With the system, messages are never sent directly; instead, users deposit encrypted messages in a "dead drop" server mailbox. The exchange of messages is never initiated by the user -- something that could be detected by hackers -- but instead happens in "rounds" every 10-20 seconds. That increases security dramatically, but bad guys could still access metadata info by, say, knocking one user offline to see if the number of messages decreases. That's where the spam comes in -- each server sends "cover traffic" messages to random mailboxes to hide individual users' activities. The system even works even if many of the servers have been infiltrated, provided some are still "clean."

The scheme would be particularly useful to users worried about NSA-style mass surveillance, like whistleblowers or reporters. (Of course, like many legitimate services, it could also be misused by bad guys.) The drawback is the speed -- since server rounds are performed at set intervals, message speeds are limited to those times. The researchers ran a simulation on Amazon EC2 servers, and with a million simulated users and 15,000 messages per second, system latency was a foot-tapping 44 seconds per message. They plan to scale it up to see if that time can be improved, but we imagine that users who absolutely can't have messages traced back to them are cool with a small delay.