Any details on that talk or the venue it was presented in? I don't find any likely recent context from a Web search (and Hughes's name is increasingly colliding with others).
That said, effective chaffing is difficult and does little to mask methods used to surveil or profile. It's also highly ineffective against strong-intent signalling such as purchase behaviours, unless someone is willing to buy items of little interest or purchase-and-return with sufficient aggressiveness to likely provoke not only vendor cancellation but fraud or criminal investigation.
Cory Doctorow from a Reddit AMA a couple of years ago on chaffing's ineffectiveness:
Chaffing turns out to be pretty easy to detect, because people aren't random - generating data that is both plausible and doesn't leak anything is really hard.
The most common solution to this from information theory is to broadcast a steady volume of noise that is sometimes mixed with signal: for example, you start a Twitter feed that tweets out exactly 280 characters of random noise every minute. Sometimes, though, you push ciphertexts into that stream. Your counterparty analyzes EVERYTHING you tweet, looking for data that decrypts with their private key and your public key. Adversaries can't tell who you're talking to, nor can they tell when you're talking.
This is much harder to do with something like your web traffic....
And it's even harder with purchase history, postal mail, or phone-call activity.
In practice, the method would be unavailable to much of the public, and of and by itself a strong indication of surveillance interest, much as use of, say, PGP is long reported to be.
That said, effective chaffing is difficult and does little to mask methods used to surveil or profile. It's also highly ineffective against strong-intent signalling such as purchase behaviours, unless someone is willing to buy items of little interest or purchase-and-return with sufficient aggressiveness to likely provoke not only vendor cancellation but fraud or criminal investigation.
Cory Doctorow from a Reddit AMA a couple of years ago on chaffing's ineffectiveness:
Chaffing turns out to be pretty easy to detect, because people aren't random - generating data that is both plausible and doesn't leak anything is really hard.
The most common solution to this from information theory is to broadcast a steady volume of noise that is sometimes mixed with signal: for example, you start a Twitter feed that tweets out exactly 280 characters of random noise every minute. Sometimes, though, you push ciphertexts into that stream. Your counterparty analyzes EVERYTHING you tweet, looking for data that decrypts with their private key and your public key. Adversaries can't tell who you're talking to, nor can they tell when you're talking.
This is much harder to do with something like your web traffic....
<https://old.reddit.com/r/privacy/comments/j444u4/how_to_dest...>
And it's even harder with purchase history, postal mail, or phone-call activity.
In practice, the method would be unavailable to much of the public, and of and by itself a strong indication of surveillance interest, much as use of, say, PGP is long reported to be.