PriFi, a low-latency, local-area anonymous communication network.
Go Shell Makefile
Latest commit 635ac3f Jun 13, 2017 @lbarman committed on GitHub Merge pull request #166 from lbarman/pcap
Pcap reader
Failed to load latest commit information.
doc BugFix in doc Dec 23, 2016
prifi-lib Changed files prifi-lib/client/client_test.go,prifi-lib/prifi_test.go Jun 13, 2017
prifi-socks Removes logs May 17, 2017
sda Passes parameters to the client May 18, 2017
socks Step 2 Jan 23, 2017
utils Changes to NullOutput Jan 26, 2017
.gitignore .gitignore update May 18, 2017
LICENCE Adds AGPLv3 Mar 2, 2017
Makefile Updates scripts Jan 26, 2017 Update Mar 30, 2017 Updates README's and script Jan 23, 2017 New ReadMe Jan 3, 2017 New Readme Jan 3, 2017 Improves README's Jan 8, 2017 Cleanup + coverall on prifi-lib Jan 17, 2017 Fixes slots indeed. May 17, 2017

PriFi: A Low-Latency, Tracking-Resistant Protocol for Local-Area Anonymity Build Status Go Report Card Coverage Status


This repository implements PriFi, an anonymous communication protocol with provable traffic-analysis resistance and small latency suitable for wireless networks. PriFi provides a network access mechanism for protecting members of an organization who access the Internet while on-site (via privacy-preserving WiFi networking) and while off-site (via privacy-preserving virtual private networking or VPN). The small latency cost is achieved by leveraging the client-relay-server topology common in WiFi networks. The main entities of PriFi are: relay, trustee server (or Trustees), and clients. These collaborate to implement a Dining Cryptographer's network (DC-nets) that can anonymize the client upstream traffic. The relay is a WiFi router that can process normal TCP/IP traffic in addition to running our protocol.

For an extended introduction, please check our website.

For more details about PriFi, please check our WPES 2016 paper.

Warning: This software is experimental and still under development. Do not use it yet for security-critical purposes. Use at your own risk!

Getting PriFi

First, get the Go language, >= 1.7. They have some .tar.gz, but I personally prefer to use my package manager : sudo apt-get install golang for Ubuntu, or sudo dnf install golang for Fedora 24.

Then, get PriFi by doing:

go get
cd $GOPATH/src/
./ install

Running PriFi

PriFi uses ONet as a network framework. It is easy to run all components (trustees, relay, clients) on one machine for testing purposes, or on different machines for the real setup.

Each component has a SDA configuration : an identity (identity.toml, containing a private and public key), and some knowledge of the others participants via group.toml. For your convenience, we pre-generated some identities in config/identities_default.

Testing PriFi, all components in localhost

You can test PriFi by running ./ all-localhost. This will run a SOCKS server, a PriFi relay, a Trustee, and three clients on your machine. They will use the identities in config/identities_default. You can check what is going on by doing tail -f {clientX|relay|trusteeX|socks}.log. You can test browsing through PriFi by setting your browser to use a SOCKS proxy on localhost:8081.

Using PriFi in a real setup

To test a real PriFi deployement, first, re-generates your identity (so your private key is really private). The processed is detailed in the README about ./ startup script.

More documentation :

API Documentation

The PriFi API documentation can be found in doc/doc.html.