I'm developing some sort of VoIP application for mobile devices for fun.
I initially planned to rely on P2P connections only.
I didn't want to use a relay server because I thought (1.) there would be a higher latency and (2.) this would reduce privacy/be another potential risk if not maintained properly.

However, just thinking about this again, I wonder whether using a relay server in the middle doesn't actually add a layer of privacy since it would be less obvious where the packets are being sent - all packets would go to the server instead of being sent straight to the other device. So the only thing someone could know when intercepting the traffic between one of the devices and the server is that there is a connection between that device and the server (provided that the actual UDP/TCP payload is encrypted or unreadable for someone intercepting the traffic).

So unless there's only two devices sending packets to the server it would be more difficult to find the peer connection.

Is this assumption correct?

If it is, is there a way/are there any known techniques to obfuscate the source/destination when establishing P2P connections, specifically when using IPv6? By this I mean somehow hiding/changing possibly identifying information such as the IP & port number.

1 Answers1


I wonder whether using a relay server in the middle doesn't actually add a layer of privacy since it would be less obvious where the packets are being sent - all packets would go to the server instead of being sent straight to the other device.

It adds different kinds of privacy. You have (mainly) two kinds of privacy here:

  1. Privacy from provider
  2. Privacy from other users.
  3. Privacy from someone with network level access (ISP, government)

A P2P architecture can be implemented in a way so that the provider is only involved in the set up of the connection, and doesn't need to know for how long you communicate, if you use video etc.

However, a P2P-structure will leak info about users to other users. This may or may not be an issue. In many cases, users communicating will know each other, and will prefer not leaking information to a provider over leaking information to whomever they're talking with.

However, if you're a Chinese dissident using a non-national service, it's probably preferable to leak information to the provider over the other user.

It will affect latency - especially if the two clients are otherwise close (e.g. same cell phone provider and country), but the server is 50ms away.

Signal gives the users a choice: Signal user choice

I believe this is the best solution, especially if the users are educated on security. They may make their own trade-offs based on what value they place on the various aspects. For me, the quality penalty makes me stick to P2P. This is based partially on the fact that I'm in a politically stable region with a very strong freedom of speech.

To protect against someone who can do network level eavesdropping, it should be impossible to correlate streams.

Now, if clients communicate P2P, it's absolutely trivial to work out who communicates with whom; the streams are direct.

If they go via a central proxy, it's harder, but probably not impossible to correlate streams in time, based on size and frequency of packets. There's been research on unmasking tor users based on this.

In short, you have multiple different kinds of privacy worries. Some of them are mutually exclusive. Different users will have different needs of anonymity. A dissident communicating with peers may want P2P, to avoid any central servers that can be targeted. The same dissident, when recruiting other dissidents, may want a centralized server - as that makes locating them harder.

When I'm talking with friends, I don't care if they know who I am; they alread know, so P2P is just fine. If I'm selling drugs, I probably don't want people to get my IP address.

If it is, is there a way/are there any known techniques to obfuscate the source/destination when establishing P2P connections, specifically when using IPv6? By this I mean somehow hiding/changing possibly identifying information such as the IP & port number.

No. IP packets require source and destination. Port number may be choosen freely.

The technique for obfuscating IP is using a proxy (as you are suggesting) or a VPN.

  • 12,850
  • 2
  • 35
  • 47
  • Thank you, that’s made it pretty clear. I assume by „provider“ you mean the provider of the relay server, not the ISP? If so, wouldn’t a third kind of privacy be privacy from the ISP? So when relaying a call, we’d also hide information about the other user from the ISP as opposed to directly addressing the communication partner (which, again, might only be relevant for politically less stable regions) __but__ wouldn’t that add a significant amount of privacy if you’d operate the relay server on your own/can trust the server provider but not the (national) ISP? – j3141592653589793238 Aug 06 '20 at 17:13
  • 1
    @user0800 protecting against someone with access to monitor data streams is difficult. Several researches has demonstrated traffic pattern attacks against tor. There's written [papers on the topic](https://murdoch.is/papers/oakland05torta.pdf). – vidarlo Aug 06 '20 at 18:24