Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy Communications United States

BitTorrent Unveils Secure Chat To Counter 'NSA Dragnet Surveillance' 111

Posted by samzenpus from the sheilds-up dept.
Hugh Pickens DOT Com writes "Jacob Kastrenakes reports on The Verge that as part a response to the NSA's wide-reaching surveillance programs, BitTorrent is unveiling a secure messaging service that will use public key encryption, forward secrecy, and a distributed hash table so that chats will be individually encrypted and won't be stored on some company's server. 'It's become increasingly clear that we need to devote hackathons, hours and resources to developing a messaging app that protects user privacy,' says Christian Averill, BitTorrent's director of communications. Because most current chat services rely on central servers to facilitate the exchange of messages, 'they're vulnerable: to hackers, to NSA dragnet surveillance sweeps.' BitTorrent chat aims to avoid those vulnerabilities through its encryption methods and decentralized infrastructure. Rather than checking in with one specific server, users of BitTorrent chat will collectively help each other figure out where to route messages to. In order to get started chatting, you'll just need to give someone else your public key — effectively your identifier. Exchanging public keys doesn't sound like the simplest way to begin a chat, but Averill says that BitTorrent hopes to make it easy enough for anyone interested. 'What we're going to do is to make sure there are options for how this is set up,' says Averill. 'This way it will appeal to the more privacy conscious consumer as well as the less technically inclined.' For now, it remains in a private testing phase that interested users can apply for access to. There's no word on when it'll be open to everyone, but with all of the recent surveillance revelations, it's easy to imagine that some people will be eager to get started."
This discussion has been archived. No new comments can be posted.

BitTorrent Unveils Secure Chat To Counter 'NSA Dragnet Surveillance' More

BitTorrent Unveils Secure Chat To Counter 'NSA Dragnet Surveillance'

Comments Filter:

  • Re:OTR (Score:5, Informative)

    by heypete ( 60671 ) <pete@heypete.com> on Friday December 20, 2013 @06:58AM (#45744291) Homepage

    How is this different from OTR?

    OTR rides on top of underlying IM protocols (e.g. AIM, ICQ, XMPP, Yahoo Messenger, etc.) and encrypts the contents of communications. IM service providers can still shut down individual accounts, monitor who is accessing them, etc., even if they cannot read the contents of messages.

    With BitTorrent Chat, the service takes advantage of the DHT (similar to "trackerless torrents" that don't have any single point of failure) to provide a decentralized, fault-tolerant means of exchanging data. There's no dependence on a single service -- all users would participate in the DHT, making it an extremely robust system.

    If I read the description properly, it's similar to "OTR-over-DHT" but there's likely substantial differences in the details.

  • Re:OTR (Score:5, Informative)

    by Stalks ( 802193 ) * on Friday December 20, 2013 @07:23AM (#45744365)

    DHT is very reliable. Once a node has been connected a while and established links with many other nodes, traffic is quick and you have the redundancy of many 100s of connections.

    Encrypting the data prior to transport and using DHT would be no worse off from TOR.

  • Way over their capabilities (Score:0, Informative)

    by Anonymous Coward on Friday December 20, 2013 @07:31AM (#45744393)

    I am not going to trust a company with my chat that doesn't even know what to do with something as simple as the Start/Pause/Stop buttons: http://forum.utorrent.com/viewtopic.php?id=126630&p=25#p757068
    Not to mention, it would be filled with ads.

  • Re:I'm just thinking out loud here.. (Score:4, Informative)

    by Joce640k ( 829181 ) on Friday December 20, 2013 @08:09AM (#45744503) Homepage

    The thing about PUBLIC key cryptography is that the encryption keys are PUBLIC, it doesn't matter who knows them.

  • Re:I'm just thinking out loud here.. (Score:5, Informative)

    by Anonymous Coward on Friday December 20, 2013 @08:28AM (#45744591)

    This explains it very simply [wimp.com].

    You can exchange a piece of information without exposing the full picture to a 3rd party.

  • Re:Cryptocat? (Score:5, Informative)

    by DuckDodgers ( 541817 ) <.keeper_of_the_wolf. .at. .yahoo.com.> on Friday December 20, 2013 @09:57AM (#45744999)
    http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/all/ [wired.com]
    This means that in practice, CryptoCat is no more secure than Yahoo chat, ... Any host-based system that delivers the encryption engine to you each time you log in, and in which your keys reside on the server, you are never secure against the host (there’s new research on this called “host-proof hosting,” but it’s a long way from being ready to use in real applications). That means that if the host attacks you, or they fail to protect themselves, your encrypted data will be available to them. Remember that the host might attack you because someone evil has taken control of the host. If you are the hypothetical dissident in the Middle East, your government might contract a hacker to break into the CryptoCat server, Hushmail, or other host-based server, and thereby get access to all your data. Or they could bribe an employee at a host-based service. Again: in host-based security, all your security rests on your personal trust for the people at the host, and their ability to protect the server. There’s no real security in a technical sense.

Slashdot Top Deals

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Close