In the wake of contractor Edward Snowden’s NSA revelations, the drive to create more secure communications tools has taken on an extra urgency. Although BitTorrent, the peer-to-peer filesharing outfit, has been working end-runs on vulnerable server-dependent processes for years, its announcement today of progress on its server-free chat tool, BitTorrent Chat (BTC), may have additional resonance for the average consumer.
BitTorrrent told VentureBeat in an email that BitTorrent Chat is being prepped for alpha testing. In the meantime, it has published a blog post outlining what makes this client different, and more secure, than others.
“With other chat tools, messages are sent through a central server, unencrypted as it passes through and stored before being re-encrypted and sent to it’s final destination,” BitTorrent’s Christian Averill said by email. “Our key innovation is to build a tool for communications that does not need servers. A way for two people to connect directly with the threat of their privacy being violated.”
Keying off the peer-to-peer protocol, BTC will use public encryption pairs to connect one person to another. Because the encryption key you carry is in the BitTorrent sense your entire identity key, no user will need a traditional log in, nor will they need to create an alias or provide any additional identifying material.
However, given that public encryption can be cracked or otherwise compromised, BitTorrent is creating “forward secrecy.”
Every time you begin a new conversation, BTC generates a temporary encryption keypair for that conversation alone, and at the conclusion of the conversation, it deletes it permanently.
The idea, according to a post on BitTorrent’s engineering blog, is that with no central server processing ID information, and therefore no central authority, the NSA won’t be able to capture your data, and law enforcement like the FBI will have no one to issue a warrant to.
BTC is built on a DHT (distributed hash table), the same process that underlies BitTorrent’s filesharing. DHTs produce the key for an IP address and search through the distributed BitTorrent community to attach one IP address to another. Because that in itself is not a secure protocol, the group has added security measures to the process.
“We have updated our DHT protocol to support encryption,” the group wrote on the engineering blog. “The new DHT protocol enables users to find each other securely and privately.”
According to Arvid Norberg, BitTorrent’s “chief architect,” the rewritten DHT bootstrap server has been upgraded with “node ID enforcement,” which will forbid invalid IP addresses from integrating with the network, keeping anyone interested in trapping data from secreting themselves in the system and dipping into traffic.
Eliminating the middle man can make chat more secure, but those in pursuit of private information have always shown ingenuity on par with those determined to maintain that privacy.
“BitTorrent Chat is intended to be a dynamic and well supported product,” Averill told VentureBeat. “In a hypothetical situation in which the assumptions on which BitTorrent Chat is built do not hold, the product will also evolve to adapt to changes.”
Although BitTorrent has been pursuing security for user data for over a decade, Averill said, “2013 will forever be remembered as 1984 — and the time to have this conversation at both the national and global level is now.”
Anyone interested in being part of the alpha test of BitTorrent Chat can sign up here.