[guardian-dev] BitTorrent Bleep - another secure/private chat app

Lee Azzarello lee at guardianproject.info
Thu Sep 18 10:31:00 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Indeed. I think it's TOTALLY RAD that someone is using SIP for a novel
innovative use case. As much as I hate that protocol, the hate only
comes from the myopic implementation details suggested by big telcos.

The more smart old school Internet people on the problem the better.

Also, Hans. I like that you just suggest a "Peer to Peer proxy". I
believe a proxy in this case changes the network design from a unicast
network to a multicast network. The proxy would serve as the multicast
point for all nodes, removing the "peer to peer"-ness of the
architecture. Regardless, it's a good idea. I'm pointing out jargon.

- -lee

On 9/18/14, 12:38 AM, Hans-Christoph Steiner wrote:
> 
> http://engineering.bittorrent.com/2014/09/17/how-does-bleep-work/?shareadraft=baba133_5418786f2fdc2
>
>  The Distributed Hash Table (DHT) for finding contacts looks quite
> nice.  A notable downside is that Bleep negotiates a direct SIP/RTP
> connection between the two users.  That means anyone that can see
> the network traffic can see lots of metadata (who is talking to
> who, when, for how long, and where each participant is located).
> So that means the Great Firewall, Halalnet, NSA, Five Eyes, ISPs,
> anyone snooping on open wifi, etc. can all see that metadata of the
> SIP/RTP direct connections.
> 
> We discussed this stuff a lot during the OSTN/ostel project.  We
> figured that having a proxy between the two communicating parties
> can definitely provide privacy gains.  If that proxy is high
> traffic, and has some level of time quantization, then the network
> observer would have a hard time correlating which connections to
> the proxy are actually talking to each other.  If one side of the
> communication is outside of the view of a network observer, then 
> the proxying helps even more.  For example, if someone in China is
> talking to someone in Canada, and the proxy is in Brazil, then only
> Brazil would see the traffic to both sides.  China would see the
> Chinese side and the proxy, and Canada would see the Canadian side
> and the proxy.
> 
> So the ideal would be if Bleep also provided some kind of p2p proxy
> for the direct connections.  And of course, it needs to be open
> source to be taken seriously.
> 
> .hc
> 
> Josh Steiner wrote:
>> Looks like BitTorrent is getting into the private communications
>> game:
>> 
>> http://www.theverge.com/2014/9/17/6338417/bittorrent-bleep-secure-chat-app-public-alpha-released
>>
>>
>> 
"Bleep keeps messages encrypted for their entire ride, so
>> theoretically only their sender and receiver should be able to
>> see them."
>> 
>> ...
>> 
>> "Bleep avoids that by sending its communications directly between
>> the people who are talking, rather than relying on an
>> intermediary. That said, there's still a matter of making that
>> connection between two people in the first place, as they have to
>> figure out where on the internet one another actually is. That's
>> handled with a traditionally BitTorrent type of network that
>> distributes the information across the phones and computers of
>> people hooked into Bleep. BitTorrent says that this information
>> is encrypted so that your computer's digital location won't be
>> seen by anyone but the party you're actually looking for, and no
>> one but the receiving party should even know who you're looking
>> for either. Altogether, BitTorrent says that it would be
>> "practically impossible" to gather metadata on who's talking to
>> who." _______________________________________________ 
>> Guardian-dev mailing list
>> 
>> Post: Guardian-dev at lists.mayfirst.org List info:
>> https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> 
>> To Unsubscribe Send email to:
>> Guardian-dev-unsubscribe at lists.mayfirst.org Or visit:
>> https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>>
>>
>> 
You are subscribed as: hans at guardianproject.info
>> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUGuykAAoJEKhL9IoSyjdl3dIP/j+TuX9dJUQhC/LPqgNTCJ32
ntE6bgIC0rAZZlyQNbEbrpdHu6JRE+W9SPzIyFh7Bly2GtVSM/pPdcuGpOxqu6BO
YaJkRWjIfHGn/OWz55s6b3creQ3CpoVIF1/7VHXZj4nUcA4S1xyX2lXcLhaePDa7
fvslOzQKgfjzvvrExStBCTXncUMv5oZzRGStMUe0cUCTPaf/og1cJDogldjmy0iM
K+gF49fQNYyJLZ6JGhSTcBpMEWurSCcfxm9kqkdCVmLDQ7pY1L+snaoczH0gUEr1
WyWMEzFa/7r4bI8skHzuL8ktfZq8BmKGaxNjNWPPHrZ3/foaBs4RCSxfvmD5uZ6J
ZhhWRFjt6BSNbkCWlNKxbOFg8Ea+DwbMwvrjJqnHOakljtc4xz9sCEp5MCbElxBc
6FPRREtjXT8yaEhLc2cI+JQnMXm4sktscm0b0m/E29nIWfqZsty8aUNHjm+zVegE
G7gjzeNqDuk50LWgsV+5xy+f/1B4PAsh8bp1kSuGzXj3AgpiduRvAUgZcS3/dYKR
ymMQBjolSdeexrxUBqgNHaiuUS5r8sDvdQBhABqynLmO5k3t7mdyjO5LmEQa79NW
uEyxeac3Ts+m7gxv+6sgTaP6B6n/DZJtgCQQmyl/zH3Gj8Vi9jfmjigBqIseh7B4
HHFp3XmLZtoyOiIG4bII
=VgTQ
-----END PGP SIGNATURE-----


More information about the Guardian-dev mailing list