Cover Traffic

Cover traffic is the practice of sending dummy messages that carry no real payload, purely to obscure the timing and volume of genuine communication. It is a foundational defense against traffic analysis: even if an adversary cannot read encrypted content, the mere pattern of when and how much a person transmits can leak who they talk to and when something important is happening. Cover traffic blurs that pattern by making real and fake messages indistinguishable on the wire.

Why padding alone is not enough

Encryption hides content, but it does not hide that a message was sent. An observer watching a connection can still see bursts of activity, and correlating bursts across two endpoints can reveal a conversation. By injecting a steady stream of dummy packets, a system ensures the observed traffic rate stays roughly constant whether or not the user is actively communicating. The dummies are discarded at their destination and are bitwise indistinguishable from real packets, so a relay cannot tell which is which.

Loops and unobservability

Advanced anonymity systems such as Loopix and Nym use "loop" cover traffic, where a node or client sends dummy messages that travel through the network and return to the sender. Loops generated by mix nodes guarantee a baseline level of anonymity at all times, while loops generated by end users obscure their own activity and push the system toward unobservability, the property that an adversary cannot even tell whether a given user is communicating. The cost is bandwidth: constant cover traffic consumes capacity even when nothing is being said, a deliberate trade of efficiency for privacy.

Cover traffic is a core mechanism inside a mixnet and supports the broader objective of metadata-resistant messaging.