The majority of people across the globe rely on telephony networks as their primary means of communication. As such, many of the most sensitive personal, corporate and government related communications pass through these systems every day. Unsurprisingly, such connections are subject to a wide range of attacks. Of increasing concern is the use of metadata contained in Call Detail Records (CDRs), which contain source, destination, start time and duration of a call. This information is potentially dangerous as the very act of two parties communicating can reveal significant details about their relationship and put them in the focus of targeted observation or surveillance, which is highly critical especially for journalists and activists. To address this problem, we develop the Phonion architecture to frustrate such attacks by separating call setup functions from call delivery. Specifically, Phonion allows users to preemptively establish call circuits across multiple providers and technologies before dialing into the circuit and does not require constant Internet connectivity. Since no single carrier can determine the ultimate destination of the call, it provides unlinkability for its users and helps them to avoid passive surveillance. We define and discuss a range of adversary classes and analyze why current obfuscation technologies fail to protect users against such metadata attacks. In our extensive evaluation we further analyze advanced anonymity technologies (e.g., VoIP over Tor), which do not preserve our functional requirements for high voice quality in the absence of constant broadband Internet connectivity and compatibility with landline and feature phones. Phonion is the first practical system to provide guarantees of unlinkable communication against a range of practical adversaries in telephony systems.
 V. A. Balasubramaniyan, A. Poonawalla, M. Ahamad, M. T.Hunter, and P. Traynor. PinDr0P: using single-ended audio features to determine call provenance. In ACM Conference on Computer and Communications Security, 2010.
 M. Baugher. The Secure Real-time Transport Protocol (SRTP). IETF RFC 3711, Mar. 2013. https://rfc-editor.org/rfc/rfc3711.txt.
 E. Ben Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. Zerocash: Decentralized anonymous payments from Bitcoin. In 2014 IEEE Symposium on Security and Privacy (SP), 2014.
 A. Biryukov and I. Pustogarov. Proof-of-work as anonymous micropayment: Rewarding a Tor relay. In Financial Cryptography and Data Security 2015, 2015.
 N. Borisov, G. Danezis, P. Mittal, and P. Tabriz. Denial of service or denial of security? In ACM Conference on Computer and Communications Security, 2007.
 M. Bowman. Employers can snoop through your cell phone. http://blogs.lawyers.com/2013/01/employers-snoop-through-cell-phone/, 2013.
 V. Buterin. A next-generation smart contract and decentralized application platform, 2014. https://github.com/ethereum/wiki/wiki/White-Paper.
 J. Callas, A. Johnston, and P. Zimmermann. ZRTP: Media path key agreement for unicast secure RTP. IETF RFC 6189, Oct. 2015. https://rfc-editor.org/rfc/rfc6189.txt.
 D. L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 1981.
 C. Chen, D. E. Asoni, D. Barrera, G. Danezis, and A. Perrig. HORNET: high-speed onion routing at the network layer. In ACM Conference on Computer and Communications Security, 2015.
 S. Chen, X. Wang, and S. Jajodia. On the anonymity and traceability of peer-to-peer VoIP calls. IEEE Network, 20(5), 2006.
 H. Federrath, A. Jerichow, D. Kesdogan, and A. Pfitzmann.Security in public mobile communication networks. In IFIP TC6 International Workshop on Personal Wireless Communications, 1995.
 J. Feigenbaum, A. Johnson, and P. Syverson. Probabilistic analysis of onion routing in a black-box model. ACM Transactions on Information and Systems Security, 15(3), 2012.
 A. Fessi, N. Evans, H. Niedermayer, and R. Holz. Pr2- P2PSIP: privacy preserving P2P signaling for VoIP and IM. In Principles, Systems and Applications of IP Telecommunications, 2010.
 D. M. Goldschlag, M. G. Reed, and P. F. Syverson. Hiding routing information. In International Workshop on Information Hiding, 1996.
 Google Inc. Google Voice. https://www.google.com/voice.
 ITU-T. The E-model: A computational model for use in transmission planning. https://www.itu.int/rec/T-RECG.107.
 ITU-T. P.862: Perceptual evaluation of speech quality (PESQ): An objective method for end-to-end speech quality assessment of narrow-band telephone networks and speech codecs. http://www.itu.int/rec/T-REC-P.862.
 D. Kaplan. Suspicions and spies in Silicon Valley. http://www.newsweek.com/suspicions-and-spies-silicon-valley-109827, 2006.
 H. Kargupta, S. Datta, Q. Wang, and K. Sivakumar. On the privacy preserving properties of random data perturbation techniques. In IEEE International Comference on Data Mining, 2003.
 G. Karopoulos, G. Kambourakis, and S. Gritzalis. PrivaSIP: Ad-hoc identity privacy in SIP. Computer Standards & Interfaces, 33(3), 2011.
 G. Karopoulos, G. Kambourakis, S. Gritzalis, and E. Konstantinou.A framework for identity privacy in SIP. Journal of Network and Computer Applications, 33(1), Jan. 2010.
 A. D. Keromytis. A comprehensive survey of voice over IP security research. IEEE Communications Surveys & Tutorials, 14(2), 2012.
 S. Le Blond, D. Choffnes, W. Caldwell, P. Druschel, and N. Merritt. Herd: A scalable, traffic analysis resistant anonymity network for VoIP systems. SIGCOMM Comput. Commun. Rev., 45(4), 2015.
 M. Liberatore, B. Gurung, B. N. Levine, and M. Wright.Empirical tests of anonymous voice over IP. Journal of Network and Computer Applications, 34(1), 2011.
 N. Mathewson and R. Dingledine. Practical Traffic Analysis: Extending and Resisting Statistical Disclosure. In Privacy Enhancing Technologies, 2005.
 S. E. McGregor, P. Charters, T. Holliday, and F. Roesner.Investigating the computer security practices and needs of journalists. In USENIX Security Symposium, Aug. 2015.
 T. Meyer. No warrant, no problem: How the government can get your digital data. https://www.propublica.org/special/no-warrant-no-problem-how-the-government-can-stillget-your-digital-data, June 2014.
 S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. http://bitcoin.org/bitcoin.pdf, 2008.
 N. O’Brien. Mobile security outrage: Private details accessible on net. http://www.smh.com.au/technology/security/mobile-security-outrage-private-details-accessible-on-net-20110108-19j9j.html, 2011.
 Open Whisper Systems. Signal. https://whispersystems.org.
 A. Pfitzmann, B. Pfitzmann, and M. Waidner. ISDN-mixes: Untraceable communication with very small bandwidth overhead.In Kommunikation in verteilten Systemen, volume 267, 1991.
 A. Pfitzmann and M. Waidner. Networks without user observability - design options. In Advances in Cryptology - EUROCRYPT. International Conference on the Theory and Applications of Cryptographic Techniques, 1986.
 A. Ramo. Voice quality evaluation of various codecs. In IEEE International Conference on Acoustics Speech and Signal Processing, March 2010.
 B. Reaves, L. Blue, and P. Traynor. AuthLoop: Practical end-to-end cryptographic authentication for telephony over voice channels. In USENIX Security Symposium, Aug. 2016.
 B. Reaves, E. Shernan, A. Bates, H. Carter, and P. Traynor.Boxed out: Blocking cellular interconnect bypass fraud at the network edge. In USENIX Security Symposium, 2015.
 M. Rizal. A Study of VoIP performance in anonymous network - The onion routing (Tor). PhD thesis, Niedersächsische Staats-und Universitätsbibliothek Göttingen, 2014.
 A. Ronacher. Flask (A Python microframework). http: //flask.pocoo.org/.
 J. Sanchez. Verizon employees fired after peeping Obama cell records. http://arstechnica.com/tech-policy/2008/11/verizon-employees-suspended-after-peeping-obama-cellrecords/, 2008.
 J. Sanchez. Other uses of the NSA call records database - Fingerprinting burners? http://justsecurity.org/1971/nsacall-records-database-fingerprinting-burners/, Oct. 2013.
 G. W. Schulz. Virginia police have been secretively stockpiling private phone records. http://www.wired.com/2014/10/virginia-police-secretively-stockpiling-private-phonerecords/, Oct. 2014.
 M. Schwartz. Lose the burners: Court okays prepaid phone tracking. http://www.informationweek.com/security/mobile/lose-the-burners-court-okays-prepaid-pho/240005614, Aug. 2012.
 The Guardian Project. Orbot: Mobile anonymity + circumvention. https://guardianproject.info/apps/orbot/.
 The Register. The death of voice: Mobile phone calls now 50 per cent shorter. http://www.theregister.co.uk/2013/01/30/mobile_phone_calls_shorter/.
 The Tor Project. Mumble - Tor bug tracker & wiki. https: //wiki.mumble.info/wiki/Main_Page.
 Twilio. APIs for text messaging, VoIP & voice in the cloud. https://www.twilio.com.
 O. Verscheure, M. Vlachos, A. Anagnostopoulos, P. Frossard, E. Bouillet, and P. S. Yu. Finding ”who is talking to whom” in VoIP networks via progressive stream clustering. In International Conference on Data Mining. IEEE, 2006.
 A. M. White, A. R. Matthews, K. Z. Snow, and F. Monrose.Phonotactic reconstruction of encrypted VoIP conversations. In IEEE Symposium on Security and Privacy, 2011.