[guardian-dev] BitTorrent Bleep - another secure/private chat app
Hans-Christoph Steiner
hans at guardianproject.info
Thu Sep 18 00:38:25 EDT 2014
http://engineering.bittorrent.com/2014/09/17/how-does-bleep-work/?shareadraft=baba133_5418786f2fdc2
The Distributed Hash Table (DHT) for finding contacts looks quite nice. A
notable downside is that Bleep negotiates a direct SIP/RTP connection between
the two users. That means anyone that can see the network traffic can see
lots of metadata (who is talking to who, when, for how long, and where each
participant is located). So that means the Great Firewall, Halalnet, NSA,
Five Eyes, ISPs, anyone snooping on open wifi, etc. can all see that metadata
of the SIP/RTP direct connections.
We discussed this stuff a lot during the OSTN/ostel project. We figured that
having a proxy between the two communicating parties can definitely provide
privacy gains. If that proxy is high traffic, and has some level of time
quantization, then the network observer would have a hard time correlating
which connections to the proxy are actually talking to each other. If one
side of the communication is outside of the view of a network observer, then
the proxying helps even more. For example, if someone in China is talking to
someone in Canada, and the proxy is in Brazil, then only Brazil would see the
traffic to both sides. China would see the Chinese side and the proxy, and
Canada would see the Canadian side and the proxy.
So the ideal would be if Bleep also provided some kind of p2p proxy for the
direct connections. And of course, it needs to be open source to be taken
seriously.
.hc
Josh Steiner wrote:
> Looks like BitTorrent is getting into the private communications game:
>
> http://www.theverge.com/2014/9/17/6338417/bittorrent-bleep-secure-chat-app-public-alpha-released
>
> "Bleep keeps messages encrypted for their entire ride, so
> theoretically only their sender and receiver should be able to see
> them."
>
> ...
>
> "Bleep avoids that by sending its communications directly between the
> people who are talking, rather than relying on an intermediary. That
> said, there's still a matter of making that connection between two
> people in the first place, as they have to figure out where on the
> internet one another actually is. That's handled with a traditionally
> BitTorrent type of network that distributes the information across the
> phones and computers of people hooked into Bleep. BitTorrent says that
> this information is encrypted so that your computer's digital location
> won't be seen by anyone but the party you're actually looking for, and
> no one but the receiving party should even know who you're looking for
> either. Altogether, BitTorrent says that it would be "practically
> impossible" to gather metadata on who's talking to who."
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>
> You are subscribed as: hans at guardianproject.info
>
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
More information about the Guardian-dev
mailing list