Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wired Profiles John Brooks, the Programmer Behind Ricochet

Posted by timothy on from the bouncy-bouncy dept.

wabrandsma writes with this excerpt from Wired: John Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadata—the "to" and "from" headers and IP addresses spy agencies use to identify and track communications—long before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The only problem Brooks had with the program was that few people were interested in using it. Although he'd made Ricochet's code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it.

Then the Snowden leaks happened and metadata made headlines. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalists's sources and others.

4 of 49 comments (clear)

  1. American coder, not interested by Anonymous Coward · · Score: 2, Insightful

    Any software developer working in the United States on secure communications can too easily be compromised with an NSL. If you want your project to be trustworthy, not only does it need to be rigorously audited, but all developers and hosting should be based outside the US as well.

    1. Re:American coder, not interested by Anonymous Coward · · Score: 0, Insightful

      > If you want your project to be trustworthy, not only does it need to be rigorously audited, but all developers and hosting should be based outside the US as well.

      The OP is right and should be modded 5, Insightful.

  2. Metadata by sexconker · · Score: 4, Insightful

    How exactly do you solve the problem of metadata on TCP/IP networks? Metadata is how these networks operate.

    Every packet has an origin that will be traceable to the source ISP. If you're on your own connection, you're fucked.
    If you're on your own connection and you VPN to some other connection it's just a matter of how much effort the powers that be want to waste tracking you down. Any schlub can run a Tor node, so you get nothing there. And of course, you have to initiate that connection from somewhere.

    The only way to truly hide is to use someone else's connection (without their knowledge), with a different spoofed MAC every time. Everything else is just obfuscation. We already know every fucking packet touching a major telecom is logged in the US, and we have damned good reason to believe it's true world-wide.

  3. Re:dropped out of school at 13 by amiga3D · · Score: 2, Insightful

    Judging by the average high school graduate I don't think there really is all that much to be said for the social development potential of public schools.