This is also the case in the wake of Edward Snowden’s revelations about government surveillance on their own citizens and the shocking level of cooperation that many service providers have given these projects. Since the date that Snowden released the information on these massive projects we have seen a number of companies spring up claiming to offer anonymous or protected services for email, chat, web browsing and more. Again, before Snowden these services were out there, but not in the numbers we are seeing today.
An interesting new secure chat technology that we are hearing about is actually based on the BitTorrent network concept (serverless). The service is named Bleep (sort of clever when you think about it) is designed to work on a forward only style system. This means that your traffic will never be stored on the servers or relays, it will just be forwarded until it reaches its intended destination. The chat app also makes use of several distinct encryption standards including Curve25519, ed25519 (both of these use the prime number 2^255-19 in them hence being included in the name), and Poly1305-AES.
Curve is an elliptical curve cryptography and works in conjunction with ed25519 for public key generation and signing. Poly1305-AES is used for message and data validation. The trio are intended to allow you to quickly generation strong public encryption keys, sign your message and also have a method to validate that the message came from you and has not been tampered with in transit. In terms of security ed25519 is considered as tough to break as NIST P-256, RSA, but does not have the nasty problem of having been crippled by the NSA. These three crypto APIs are already used in a variety of systems and are seeing increased usage since Snowden’s disclosures.
If these are applied properly this should create an end-to-end encryption set that will help mitigate potential risks from compromised nodes. There is still a chance that someone can find out who you are talking to with a compromised relay, but they will not have instant access to the contents of your chat. This is who many current Bittorrent-breaking systems work currently after all. Keep in mind that someone like the NSA still has the resources to break the encryption (they are good at that).
Bleep is not actually on the streets yet, but there is a sign up list for a Windows 7 and 8 alpha available. You can also check find some additional detail on how the system will work without any servers to route and direct traffic on the BitTorrent blog. As of this writing there is nothing in any of the information about how they intend to keep corrupted or compromised nodes from the system (to protect routing and addressing information), but we would hope they have something up their sleeves to stop law enforcement or any malicious individual from setting up a collection point in a swarm. We will let you know as more information on this new service becomes available.
tell us what you think in our Forum