The widespread adoption of encryption in network protocols has significantly
improved the overall security of many Internet applications. However, these
protocols cannot prevent network side-channel leaks -- leaks of sensitive
information through the sizes and timing of network packets. We present
NetShaper, a system that mitigates such leaks based on the principle of traffic
shaping. NetShaper's traffic shaping provides differential privacy guarantees
while adapting to the prevailing workload and congestion condition, and allows
configuring a tradeoff between privacy guarantees, bandwidth and latency
overheads. Furthermore, NetShaper provides a modular and portable tunnel
endpoint design that can support diverse applications. We present a
middlebox-based implementation of NetShaper and demonstrate its applicability
in a video streaming and a web service application