To be very explicit about this, as I think this is a very subtle problem that people tend to totally misunderstand: if I wanted to distribute a chat program and have it be "evil" I would not distribute a binary with hidden behavior (if nothing else, when you find this code in my binary I'm pretty damn well screwed ;P): I'd instead distribute an open source program that involved a threaded work queue for handling multiple socket connections to peers and which had a few very subtle use-after-free race conditions that would only come up under nearly impossible timing scenarios that I knew how to trigger and exploit, giving me complete control of your client whenever I wanted.
These are the kinds of bugs people use to attack open source "secure" web browsers like Chrome year after year at Pwn2Own because people are simply bad at concurrency. In this sense, I'd thereby trust a closed source web browser that had no threads or which was implemented in a type-safe garbage collected language (executed on a simply-engineered runtime from someone separate that I trusted, which could also be closed source for all I care) a lot more than I'd trust Chrome. I'd even probably have an easier time understanding what it is doing disassembling it than reading Chrome's code. (To be clear, such a browser doesn't exist: probably you should use Chrome.)
Open source means it's not going away. I won't, ever again, buy into a network that I cannot keep alive. Which is one of the reasons I don't use Whatsapp and actively prevent my family from using it. No G+. Leaving GTalk (Sorry, 'Hangout').
BTSync? Nope, unusable. BTChat? Same. Even if some highly trusted party would explain to me that BTChat is the most secure network, period: As long as I don't see the means to keep that thing alive it is just another potential trap.
I've just documented the protocol so far, so there's no working code yet, but it's at https://github.com/jewel/clearskies.
Why do we have any reason to trust BitTorrent, Inc. over any other organisation? At best all these self-centered attempts are going to fragment the messaging market and make make even more unlikely we'll see an open, federated chat protocol reach popular use.
Not sure if bittorrent chat will be very interesting. Most secure chat clients encrypt on the client side so the server won't be able to read your messages, so not sure if not having a server is that big of a win here. I'm also guessing metadata would be exposed to various people on the bittorrent chat p2p net.
The one I'm most excited about right now is bitmessage. It is the only chat protocol that I feel is really revolutionary. It is also a p2p network, but the interesting thing about it is that everyone on the network gets every message ( obviously you have to have the correct keys to decrypt the messages that were meant for you ). So its impossible for an observer to tell even who is talking to who. Also they have the concept of public chans , which I think are a good mechanism to draw users. Bittorrent could do the same thing here.
" Although it is very nice that people are working on creating secure and anonymous messaging systems, I am afraid that BitMessage is weak to a variety of attacks. I fear that the people working on it do not have sufficient expertise, in the fields of security and anonymity, to design and implement a proper cryptographic communications system + anonymity network. After reading the two design .pdf documents, I have identified a variety of weaknesses and overall poor design choices in the BitMessage protocol. "
And he continues to show those weaknesses.
no. the same message does "never" encrypt to the same cypher:
$ echo lol | gpg -e -r F8669BB7 --armor
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)
hQEMA2gTLr1USDZGAQf/YbbnzHvNfdqbs6hmdmIaaiZOSfW9P6Bc8tdF4MG/JbP+
RTxbLpi4W+vXs+WrD9jdik8KuDdZV54O1mb6Ido3xrYeEPBo0Vje2eVpgUy01VUa
2RM76NvsX1VN9rap6KvHuO/h7IFwDuAtvUUcDyFH+qK2UEHordFi+mWKqICocQt0
WWgpCk5BVgM/1q2c2ruWxVuZs/IMh9LQGZ1i7hpkJHAYqovhghROmGarUuJYXGDi
s6rSMpjxbXDhPMYbbhbBI4pRhgKtN2FMlKyI3XoH+LCFHsOyBmazroVYWFu+gafH
6LU2Z65OQyJWqX5CLdwab4qpUQdht6lqkUHRJB9xdtI/AfTFF7BbRP8PR+q9GVAe
r4I812VmBn3hwBHJzNiFDEGVkt/IDpd6M/X2Vi0xJx0LUaICL+swPVudenPuvlnt
=zeUd
-----END PGP MESSAGE-----
$ echo lol | gpg -e -r F8669BB7 --armor
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)
hQEMA2gTLr1USDZGAQgAo4ZEHGWKSgwVmbC7crACvTXVtlgP4n8J/3oSohct9zrM
SqPd4L5TWsjOh+2LlG7WQbPnpn4Tcv9c4RyPNb+1C/fWRmGhV+a3QhuC+rrus5c6
/FPwsHTjO30N0AnCMzoXAaqDRRGw859BKazEZyxIHherU+o7wNRKrW6U1ikRd/Pu
BwHChUZHBRmZhomrtYPbQ5cNAJQtPMj94Z8OuZeCEzPNBr3opevoMs2j+9ysOtkF
7Cam3jTKLM3GwHSm4c7WzhdJJsXbnOn8ODYRBf++4oJChPIqeT2EssigAQuuhHlk
pDhM40zB7hAd6MJM52cZpM3UqTe/iI4vHSrQ+pw/otI/AWY6s4aIlF5AAzoM0wAR
FzobJ5Vbp7fBgA1SiOhEhSAdT/U2yy2jQcQN53yyX9Vqtunh3dNmCGaNNavszK8+
=YDLc
-----END PGP MESSAGE-----
$PS: i think asymmetric crypto is secure from such attacks anyways, though isn't that way slower than symmetric crypto?
I'm happy to see the surge of interest and new projects, but most of the offerings are between embarrassing and pathetic. Either the concept is being exploited for marketing purposes, the individuals involved just aren't appropriately skilled at what they are doing, or there are actual nefarious purposes. (I would agree, Bitmessage, and similar schemes could prove to be the best of the bunch.)
One could respond this is just paranoia, secure software doesn't really need to be open source. Or, we should trust someone because they did something very good in their past. What the NSA leak showed us is that paranoia is real.
Politics aside, and I've said this here before, this isn't just an issue of the NSA. For 99%+ of individuals, what the NSA is doing isn't going to damage them personally. However, those techniques damn well can. What the NSA is doing, other intelligence services are doing too. In some circumstances private companies are doing it as well. It doesn't matter if you aren't a terrorist, if you work on anything that could be very interesting or very profitable you are at a real risk of being targeted for electronic spying.
Standards need to be established:
a) If its closed source, it can not be audited and thus can be considered neither secure or insecure.
b) If it forces automated updates, it can not be secure.
c) If it runs on a leaky platform (all mobile devices so far) it can not be secure.
That should tell us, in my opinion, that the number one goal of secure chat would be a secure mobile platform -- that includes both operating system and hardware. If you take a look at the fine print on Replicant, the fully free version of Android, you'll notice nearly every supported phone has major potential holes, save for one really ugly looking thing.
Just telling people this so they can save signing up if it's not for them.
I feel like I just signed up for a bunch of spam.
I had many a conversation with my thesis supervisor this way, once when I was in France and he was in Japan.
PS no third party server involved, obviously. Just my box and the recipient box. I suppose one could do a man in the middle attack but we would always start the conversation with some pleasant banter anyway so it's unlikely that a third party masquerading as one of us could last long before detection.
<sarcasm>Too bad this technology no longer works, it was so simple and useful</sarcasm>
Questions for both projects still remain though: What sort of metadata can be collected from users of these programs? How can that metadata be used? Are there any security vulnerabilities that have been overlooked?
We are still a ways from having truly secure chat as the mainstream communication medium, but I'm glad Bittorent and others are helping move it in the right direction.
[1] https://github.com/irungentoo/ProjectTox-Core [2] https://news.ycombinator.com/item?id=6121225
I'd love to see them succeed, but I doubt it will. Especially with the recent falling-out among their primary developers.
If you can hide who the messages are being sent to, you can protect yourself against them spying on who your friends are, which to me, is just as important. Also, if you don't know who the recipient of an encrypted block of text is, it makes it near-impossible to brute force the private key(s) of all encrypted text coming out of a single IP.
I wonder if the broadcast approach would help there? Be constantly throwing out GPG encrypted data to the entire network, anyone with the private key can pick it up. No "to" or "from" headers, and traffic analysis is hard since the flow of traffic is constant:
https://github.com/shish/firehose (Very alpha)
The main downside there is that bandwidth requirements are huge, you can only have a few thousand people on each shard :<
I've been thinking of ways to combat this as well, and I admit it's an interesting problem. You either have to do some kind of Tor-like onion protocol (which has its own problems), or send every message to every client in the world. Sending your message to [your friend] + X random people would still allow an attacker to eventually gather a very detailed map of your friends by looking at which come up most often.
They would know:
Who talked to who
How often they talk
When they talk
How much information they exchange
Their IP addresses
In fact, the only they wouldn't know is precisely what was said, but that's often a very small, non-critical piece of the puzzle.
Distributed chat systems only are advantageous because you get away from having centralized servers, but you still have a bootstrap problem to get everything up and running.
Of course there should be a good reason for the "seed" users to get on the new platform in the first place.
even with PRISM and others, people are too lazy for that.
Just finished reading all this: http://code.google.com/p/phantom/ boringly Tor-like project.
I would not use this for anything that could send me to jail, maybe after a few years of being vetted.