PriFi, a low-latency, local-area anonymous communication network.
Go Shell Other
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

PriFi: A Low-Latency, Tracking-Resistant Protocol for Local-Area Anonymity Build Status Go Report Card Coverage Status


This repository implements PriFi, an anonymous communication protocol with provable traffic-analysis resistance and small latency suitable for wireless networks. PriFi provides a network access mechanism for protecting members of an organization who access the Internet while on-site (via privacy-preserving WiFi networking) and while off-site (via privacy-preserving virtual private networking or VPN). The small latency cost is achieved by leveraging the client-relay-server topology common in WiFi networks. The main entities of PriFi are: relay, trustee server (or Trustees), and clients. These collaborate to implement a Dining Cryptographer's network (DC-nets) that can anonymize the client upstream traffic. The relay is a WiFi router that can process normal TCP/IP traffic in addition to running our protocol.

For an extended introduction, please check our website.

For more details about PriFi, please check our WPES 2016 paper.

Warning: This software is experimental and still under development. Do not use it yet for security-critical purposes. Use at your own risk!

Getting PriFi

First, get the Go language, >= 1.9. They have some .tar.gz, but I personally prefer to use my package manager : sudo apt-get install golang for Ubuntu, or sudo dnf install golang for Fedora 24.

Then, get PriFi by doing:

go get
cd $GOPATH/src/
./ install

Running PriFi

PriFi uses ONet as a network framework. It is easy to run all components (trustees, relay, clients) on one machine for testing purposes, or on different machines for the real setup.

Each component has a SDA configuration : an identity (identity.toml, containing a private and public key), and some knowledge of the others participants via group.toml. For your convenience, we pre-generated some identities in config/identities_default.

Testing PriFi, all components in localhost

You can test PriFi by running ./ all-localhost. This will run a SOCKS server, a PriFi relay, a Trustee, and three clients on your machine. They will use the identities in config/identities_default. You can check what is going on by doing tail -f {clientX|relay|trusteeX|socks}.log. You can test browsing through PriFi by setting your browser to use a SOCKS proxy on localhost:8081.

Using PriFi in a real setup

To test a real PriFi deployement, first, re-generates your identity (so your private key is really private). The processed is detailed in the README about ./ startup script.

More documentation :

API Documentation

The PriFi API documentation can be found in doc/doc.html.