PriFi, a low-latency, local-area anonymous communication network.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

PriFi: A Low-Latency, Tracking-Resistant Protocol for Local-Area Anonymity Build Status Go Report Card Coverage Status


This repository implements PriFi, an anonymous communication protocol with provable traffic-analysis resistance and small latency suitable for wireless networks. PriFi provides a network access mechanism for protecting members of an organization who access the Internet while on-site (via privacy-preserving WiFi networking) and while off-site (via privacy-preserving virtual private networking or VPN). The small latency cost is achieved by leveraging the client-relay-server topology common in WiFi networks. The main entities of PriFi are: relay, trustee server (or Trustees), and clients. These collaborate to implement a Dining Cryptographer's network (DC-nets) that can anonymize the client upstream traffic. The relay is a WiFi router that can process normal TCP/IP traffic in addition to running our protocol.

For an extended introduction, please check our website.

For more details about PriFi, please check our WPES 2016 paper.

Warning: This software is experimental and still under development. Do not use it yet for security-critical purposes. Use at your own risk!

Getting PriFi

First, get the Go language, >= 1.9. They have some .tar.gz, but I personally prefer to use my package manager : sudo apt-get install golang for Ubuntu, or sudo dnf install golang for Fedora 24.

Then, get PriFi by doing:

go get
cd $GOPATH/src/
./ install

Running PriFi

PriFi uses ONet as a network framework. It is easy to run all components (trustees, relay, clients) on one machine for testing purposes, or on different machines for the real setup.

Each component has a SDA configuration : an identity (identity.toml, containing a private and public key), and some knowledge of the others participants via group.toml. For your convenience, we pre-generated some identities in config/identities_default.

Testing PriFi, all components in localhost

You can test PriFi by running ./ all-localhost. This will run a SOCKS server, a PriFi relay, a Trustee, and three clients on your machine. They will use the identities in config/identities_default. You can check what is going on by doing tail -f {clientX|relay|trusteeX|socks}.log. You can test browsing through PriFi by setting your browser to use a SOCKS proxy on localhost:8081.

Using PriFi in a real setup

To test a real PriFi deployement, first, re-generates your identity (so your private key is really private). The processed is detailed in the README about ./ startup script.

More documentation :

API Documentation

The PriFi API documentation can be found in doc/doc.html.