCE LAYER │
│ - Resource Guard - Sybil Shield - Rate Limiting │
└─────────────────────────────────────────────────────────────┘
- Rust 1.75+
- Cargo
cd rust
cargo build --releasecd rust
cargo testThe gptl binary is the primary way to configure GPTL. Configuration is stored at
~/.config/gptl/config.toml (Unix) or %APPDATA%\gptl\config.toml (Windows).
gptl status # Overview: level badge + all 11 protections
gptl config show # Full configuration table
gptl config show --format json # Machine-readable JSON
gptl config set <key> <value> # Change a setting (security changes require confirmation)
gptl config keys # All settable keys with accepted values
gptl config reset # Reset to defaults
gptl config path # Show config file location
gptl security level standard|enhanced|maximum # Change security level (shows full diff + confirms)
gptl security level enhanced --label-only # Update label only, keep individual settings
gptl security status # Protection checklist
gptl security audit # Detect mismatches and weaknesses
gptl profile list # List profiles (built-ins: standard/enhanced/maximum)
gptl profile show <name> # Preview a profile
gptl profile apply <name> # Apply profile (shows diff + confirmation)
gptl profile save <name> # Save current config as named profile
gptl profile delete <name> # Delete a saved profile
# Skip confirmation prompts (for scripting):
gptl -y security level maximum
gptl --yes profile apply standard
Security-sensitive changes (disabling protections, lowering security level) always show
a diff of what will change and ask for confirmation. Use -y/--yes to bypass in scripts.
GPTL provides three configurable security levels:
- Basic traffic padding
- DNS-over-HTTPS protection
- WebRTC leak prevention
- Suitable for: General browsing
- All Standard features
- Timing protection with jitter
- Circuit obfuscation
- Vanguard layered guards
- Defends against: Traffic analysis, circuit fingerprinting
- All Enhanced features
- BGP-aware routing
- Multi-path traffic splitting
- Aggressive padding and obfuscation
- Suitable for: High-risk situations, activists, journalists
Core anti-surveillance protections:
anti_surveillance/traffic_shaping.rs- Traffic confirmation attack defenseanti_surveillance/padding.rs- Website fingerprinting defense (WTF-PAD)anti_surveillance/timing_protection.rs- Timing attack defenseanti_surveillance/circuit_obfuscation.rs- Circuit fingerprinting defenseanti_surveillance/flow_correlation_defense.rs- DeepCorr defense
Secure routing and network-level protections:
bgp_protection.rs- RAPTOR/BGP hijacking defense with RPKI validationguard_management.rs- Vanguard protection against guard discoveryresource_protection.rs- Sniper attack defense with PoWdns_protection.rs- DNS leak prevention with DoH/DoTwebrtc_protection.rs- WebRTC leak preventionsybil_defense.rs- Sybil attack detection and preventioncircuit/- Circuit pool, health monitoring, and rotation
Production-grade cryptographic primitives (FIPS 140-3 validated via aws-lc-rs):
- AEAD ciphers — AES-256-GCM (primary), ChaCha20-Poly1305 (fallback)
- Key exchange — X25519 and Hybrid X25519 + ML-KEM-768 (post-quantum, NIST FIPS 203)
- Forward secrecy — Key ratcheting with Double Ratchet-inspired design
- Counter-based nonces — NIST-compliant with automatic rotation at 2³² messages
- Memory safety — All keys and secrets zeroized on drop
User-facing command-line interface (gptl binary):
main.rs— Entry point; dispatchesconfig,security,profile, andstatussubcommands- Config stored at
~/.config/gptl/config.toml(Unix) /%APPDATA%\gptl\config.toml(Windows) - Built-in profiles:
standard,enhanced,maximum(read-only) - User profiles:
~/.config/gptl/profiles/<name>.toml - Security-sensitive changes require confirmation; use
-y/--yesfor scripting
Enterprise relay server with multi-layer security:
auth/— Multi-factor authentication (password, TOTP, WebAuthn, mTLS)ip_restriction/— IP allowlist, geolocation blocking, threat intelligencerate_limit/— Token bucket limiting with CAPTCHA integrationsession/— JWT-based session management with bindingapi_key/— Scoped API key management with HMAC validationaudit/— Tamper-evident audit log with Merkle tree integrityauto_setup.rs— Cross-platform firewall automation (UFW/iptables/nftables, netsh, pfctl)
See research/TOR_I2P_VPN_ATTACKS_RESEARCH_REPORT.md for comprehensive analysis of each attack category including:
- Attack mechanisms and effectiveness
- Historical context and evolution
- Academic references
- GPTL countermeasure design rationale
- Constant-rate cell transmission
- Multi-path routing
- Cover traffic generation
- Congestion-independent timing
- WTF-PAD adaptive padding
- Burst morphing
- Standardized traffic patterns
- Game-theoretic optimization
- Preemptive circuit padding (PCP)
- Vanguard layered guards
- Circuit type obfuscation
- Standardized cell sequences with random payloads (indistinguishable from real data)
- 3-layer guard architecture
- Predecessor attack detection
- DoS-resistant rotation
- Reputation-based selection
- Proof-of-work circuit allocation
- Memory pool management
- Window-based flow control
- Circuit prioritization
- Economic stake requirements
- Reputation system
- Behavioral pattern detection
- Bandwidth verification
- Trust networks
- RPKI route validation
- AS-aware path selection (intermediate-hop diversity)
- Real-time hijack detection
- Counter-RAPTOR selection
- Poisson-distributed jitter
- Packet batching and reordering
- Clock skew protection
- Watermark detection
- DNS-over-HTTPS (DoH)
- DNS-over-TLS (DoT)
- Transparent proxy detection
- System DNS management
- ICE candidate filtering
- TURN relay enforcement
- Browser policy enforcement
- Leak testing
GPTL uses production-grade cryptographic primitives:
| Primitive | Algorithm | Standard |
|---|---|---|
| Symmetric encryption | AES-256-GCM | NIST FIPS 197 |
| Symmetric fallback | ChaCha20-Poly1305 | RFC 8439 |
| Classic key exchange | X25519 | RFC 7748 |
| Post-quantum KEM | ML-KEM-768 (Kyber) | NIST FIPS 203 |
| Hybrid key exchange | X25519 + ML-KEM-768 | IETF draft-ietf-tls-ecdhe-mlkem |
| Forward secrecy | Double Ratchet | Signal specification |
| Crypto library | aws-lc-rs | FIPS 140-3 validated |
Key properties:
- All keys and secrets are memory-zeroized on drop (
zeroizecrate) - Constant-time operations for sensitive comparisons (
subtlecrate) - Counter-based nonces with automatic rotation at 2³² messages
- Hybrid KEM provides both classical and post-quantum security
use gptl_core::anti_surveillance::{AntiSurveillanceManager, SecurityLevel};
use gptl_routing::RoutingManager;
#[tokio::main]
async fn main() {
// Configure security level
let mut manager = AntiSurveillanceManager::new(Default::default());
manager.set_security_level(SecurityLevel::Maximum).await;
// Initialize protections
manager.initialize().await.unwrap();
// Process cells securely
let protected_cells = manager.protect_outgoing(cell).await.unwrap();
}Each module includes comprehensive unit tests:
# Run all tests
cd rust && cargo test
# Run with logging
RUST_LOG=debug cargo test -- --nocapture
# Run specific module tests
cargo test -p gptl-crypto
cargo test -p gptl-core
cargo test timing_protection
cargo test sybil_defense- Requires integration with a transport layer for full deployment
- Network-level consensus and directory authority system not included
- Performance optimizations for high-throughput scenarios are ongoing
- Memory safety: Rust ownership model eliminates use-after-free and buffer overflows
- Cryptographic agility: Hybrid classical + post-quantum key exchange
- Forward secrecy: Double Ratchet ratcheting ensures past sessions remain secure
- Bounded resource usage: All data structures have growth limits to prevent DoS
- Tamper-evident logging: Merkle tree-backed audit log with cryptographic integrity
This project is part of the GPTL security research initiative. See individual module documentation for contribution guidelines.
Licensed under either of:
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
at your option.
This implementation is based on research by:
- Murdoch & Danezis (2005) - Traffic confirmation attacks
- Panchenko et al. (2011, 2016) - Website fingerprinting
- Kwon et al. (2015) - Circuit fingerprinting attacks
- Overlier & Syverson (2006) - Guard discovery
- Jansen et al. (2014) - Sniper attacks
- Sun et al. (2015) - RAPTOR attacks
- Biryukov et al. (2013) - Sybil attacks
Note: This is a security research implementation. Production deployment requires additional operational hardening and network infrastructure.