BitTorrent Attempts to Hide You From NSA With New Chat
posted Friday Dec 20, 2013 by Scott Ertz
Since Snowden originally revealed that, through PRISM and other programs, the US government has been spying on, well, everything that everyone does, security has become a hot topic. From encrypted email services to on-site cloud platforms, the fear of government snooping on the Internet has never been higher, and never before have so many people been trying to solve said problem.
One entry into the "Obama can't know what I'm thinking" line of products is from an organization known for wanting to keep their goings-on private: BitTorrent. The company has been working on a chat program which, rather than having a centralized chat relay server, BitTorrent Chat will use a peer-to-peer method. BitTorrent's Christian Averill explains,
With other chat tools, messages are sent through a central server, unencrypted as it passes through and stored before being re-encrypted and sent to it's final destination. Our key innovation is to build a tool for communications that does not need servers. A way for two people to connect directly with the threat of their privacy being violated.
Obviously he meant without the threat of their privacy being violated, but we will ignore that slight oversight. This will actually not be the first messenger to allow encrypted, peer-to-peer messaging, as Averill suggests; AOL Instant Messenger has allowed this for years. This will be the first time that accounts and initial contact will not be initiated through a centralized server, however.
According to the developer blog,
With BitTorrent Chat, there aren't any "usernames" per se. You don't login in the classic sense. Instead, your identity is a cryptographic key pair. To everyone on the BitTorrent Chat network at large, you ARE your public key. This means that, if you want, you can use Chat without telling anyone who you are. Two users only need to exchange each other's public keys to be able to chat.
Using public key encryption provides us with a number of benefits. The most obvious is the ability to encrypt messages to your sender using your private key and their public key. But in public key encryption, if someone gains access to your private key, all of your past (and future) messages could be decrypted and read. In Chat, we are implementing forward secrecy. Every time you begin a conversation with one of your contacts, a temporary encryption key will be generated. Using each of your keypairs, this key will be generated for this one conversation and that conversation only, and then deleted forever.
This means that, even if every chat is cached locally, each individual conversation would have to be decrypted uniquely. Since the chats will not be cached locally, the NSA or hackers would have to collect the conversations live, as they happen, and decrypt them with a unique key for each conversation. This is a great idea that leapfrogs the concept of Snapchat, which still stores all of the content that is transmitted, only hidden from the user, not the server.
Is a technology that is constantly changing to protect your data something you want or need? Is this a service you would start using if made widely available today? Let us know your thoughts in the comments section.