Slashdot Mirror
BitTorrent Unveils Secure Chat To Counter 'NSA Dragnet Surveillance'
Hugh Pickens DOT Com writes "Jacob Kastrenakes reports on The Verge that as part a response to the NSA's wide-reaching surveillance programs, BitTorrent is unveiling a secure messaging service that will use public key encryption, forward secrecy, and a distributed hash table so that chats will be individually encrypted and won't be stored on some company's server. 'It's become increasingly clear that we need to devote hackathons, hours and resources to developing a messaging app that protects user privacy,' says Christian Averill, BitTorrent's director of communications. Because most current chat services rely on central servers to facilitate the exchange of messages, 'they're vulnerable: to hackers, to NSA dragnet surveillance sweeps.' BitTorrent chat aims to avoid those vulnerabilities through its encryption methods and decentralized infrastructure. Rather than checking in with one specific server, users of BitTorrent chat will collectively help each other figure out where to route messages to. In order to get started chatting, you'll just need to give someone else your public key — effectively your identifier. Exchanging public keys doesn't sound like the simplest way to begin a chat, but Averill says that BitTorrent hopes to make it easy enough for anyone interested. 'What we're going to do is to make sure there are options for how this is set up,' says Averill. 'This way it will appeal to the more privacy conscious consumer as well as the less technically inclined.' For now, it remains in a private testing phase that interested users can apply for access to. There's no word on when it'll be open to everyone, but with all of the recent surveillance revelations, it's easy to imagine that some people will be eager to get started."
If the protocol is open, you could build your own app implementing it.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
If the public/private key pair is created at account creation, then people accustomed to everything being in the cloud will frequently forget to backup their private key (which isn't stored on any central server). A common occurrence will be "Hey Alice, it's Bob. I lost my private key so this is my new account now." Potentially, Bob is in jail and a fed is masquerading as him.
Also from my experience with DHT, it doesn't work unless you already know an IP running the protocol -- who you usually find through, yes, a centralized server. If that server were TOR-based it might work, but then that raises the question of what functionality is added by this protocol that a messaging program running thru TOR doesn't offer. Having Mixmaster-style message queueing in addition to onion routing would offer improved resistance to topology attacks as well. I'm referring to TOR's hidden services protocol, by the way, rather than the standard web proxy where an unencrypted message would be sent to a messaging server after several encrypted hops.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
Then maybe you shouldn't be using the Internet. Just because a child can reach the steering wheel of a car doesn't mean that they should drive.
I want to delete my account but Slashdot doesn't allow it.
I'm not exactly a crypto-guru.. but if exchanging a key with your friend to ESTABLISH secure chat.. wouldn't you first have to send that key through unencrypted channels? - assuming you are far enough away that face-to-face isn't an option (and in that case, why even use this?)