topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 4:23 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Bleep… Bittorrent unveils serverless & encrypted chat client  (Read 16910 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Looks like communications are about to be decentralised.  :Thmbsup:

https://torrentfreak...-chat-client-140730/

Encrypted Internet traffic surged worldwide after the Snowden revelations, with several developers releasing new tools to enable people to better protect their privacy.

Today BitTorrent Inc. contributes with the release of BitTorrent Bleep, a communication tool that allows people to exchange information without the need for any central servers. Combined with state of the art end-to-end encryption, the company sees Bleep as the ideal tool to evade government snooping.

Bleep’s main advantage over some other encrypted messaging applications is the absence of central servers. This means that there are no logs stored, all metadata goes through other peers in the network.

“Many messaging apps are advertising privacy and security by offering end-to-end encryption for messages. But when it comes to handling metadata, they are still leaving their users exposed,” BitTorrent’s Farid Fadaie explains.

“We reimagined how modern messaging should work. Our platform enables us to offer features in Bleep that are unique and meaningfully different from what is currently available.”

More at the link.



http://blog.bittorre...vite-only-pre-alpha/

BitTorrent’s Chat Client Unveiled: BitTorrent Bleep Now in Invite Only Pre-Alpha

Speak Freely – It’s Person to Person.

The BitTorrent Bleep Pre-Alpha will be available on Windows desktop to start. Easy to use, Bleep offers freedom to communicate over text and voice, person to person.

Hoping for early access to BitTorrent’s first serverless chat client? We have good news. Today, we will begin letting testers try out the Pre-Alpha. We are also unveiling its name: BitTorrent Bleep.

Why Bleep, you might ask? Well, basically, we never see your messages or metadata. As far as we’re concerned, anything you say is “bleep” to us.

And with the susceptibility of communications platforms to snooping and hacking, reminders of which seems to surface every week, we realized that we were uniquely qualified to build a better platform and application.

More at that link.

In other news, the NSA has redesignated the name of its largest surveillance division "Whack-A-Mole". :P 8)
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #1 on: August 02, 2014, 02:27 PM »
Cool!

But if there's no central server, how does the client know where to find other peers?

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #2 on: August 02, 2014, 09:50 PM »
Cool!

But if there's no central server, how does the client know where to find other peers?

It's P2P, so it's using peers to communicate that information.

All of that can be cryptographically and securely done.

This actually seems a bit similar to Bitmessage, although there are significant differences. This seems like a bit better solution for chatting.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #3 on: August 03, 2014, 07:59 AM »
Dunno...Tor was supposed to be untraceable. Torrents were supposed to be anonymous. Certain crypto algorithms were supposed to be uncrackable. SSL was actually supposed to be secure. Random numbers were supposed to be random....

I think I'll give it a year or so to see if some security researcher doesn't figure out a way to compromise it.

And even if somebody doesn't find a way to crack it, there's always that little issue with the hardware we all use...

I suspect that if something like Bleep really does prove to be more than a nuisance to those it's pointed at, it will only be a matter of time before chip manufacturers are required to secretly incorporate mechanisms into their firmware and silicon to deal with it - assuming they're not in there already. And since fabricating a modern CPU is beyond the capabilities of even the best funded Kickstarter or Indigogo campaign, that should give the surveillance gnomes another fifteen or twenty years worth of unchallenged omniscience to wallow in...

Here's the real problem as I see it: we are running programs on machines engineered and built by the largest "in bed with the government" corporations in the world; 90% of which are running an operating system known to be compromised; on a network controlled by the governments of the world; over wired connections and radio waves monitored by the governments of the world (and their corporate allies).

Not to discourage people for trying (because it's important that they do) but seriously - who is kidding who?

It's not the governments and the corporations that are playing Whack-a-Mole when it comes to stuff like this.

We are.

------------------------------------------------------------------------------------------------
Note:

Again: This is not a technical problem. It is a people problem. People problems can't be fixed by simply applying some technology.

We need to stop trying to take the easy way out by hoping for a cheap technical fix. We need to sit down, address, and ultimately deal with the real problem here. That's the only way this is ever going to be resolved.

IMHO, things like Bleep mainly serve as a distraction to keep us from dealing with the real problem.

Y'know...if I were in power, I'd probably covertly be encouraging efforts like Bleep and Tor. And the more, the better. It defuses some of the geek outrage - and ties up some very smart and dedicated people (and money) who might otherwise be causing all kinds of problems for me. So let all these brainy types (most of whom will do anything to avoid dealing with an actual person) code to their heart's content. Because in this scenario, the only thing better than my opposition not having a good solution, is having them put their trust in a broken one...
 
« Last Edit: August 03, 2014, 08:22 AM by 40hz »

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #4 on: August 03, 2014, 11:00 AM »
Again: This is not a technical problem. It is a people problem. People problems can't be fixed by simply applying some technology.

Yup. It's never a tool problem. It's ALWAYS a people problem. e.g. Guns, booze, drugs, etc.

And even if somebody doesn't find a way to crack it, there's always that little issue with the hardware we all use...

I suspect that if something like Bleep really does prove to be more than a nuisance to those it's pointed at, it will only be a matter of time before chip manufacturers are required to secretly incorporate mechanisms into their firmware and silicon to deal with it - assuming they're not in there already. And since fabricating a modern CPU is beyond the capabilities of even the best funded Kickstarter or Indigogo campaign, that should give the surveillance gnomes another fifteen or twenty years worth of unchallenged omniscience to wallow in...

Here's the real problem as I see it: we are running programs on machines engineered and built by the largest "in bed with the government" corporations in the world; 90% of which are running an operating system known to be compromised; on a network controlled by the governments of the world; over wired connections and radio waves monitored by the governments of the world (and their corporate allies).

e.g. Freescale is drooling over tracking chips and "The Internet of Things" (IoT).

IoT is the end of privacy if the tools are controled by psychopathic control freaks.

There are some great things that you can do with IoT, but... do you trust the people who will deliver it or regulate it?

Cryptography is the art of not trusting anyone.

We are fools if we trust them.

It's not the governments and the corporations that are playing Whack-a-Mole when it comes to stuff like this.

We are.

I hope you are wrong.

IMHO, things like Bleep mainly serve as a distraction to keep us from dealing with the real problem.

All the more reason to adopt proven trustless environments and get rid of government entirely.

people-are-bad.jpg

Like that.

Y'know...if I were in power, I'd probably covertly be encouraging efforts like Bleep and Tor. And the more, the better. It defuses some of the geek outrage - and ties up some very smart and dedicated people (and money) who might otherwise be causing all kinds of problems for me. So let all these brainy types (most of whom will do anything to avoid dealing with an actual person) code to their heart's content. Because in this scenario, the only thing better than my opposition not having a good solution, is having them put their trust in a broken one...

I so hope you are wrong. That's just utterly depressing.

I'm still hopeful and cheering for the cryptoanarchists out there.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #5 on: August 03, 2014, 11:44 AM »
I so hope you are wrong. That's just utterly depressing.

For the record, I am utterly depressed about all of this.

And I so hope that I'm wrong too! :(

Still, if you expect and plan for the worst - but hope for the best - you can usually drag yourself through yet another day.

And who knows? Maybe that damned horse will talk after all...;)

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #6 on: August 03, 2014, 02:04 PM »
Y'know...if I were in power, I'd probably covertly be encouraging efforts like Bleep and Tor. And the more, the better. It defuses some of the geek outrage - and ties up some very smart and dedicated people (and money) who might otherwise be causing all kinds of problems for me. So let all these brainy types (most of whom will do anything to avoid dealing with an actual person) code to their heart's content. Because in this scenario, the only thing better than my opposition not having a good solution, is having them put their trust in a broken one...

I so hope you are wrong. That's just utterly depressing.

Yet I suspect we both know he's right.


I'm still hopeful and cheering for the cryptoanarchists out there.

As do I ... But a little piece of me died - Part of my inner child that still clings to silly things like 'Hope' - when Anonymous went under.

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #7 on: August 04, 2014, 12:29 AM »
I thought the Bleep invite was was interesting.
Reminded me of the original "Speak Freely", which had 2 versions - with or without encryption - it's here (plus the source) - click to access SpeakFreely v7.6a.zip

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #8 on: August 04, 2014, 12:46 AM »
Cool!

But if there's no central server, how does the client know where to find other peers?

It's P2P, so it's using peers to communicate that information.

I mean, how do the peers know how to find each other? How does my computer know to connect to someone on the other side of the world unless we both connect to a central server that tells us the other person is running the client?

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #9 on: August 04, 2014, 02:16 AM »
Cool!

But if there's no central server, how does the client know where to find other peers?
It's P2P, so it's using peers to communicate that information.
I mean, how do the peers know how to find each other? How does my computer know to connect to someone on the other side of the world unless we both connect to a central server that tells us the other person is running the client?
You would have to communicate your IP addresses to each other first. That's how SpeakFreely works, anyway.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #10 on: August 04, 2014, 08:24 AM »
Yeah, but how does the client know who to communicate your IP address to? Or do you mean we'd have to manually tell each other our IPs and manually enter them into the client?

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #11 on: August 04, 2014, 08:58 AM »
Yeah, but how does the client know who to communicate your IP address to? Or do you mean we'd have to manually tell each other our IPs and manually enter them into the client?

It appears that it works like a torrent. There are trackers that know the locations of peers holding data. But they don't know what the content of the data is. And when the actual data of a message gets transferred, it's done peer-to-peer so there's no metadata passing through a central server where it can be easily intercepted. It's almost like a matchmaker arrangement. Bleep puts people in touch with each other. But it doesn't do much beyond handing an 'address' to each person. Their actual communication takes place directly between the parties themselves. Bleep, by design, knows zero about the message itself and has no hand in getting it from point A to point B. (This isn't 100% accurate btw - but it gives you an idea of how it works.)

ExtremeTech did a writeup on it here.

It's not completely secure or untraceable by any stretch.  It just makes it more difficult (in theory) to do so.

Like I said earlier - it's Whack-a-Mole.  But it's questionable just who's playing whom.

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #12 on: August 04, 2014, 10:25 AM »
Oh wow, BitTorrent notices that decentralized P2P is the way to go. We eMule'rs yawn silently.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #13 on: August 04, 2014, 12:01 PM »
Oh wow, BitTorrent notices that decentralized P2P is the way to go. We eMule'rs yawn silently.

To my mind, it doesn't really matter who did anything first unless you're one of those IP types that wants to patent everything.'

Seriously, what difference does it make whether something is "new' in the absolute or relative sense? Everything is bound to be 'new' to somebody. Why is it so important to establish who supposedly "heard it first" or "did it first?"

Most people could not care less. I know because I happen to be one of them. ;)

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #14 on: August 04, 2014, 12:05 PM »
Bittorrent is a hype. I'm slightly angered with aversion about hypes. I never was into pop culture.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #15 on: August 04, 2014, 12:34 PM »
Bittorrent is a hype. I'm slightly angered with aversion about hypes. I never was into pop culture.

Of course it is. But again, so what?

Bleep is a "wrong approach" to dealing with the problem anyway. Hype or no hype.

Let them dream their dream.  ;D

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #16 on: August 14, 2014, 07:04 PM »
It seems Bleep is in open pre-alpha:

http://labs.bittorrent.com/bleep/
« Last Edit: August 16, 2014, 04:05 PM by Deozaan »

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #17 on: August 15, 2014, 02:00 AM »
Apparently Tox beat Bleep to the party:

A New Kind of Instant Messaging
With the rise of government monitoring programs, Tox provides an easy to use application that allows you to connect with friends and family without anyone else listening in. While other big-name services require you to pay for features, Tox is totally free, and comes without advertising.

About Tox
Nowadays, every government seems to be interested in what we're saying online. Tox is built on a "privacy goes first" agenda, and we make no compromises. Your safety is our top priority, and there isn't anything in the world that will change that.

Instant messaging, video conferencing, and more
ss.png

And when they say "totally free" they mean open source, too!

They have downloads available for multiple operating systems, including Windows, OSX, Linux, and Android!

https://tox.im/

Nod5

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,169
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #18 on: August 15, 2014, 03:40 AM »
Yeah, but how does the client know who to communicate your IP address to?
... like a torrent. There are trackers that know the locations of peers holding data. But they don't know what the content of the data is. And when the actual data of a message gets transferred, it's done peer-to-peer so there's no metadata passing through a central server where it can be easily intercepted. ... actual communication takes place directly between the parties themselves.
Are those trackers run by Bittorrent Inc?

BTW does the peer matching for Bittorrent Sync work the same way? Some write ups claim that Bittorrent Sync is more secure than Dropbox since the data isn't cloud stored. But if the client matching happens in the cloud a powerful agency could require the cloud operator to hand over the secret key and then use the key to access the Sync folder directly on the client. Likewise a malicious employee who previously would try to circumvent company security to access a client data item would now instead try to circumvent company security to get the client's secret key and with it get the data directly from the client. Bittorrent saves money on not having to host and transfer the data and client may see higher speeds. But is it in practice any more secure than Dropbox style services?

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #19 on: August 15, 2014, 01:33 PM »
Yeah, but how does the client know who to communicate your IP address to?
... like a torrent. There are trackers that know the locations of peers holding data. But they don't know what the content of the data is. And when the actual data of a message gets transferred, it's done peer-to-peer so there's no metadata passing through a central server where it can be easily intercepted. ... actual communication takes place directly between the parties themselves.
Are those trackers run by Bittorrent Inc?

BTW does the peer matching for Bittorrent Sync work the same way? Some write ups claim that Bittorrent Sync is more secure than Dropbox since the data isn't cloud stored. But if the client matching happens in the cloud a powerful agency could require the cloud operator to hand over the secret key and then use the key to access the Sync folder directly on the client. Likewise a malicious employee who previously would try to circumvent company security to access a client data item would now instead try to circumvent company security to get the client's secret key and with it get the data directly from the client. Bittorrent saves money on not having to host and transfer the data and client may see higher speeds. But is it in practice any more secure than Dropbox style services?
Interesting question, didn't really think about that.  I use btsync and it's great, I love how nothing is stored in the cloud.  TO answer the question, I think I'll reference 40hz' posts regarding privacy and how there basically is none in the current computer/internet setup, and it's a game that we're just playing amongst ourselves in a system that is already compromised.

Nod5

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,169
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #20 on: August 15, 2014, 04:53 PM »
Yeah Bittorrent Sync is great. Very simple to use compared to fiddling with a ftp server/client setup. And who knows maybe they have some solution to the question I posed. But it puzzles me that articles I've read on it doesn't ask about that, for example the MIT Review article "Sync Your Files without Trusting the Cloud".

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #21 on: August 15, 2014, 05:13 PM »
The answer is probably the obvious one. There are 2 levels of privacy here, incidentally it has always been 2, not just in NSA days.
First is those you can decide to trust, which comprises of Dropbox (just to use them as example) employees and developers
The second is those looking in without Dropbox's knowledge (this list includes the NSA but is not exclusively NSA or a gov agency, it could be any 'third party' who takes advantage of holes and/or backdoors)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #22 on: August 15, 2014, 09:09 PM »
I think it will be a good thing to see multiple programs doing the same thing there. Competition is good.

Bittorrent has a big name though, so that's not going to work in their favour for Tox.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Nod5

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,169
    • View Profile
    • Donate to Member
Re: Bleep… Bittorrent unveils serverless & encrypted chat client
« Reply #23 on: November 21, 2014, 05:57 PM »
BTW does the peer matching for Bittorrent Sync work the same way? Some write ups claim that Bittorrent Sync is more secure than Dropbox since the data isn't cloud stored. But if the client matching happens in the cloud a powerful agency could require the cloud operator to hand over the secret key and then use the key to access the Sync folder directly on the client. ...

Some recent new prompted BT to write this explainer that answer my old question above about Bittorrent Sync. Thought others might find it useful.
http://forum.bittorr...ur-highest-priority/
- Folder hashes are not the folder key (secret). They are used to discover other peers with the same folder. The hashes cannot be used to obtain access to the folder; it is just a way to discover the IP addresses of devices with the same folder. Hashes also cannot be guessed; it is a 160 bit number, which means that it is cryptographically impossible to guess the hash of a specific folder.

-Links make use of standard public key cryptography to enable direct and secure key exchange between peers. The link itself cannot be used for decrypting the communication as it only contains the public keys of the machines involved in the exchange. After a direct connection is established (the user can verify that by comparing the certificate fingerprint for both peers) Sync will pass the folder key over an encrypted channel for the other peer. In addition, the public key and the folder hash appear after the # sign in the URL, which means that all modern browsers won’t even send this to the server. Additional features have been implemented to further secure the key exchange using links, including (1) the links automatically expire within 3 days (set as default) and (2) explicit approval is required by the inviting peer before any key exchange takes place (also set as a default).

- We host a tracker server for peer discovery; the tracker is only there to enable peers to find each other. It is not a part of the folder exchange. As mentioned earlier, the hashes cannot be used to obtain access to a folder.

- Sync security is completely dependent on client-side implementation. The public infrastructure is there to enable better connectivity and a more user-friendly folder sharing experience. Compromising the public infrastructure cannot impact the security of Sync