DARPA Wants To Make a Better, More Secure Version of WhatsApp

The Defense and Advanced Research Projects Agency (DARPA) appears to be in the process of developing its own ultra secure communication platform. The program is called "Resilient Anonymous Communication for Everyone," or RACE, and it will be similar to WhatsApp in that it will be for everyone to use. Trusted Reviews reports: The objectives of the program are to create a distributed messaging system that can do three things: Exist completely within a network; Provide confidentiality, integrity and availability of messaging; and Preserve privacy to any participant in the system.

DARPA seem to be putting security front and center, and the description of the project claims that "compromised system data and associated networked communications should not be helpful for comprising any additional parts of the system," meaning that DARPA are keen that one breach shouldn't also give them a leg up on access to other parts of the system. So, will we soon be using a U.S government branded DARPA? Probably not, but the chances are that RACE will go some way to creating a messaging app that's resilient to attacks, with the protocol and security they find no doubt dripping through to consumer tech and features in the coming years.

No thanks

Are you seriously suggesting I should trust a communications app made by the government?

Re: No thanks

Nobody wants to talk to your dumb ass anyway.

Re:No thanks

[BringsApples]

So many people are probably thinking this same thing right now...

...as they post the story to facebook, twitter and whatsapp.

Re: No thanks

Save it for Twitter, Donald.

Re: No thanks

Everyone is so afraid of DARPA no one will go near the thing.

Re: No thanks

It will be so secure you won't even be able to download it.

Re:No thanks

If you use facebook or google services, you basically already do! The frog boils slowly, and they're turning up the heat a little. Most people *don't* notice.

Re:No thanks

You do know the ARPANET was the network that became the basis for the Internet you're using right? The network was developed under the direction of the U.S. Advanced Research Projects Agency (ARPA), which later became DARPA.

Re:No thanks

Yep. And as it was originally designed, anybody who had a router could monitor ALL traffic going through it!

Re: No thanks

[illiac_1962]

You mean like the internet? The one we are using right now to bitch about things anonymously and do our banking?

Re: No thanks

[ceoyoyo]

I love the juxtaposition of those two applications.

Re: No thanks

[Cmdln+Daco]

You badly misspelled "Hillary" there.

Re:No thanks

The bulk of the funding for Tor's development has come from the federal government of the United States,[20] initially through the Office of Naval Research and DARPA.[21]

Re:No thanks

[Actually,+I+do+RTFA]

Are you seriously suggesting I should trust a communications app made by the government?

I mean we're on the Internet (by DARPA), using HTTPS (built on crypto standards from the NIST), using ASCII (what Unicode?) which took off when it was mandated by LBJ.

Re: No thanks

> You badly misspelled "Hillary" there.

Sorry...

"Save it for Hillary, Donald."

Re: No thanks

Still a âoesore winnerâ, eh? Almost as if you knew all along it was wrong. The chickens are coming home to roost, though.

Re:No thanks

TOR development originated from the US federal government. TOR development was started by the Office of Naval Research with input from DARPA. They then open sourced the project and setup a public research-education nonprofit organization to maintain the TOR project. The EFF was one of the original fiscal sponsor. And TOR has a huge user base. And then there was the little DARPA distributed network routing project that served as the first stepping stone in creating the internet.

Re:No thanks

[Oceanplexian]

On one hand, no, but on another, isn't that the point of the government? They exist to serve the people. Assuming the code is open source, audited, and done in a way that's completely open and transparent? yeah I think I would trust it.

Re:No thanks

> On one hand, no, but on another, isn't that the point of the government?

Lol! No, not at all!

They exist to serve the rich and powerful. Part of that mission is keeping the people mollified, via "bread and circuses."

As long as the people believe they have real choice, and are not starving, they will not notice they are being perpetually fleeced!

Re: No thanks

Much better!

Re:No thanks

[Highdude702]

Incidentally, anybody with a router, can still monitor ALL traffic going THROUGH it... Crazy right?
Seriously what was your point? Was it meant as 'Works As Expected' or do you think that if you own a router and someone sends traffic through it that you can't see what they are communicating with? And if its not encrypted you can read every byte...

Re:No thanks

[Highdude702]

Only because of partisan people like you. That is how they get away with it, the 'go team go!' mentality allows them to shit all over us and do what they want and still get re-elected.

Re:No thanks

I cannot see how it can't be any more insecure than one made by a private company. In fact, at least I'd be doing with FISMA and FedRAMP controls on the app, so there is some innate security.

Re:No thanks

Huh? How the hell is that partisan? I distrust both parties equally! Lol

Re:No thanks

> Incidentally, anybody with a router, can still monitor ALL traffic going THROUGH it... Crazy right?

No, there is HTTPS and SSH now. Back in the early days everything was sent in clear text (or unencrypted binary like FTP).

Re:No thanks

[Highdude702]

Sorry, used to the underhanded "My team good, your team bad" types around here. And it was early as fuck so I probably wasn't thinking strait.

Re:No thanks

[Highdude702]

And there is a whole shitload of the internet that don't use those standards yet. So, my point still stands. Also not everything is encrypted while using those standards. See 'Metadata'.

Re:No thanks

No, it doesn't, because you cannot "monitor everything that goes through your router."

Why don't you flip the bit from Adversarial Mode to Enlightenment Mode?

Re: No thanks

[Cmdln+Daco]

Indeed. The chickens in Washington are close to the chopping block.

Re:No thanks

[Highdude702]

Maybe you cant because you don't know how. But I can. And google goes a long way for someone in your position.

Re:No thanks

Really, you can read HTTPS encrypted traffic?

I'll be sure and let my bank know.

Or maybe you just don't know what the fuck you're talking about?

Re:No thanks

[Highdude702]

So you didnt even read what i said. This is probably why people dont respond to AC's. Not only too lazy to register, too dumb to read.

one head says this, another head says that

[sanf780]

FBI tells us that encryption is for terrorists, DARPA tells us that encryption is for everyone. Are we all terrorists now?

Re:one head says this, another head says that

No, and you never will be, as long as you always use the US government's new secure messaging app to discuss your plans.

Re:one head says this, another head says that

yes.
--- fbi

Re:one head says this, another head says that

Pretty much, yeah.

Re:one head says this, another head says that

[Pseudonym]

This is how you can be certain that there's no grand government conspiracy. It's left hand doesn't know who it's right hand is doing.

Conspiracy theories appeal to humans because we are pattern-seeking machines that find connections in randomness. But few stop to ask why there is randomness.

Re:one head says this, another head says that

[luis_a_espinal]

Conspiracy theories appeal to humans because we are pattern-seeking machines that find connections in randomness. But few stop to ask why there is randomness.

Totally (I must steal this quote.)

With that said, the other explanation is that DARPA by itself does not work so embedded in the machinations of government. It has one mandate: foster and fund R&D, explore interesting problems and develop cool shit (specially cool shit no one else can because of production costs) independently of political climates (to the extend possible.)

DARPA is one thing I deeply respect.

Signal?

You mean Signal?

Re:Signal?

More specifically the Signal Protocol. https://en.wikipedia.org/wiki/Signal_Protocol

First stupid question:

Will users be referred to as "racists"?

DARPA wants encryption for SPYS

[fish_in_the_c]

is this not just obvious. what use case would a spy organization have for software that:
Untraceable unreadable distributed long distance communication ubiquitously.
Isn't that basically the holy grail of military encryption.

Re:DARPA wants encryption for SPYS

[skovnymfe]

Well it needs to be decryptable too. By the US military only.

Re:DARPA wants encryption for SPYS

[bill_mcgonigle]

What's good for the goose is good for the gander.

Getting everybody to use it helps the spies' traffic not stand out.

But Signal and Wire already exist, so they should fork of those (Signal probably).

Use it or else...

your social credit score will go down.

Re: Use it or else...

If only

Could this be a wonderful change?

[charliemerritt03]

Wouldn't it be wonderful if the US Government, after much detailed study, concluded that private communications would actually be GOOD for the country?

OR is there a chance that valid court order will be a valid decryption key for this new Whatsapp - like Clipper, anyone remember Clipper?

Re:Could this be a wonderful change?

> OR is there a chance that valid court order will be a valid decryption key for this new Whatsapp - like Clipper, anyone remember Clipper?

"You look like you're trying to hide something. Would you like help?" :D

Re:Could this be a wonderful change?

[Gavagai80]

DARPA developed the Onion routing the Tor project uses, too -- way back in the 1990s. The US military is always keen to enable private communications between dissidents and demonstrators in disliked nations, and also for Americans organizing activities in said nations. That such tools also happen to be able to protect Americans from the US government is not sufficient reason to kill the projects, apparently. We can only hope the ability of foreign hackers to acquire decryption keys will prevent their use.

Re:Could this be a wonderful change?

[RockDoctor]

In the allegedly techy readership of Slashdot, it seems nobody but you and I (from Europe) does remember Clipper.

I think the TLAs have won, at least in America.

A name for that project

[zm]

Signal.

Re:A name for that project

Only if you compile Signal yourself. Maybe the DARPA project is to figure out how to motivate people to do that?

Re: A name for that project

Wow! DARPA must have forgotten to tell anybody such an important fact

Re:A name for that project

[UnknownSoldier]

ItsAtrap.

Re:A name for that project

[Aqualung812]

Signal doesn't have the ability to exist entirely within a network. It depends on Signal's servers.

Re: A name for that project

Wickr then.

Re: A name for that project

Nope. doesn't scale well for large groups. the MLS protocol will b better.

Re: A name for that project

[bursch-X]

Or just Akbar


But not as in "Allah hu" ;-)

Re:A name for that project

If you trust Signal, you're an idiot. Signal is only a tiny bit more trustworthy than WhatsApp, for very small values of tiny.

There is a lot we don't know about Signal, including why Signal re-encrypts what is sent to its servers and adds additional payload. We don't know what that payload is or why it is sent. That right there is why I stopped using it.

Re: A name for that project

Wickr doesn't have the ability to exist entirely within a network. It depends on Wickr's servers.

My Spy-die sense is tingling!

I think we've all been burned before!

Editing FTW

[Etcetera]

DARPA seem to be putting security front and center, and the description of the project claims that "compromised system data and associated networked communications should not be helpful for comprising any additional parts of the system," meaning that DARPA are keen that one breach shouldn't also give them a leg up on access to other parts of the system. So, will we soon be using a U.S government branded DARPA?

What?

Re:Editing FTW

Missing words are missing... gah... you're supposed to be editors! (Though I suspect they're all stupid "AI"s that just spider the web for articles at this rate.)

Trust

[markdavis]

I am not sure I could ever trust a government-endorsed and/or supplied communication system as being actually "private" for the public. To me, private means that NOBODY can ever intercept, decrypt, or obtain the information contained in the messages except for those intended by the end users.

Perhaps if the entire design was open, all the code was open source and openly reviewed, and all the management of it were distributed and open. Otherwise, there is far, far, far too much incentive for the government's "three letter" agencies to plant in back doors, weaknesses, logging, tap points, malware, whatever. And if they can't get what they want, I believe it will be stopped, prevented, or corrupted; so I wouldn't hold my breath.

Re: Trust

[illiac_1962]

They are talking about an open protocol. Implementation is up to you/us.

Re:Trust

You mean like DES or perhaps AES?

Re: Trust

[markdavis]

>"They are talking about an open protocol. Implementation is up to you/us."

In the past, DARPA has produced good stuff, so as long as the science behind it is sound, an open implementation of it could be a good thing. I just have a feeling they are going to get slapped down hard for even thinking such thoughts, much less spending money/resources on developing such a protocol. Or some law will go through in the name of "safety" and "crime" that makes using such protocols illegal. Federal spy/security/law enforcement agencies really do seem to believe they ultimately have a right to access anything they want and an unbreakable "lock" will create a doom's-day scenario.

Re:Trust

[WillAffleckUW]

Thank you for not using GPS.

Re: Trust

Ostensibly, yes

Re:Trust

[markdavis]

>"Thank you for not using GPS."

GPS is not two-way communications...

Re:Trust

[markdavis]

>"You mean like DES or perhaps AES?"

I should have added "developed now" or "recently". Those two were developed a long time ago, before things got really heated.

Re: Trust

We have this already. It's called reality. Or reality distortion field. Nobody can figure out the difference. Why not? Nobody can figure that out either. Because it's really named WhatsAppl

Re:Trust

[WillAffleckUW]

You said communication system.

Darpa? More like, Dorka.

If they want it for the general public, it will fail.
And if they want it for covert missions, it will blow plausible deniability if they are caught. Fucking genius, eh?

The most intelligent thing is to use a popular open source project that already has enough market share, such as Signal.
It is insanely secure, and if your operatives are caught, you have the plausible deniability that the user is simply a privacy nutjob.

Re: Darpa? More like, Dorka.

[illiac_1962]

Is signal distributed, existing solely within the network? Cause I see the word "server" used a lot. You guys can't even read the fucking summary any more.

Re: Darpa? More like, Dorka.

Does it do email? Is there a secret passcode? You getting yalls panties in a bunch over nada god damn thing

No, specifically Signal. Not e.g. WhatsApp.

WhatsApp uses Signal's encryption too, thanks to Signal's makers caring more about making the world better than partisanship.

But it's silly and pointless, given that it's used to let closed-source code communicate with Facebook servers.

Re:No, specifically Signal. Not e.g. WhatsApp.

[ctilsie242]

The Facebook Messenger app on iOS and Android has the option to use the Signal protocol as well.

Surprise!

World wide, Government hypocricy is stunning. Will they roll this out to the "Five Eyes" countries? Oh yeah, not Australia of course because our fuckwit Government has just legislated to ban encryption.

Re: Surprise!

An engineering problem? Why don't we pray for guidance?

Private for them. Not us!

You misunderstood.
This is for state terrorists, when they share your secrets and privacy. So you, "the terrorists", err "Russians", err "China", can't tell how much they know about you.

In fascist Murica, government has privacy from YOU! ;)

(Ok, I frankly thinj, if they abuse American values and American people that much, they by definition are not Americans. But traitors. Enemy combatants. For whatever we shall call their state.)

Go for it!!!

[sentiblue]

Yeah sure... the kind that encrypts everything end to end.. nobody can decrypt it except the sender/receiver. For a bonus... the government will be able to decrypt anybody's msg with a single click/command.

Re: Go for it!!!

Wayyyyyyyyyyy too complicated. But have fun cruising the dark web looking for nonexistent clues!

What's that? It's a trap!

[UnknownSoldier]

Gee, government wanting to dig its fingers into chat?
It's a trap, that's what.

Re:What's that? It's a trap!

The internet (TCP/IP) was originally designed for 'chat' and was funded by the US government. So this is nothing new, just that they want to extend more into mobile comms.

 

Direct link and description

From Program Information:

The Resilient Anonymous Communication for Everyone (RACE) program will research technologies for a distributed messaging system that can: a) exist completely within a given network, b) provide confidentiality, integrity, and availability of messaging, and c) preserve privacy to any participant in the system. Compromised system data and associated networked communications should not be helpful for compromising any additional parts of the system. RACE advances will be based on rigorous security arguments, such as those found in the academic cryptography community or statistical arguments based on realistic simulations. RACE will seek to create advances in communication protocol encapsulation methods as well as efficient, oblivious, distributed system tasking to build a system that is resistant to attack, even with limited participant compromises and largescale, real-time deep packet inspection. The program will further seek to explore approaches to preserving privacy, such as secure multiparty computation and obfuscated communication protocols.

The goal of the RACE program is to create a system capable of avoiding large-scale compromise. As such, RACE research efforts will explore: 1) preventing compromised information from being useful for identifying any of the system nodes because all such information is encrypted on the nodes at all times, even during computation; and 2) preventing communications compromise by virtue of obfuscating communication protocols.

US Defense building trusted ultra secure app?

‘The Defense and Advanced Research Projects Agency (DARPA) appears to be in the process of developing its own ultra secure communication platform. The program is called "Resilient Anonymous Communication for Everyone," or RACE, and it will be similar to WhatsApp in that it will be for everyone to use. Trusted Reviews reports’

An identical app on everyone's computer, trusted to be remotely updated at any time by the DoD, doesn't seem very secure to me.

Signal?

[ilsaloving]

Why isn't DARPA looking at Signal? I thought they were the benchmark by which all other secure communications are compared. Most other services actually use their protocol behind the scenes, including WhatsApp.

AFAIK the problems with WhatsApp are mismanagement of the backend, not the protocol, and I'm not aware of Signal having these problems.

Remailer

I run a remailer. There is a system that uses the remailer system whereby people can communicate anonymous and securely. It is called Hsub.

Why not Matrix?

France went with a Matrix/Riot.im public fork/derivative as their government encrypted messenger app. Why reinvent the wheel, when this is something that works at scale?

https://github.com/dinsic-pim

Re:Why not Matrix?

[q4Fry]

France went with a Matrix/Riot.im public fork/derivative as their government encrypted messenger app. Why reinvent the wheel, when this is something that works at scale?

Un-AC bump with links.

Communication App

[Clariti2018]

Check out this communication app called Clariti https://clariti.app/