http://engineering.bittorrent.com/2014/09/17/how-does-bleep-work/?shareadraft=baba133_5418786f2fdc2
The Distributed Hash Table (DHT) for finding contacts looks quite nice. A notable downside is that Bleep negotiates a direct SIP/RTP connection between the two users. That means anyone that can see the network traffic can see lots of metadata (who is talking to who, when, for how long, and where each participant is located). So that means the Great Firewall, Halalnet, NSA, Five Eyes, ISPs, anyone snooping on open wifi, etc. can all see that metadata of the SIP/RTP direct connections. We discussed this stuff a lot during the OSTN/ostel project. We figured that having a proxy between the two communicating parties can definitely provide privacy gains. If that proxy is high traffic, and has some level of time quantization, then the network observer would have a hard time correlating which connections to the proxy are actually talking to each other. If one side of the communication is outside of the view of a network observer, then the proxying helps even more. For example, if someone in China is talking to someone in Canada, and the proxy is in Brazil, then only Brazil would see the traffic to both sides. China would see the Chinese side and the proxy, and Canada would see the Canadian side and the proxy. So the ideal would be if Bleep also provided some kind of p2p proxy for the direct connections. And of course, it needs to be open source to be taken seriously. .hc Josh Steiner wrote: > Looks like BitTorrent is getting into the private communications game: > > http://www.theverge.com/2014/9/17/6338417/bittorrent-bleep-secure-chat-app-public-alpha-released > > "Bleep keeps messages encrypted for their entire ride, so > theoretically only their sender and receiver should be able to see > them." > > ... > > "Bleep avoids that by sending its communications directly between the > people who are talking, rather than relying on an intermediary. That > said, there's still a matter of making that connection between two > people in the first place, as they have to figure out where on the > internet one another actually is. That's handled with a traditionally > BitTorrent type of network that distributes the information across the > phones and computers of people hooked into Bleep. BitTorrent says that > this information is encrypted so that your computer's digital location > won't be seen by anyone but the party you're actually looking for, and > no one but the receiving party should even know who you're looking for > either. Altogether, BitTorrent says that it would be "practically > impossible" to gather metadata on who's talking to who." > _______________________________________________ > Guardian-dev mailing list > > Post: [email protected] > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: [email protected] > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info > > You are subscribed as: [email protected] > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
