BitTorrent Unveils Secure Chat To Counter 'NSA Dragnet Surveillance' 111
Hugh Pickens DOT Com writes "Jacob Kastrenakes reports on The Verge that as part a response to the NSA's wide-reaching surveillance programs, BitTorrent is unveiling a secure messaging service that will use public key encryption, forward secrecy, and a distributed hash table so that chats will be individually encrypted and won't be stored on some company's server. 'It's become increasingly clear that we need to devote hackathons, hours and resources to developing a messaging app that protects user privacy,' says Christian Averill, BitTorrent's director of communications. Because most current chat services rely on central servers to facilitate the exchange of messages, 'they're vulnerable: to hackers, to NSA dragnet surveillance sweeps.' BitTorrent chat aims to avoid those vulnerabilities through its encryption methods and decentralized infrastructure. Rather than checking in with one specific server, users of BitTorrent chat will collectively help each other figure out where to route messages to. In order to get started chatting, you'll just need to give someone else your public key — effectively your identifier. Exchanging public keys doesn't sound like the simplest way to begin a chat, but Averill says that BitTorrent hopes to make it easy enough for anyone interested. 'What we're going to do is to make sure there are options for how this is set up,' says Averill. 'This way it will appeal to the more privacy conscious consumer as well as the less technically inclined.' For now, it remains in a private testing phase that interested users can apply for access to. There's no word on when it'll be open to everyone, but with all of the recent surveillance revelations, it's easy to imagine that some people will be eager to get started."
Re:OTR (Score:5, Informative)
How is this different from OTR?
OTR rides on top of underlying IM protocols (e.g. AIM, ICQ, XMPP, Yahoo Messenger, etc.) and encrypts the contents of communications. IM service providers can still shut down individual accounts, monitor who is accessing them, etc., even if they cannot read the contents of messages.
With BitTorrent Chat, the service takes advantage of the DHT (similar to "trackerless torrents" that don't have any single point of failure) to provide a decentralized, fault-tolerant means of exchanging data. There's no dependence on a single service -- all users would participate in the DHT, making it an extremely robust system.
If I read the description properly, it's similar to "OTR-over-DHT" but there's likely substantial differences in the details.
Re:OTR (Score:5, Informative)
DHT is very reliable. Once a node has been connected a while and established links with many other nodes, traffic is quick and you have the redundancy of many 100s of connections.
Encrypting the data prior to transport and using DHT would be no worse off from TOR.
Way over their capabilities (Score:0, Informative)
I am not going to trust a company with my chat that doesn't even know what to do with something as simple as the Start/Pause/Stop buttons: http://forum.utorrent.com/viewtopic.php?id=126630&p=25#p757068
Not to mention, it would be filled with ads.
Re:I'm just thinking out loud here.. (Score:4, Informative)
The thing about PUBLIC key cryptography is that the encryption keys are PUBLIC, it doesn't matter who knows them.
Re:I'm just thinking out loud here.. (Score:5, Informative)
This explains it very simply [wimp.com].
You can exchange a piece of information without exposing the full picture to a 3rd party.
Re:Cryptocat? (Score:5, Informative)
This means that in practice, CryptoCat is no more secure than Yahoo chat,