Slashdot Mirror
Wired Profiles John Brooks, the Programmer Behind Ricochet
wabrandsma writes with this excerpt from Wired: John Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadata—the "to" and "from" headers and IP addresses spy agencies use to identify and track communications—long before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The only problem Brooks had with the program was that few people were interested in using it. Although he'd made Ricochet's code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it.
Then the Snowden leaks happened and metadata made headlines. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalists's sources and others.
Then the Snowden leaks happened and metadata made headlines. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalists's sources and others.
There isn't a solution to that. You have to talk to other points, and you have to do so from a connection you are on. That information, on ANY network in the world, is inevitable.
The only thing you can do is obscure it as much as possible so that people can't tell WHAT you did over the connection, or WHAT you passed to those others. They will be able to know who they were, but unless you can introduce sufficient plausible deniability (with Tor, that's just by using random people as the next hop), you can't do anything about that.
I don't think that's a problem we should waste time trying to solve. You aren't going to be able to obscure your endpoint's knowledge when 100% of the time someone is paying money for that endpoint to be connected to other endpoints. We do not have a darknet.
But it's also not that big a deal. With proper encryption and enough fake / routing data running through your connection with that encryption (and PFS), it's meaningless. All that can happen is someone can say "you were online, and so was John". If that's enough to convict you, you have bigger problems than the protocol of the network you used.
How did dude drop out of school at age 13 when education is compulsory to age 16? I wish the story had explained that detail. What country is this dude a citizen of?