Chat Privado: Bleep
Bleep
BitTorrent’s peer-to-peer private voice and text app Bleep is finally available for curious Windows, Mac, iOS and Android users to test it out
The app offers end-to-end encryption of all communication (calls are connected directly), and you don’t have to pay to use it. You also don’t have to provide any information about yourself in order to use it – a random nickname is enough, and a Bleep key will be created to identify the device for other users to be able to contact you. Bleep got its name from the fact that the company does not see the metadata or the contents of the exchanged messages.
Unlike traditional messaging services, where a chat app establishes a Session Initiation Protocol (SIP) connection with a central server app, Bleep does the same with a distributed server app.
This means that there is no central central repository of metadata – not because the company does not store it, but because they never have it. It also means that the person who wants to talk with someone must go search for them through nodes (and this search is also not tracked.
There are two main components to its architecture:
- New peer-to-peer platform for communications; think of it as a fully distributed SIP (Session Initiation Protocol) server which serves as an engine for Bleep
- The User Interface, a chat and voice application, which is an enhanced SIP compliant client UAC (User Agent Client) with additional functionalities being added over time to provide a great messaging experience
Platform enables features in Bleep that are unique and meaningfully different from what is currently available:
- No central repository of metadata. BitTorrent does not track or store information on who is communicating with whom, or when communications happen. Not even storing data temporarily on servers and then deleting it. BitTorrent never have the metadata in the first place.
- No central lookup. Person A finds Person B through other nodes in the network. BitTorrent never track or store who is looking for whom.
- All links are encrypted. It’s using secure encryption protocols such as curve25519, ed25519 , salsa20, poly1305, and others. Links between nodes are encrypted. All communication is end to end encrypted. This should be the new normal in the post-Snowden era.
Creating and authenticating the identity:
When users install Bleep for the first time, the engine creates a new private key that can be used across multiple devices. That key is encrypted under the user account, so other local users cannot access it. Bleep registers all users as incognito initially, but in the cases where the user chooses to verify her identity via email or phone number, the engine asks our authentication server to send a token to make sure the user actually owns what she claims. A public key, derived from the private key, is then registered on server, and it is only used when another user wants to find or add a friend via phone or email address. Bleep also implemented a protocol to limit BitTorrent Inc.’s exposure to the graph of friends: This lookup is only done once when a user adds a contact. After that point, all lookups (i.e. actually finding the IP address of the contact) is done via DHT. Incognito users do not register their public key on our server, but they do have to use a QR code or direct public keys to be added as contacts by somebody else.
Joining the DHT network:
As explained, Bleep uses a DHT that is similar to that of BitTorrent clients, and will eventually use that same DHT for those clients in the near future. Team improved DHT protocol to support many features needed to support Bleep, and updated both uTorrent and BitTorrent mainline to support Bleep nodes. These improvements are necessary to guarantee users’ privacy because simply being distributed doesn’t mean it’s secure– unlike what some P2P messaging applications wrongfully claim. A very important feature in Bleep is that the DHT traffic is disconnected from a user’s public key. It’s extremely difficult to figure out what public key corresponds to what IP if the attacker is not a friend of the victim. This makes it practically impossible to figure out who is talking to who at what time (i.e. metadata) even if the attacker has access to ISP-type information.
The Bleep engine talks to bootstrap server to randomly obtain a few peers that are already participating in the DHT. However, this is only the case if the cache is empty and node doesn’t have any node that it was previously connected to. Obtaining the initial peers to connect to can theoretically be done through other methods (or other bootstrap servers).
It is important to mention that the number of nodes that are participating in the DHT directly affects users’ privacy. As you can imagine, if only few nodes are participating in the network, it’s easy to inject more nodes into that network and collect some information that might lead to the leakage of metadata. Bleep will eventually use the same DHT network as uTorrent, which has millions of active nodes already. In other words, using an already established network allows BitTorrent to offer Bleep as a private messaging app to even first few users, eliminating that chicken-and-egg problem.
Protecting metadata:
Metadata, in the context of messaging, is defined as the data that describes who called/messaged whom at what time and for how long. Bleep (and its engine) is designed to not have a central repository of this metadata. Its architecture also makes it difficult for a skilled attacker with access to network traffic to gain access to targeted metadata.
Private Invitations:
When a user adds someone to her contact list, an invitation is sent to that user that asks if he would allow her to see that he is online and able to receive messages. Once two users have each other’s public key, they can find each other’s IP and port on the DHT and establish a direct connection (or via a relay server, if the network condition doesn’t allow direct connections). This invitation is encrypted in a way that only the user who is meant to receive it can decrypt and read it.
Establishing a secure tunnel:
Once a user accepts an invitation from a friend, the engine creates an encrypted tunnel over UDP between the two peers. The messages that are sent over the tunnel are all end-to-end encrypted. We also support forward secrecy, which essentially means that we change the encryption key every once in a while to make it even harder to decrypt the traffic — even if, by some miracle, the encryption key is compromised.
SIP/RTP interface:
The engine offers a SIP interface for the UI, so when the engine receives a SIP message from the SIP User Agent Client (UAC), it looks at its destination: the public key of the receiver. The engine creates or picks the right encrypted tunnel with the right contact and sends the SIP message, which will be received by another Bleep engine at the other end. BitTorrent team modified some SIP headers to make it seamless to the SIP agent, meaning that we theoretically support any messaging app that uses SIP. The engine also forwards all RTP traffic over the encrypted tunnel, which enables voice calls.
No Personal Info Required
To get started with Bleep, all that is required is choosing a nickname. You can share your Bleep key (under Settings:Profile) wherever you like: forum post, twitter page, etc. And no one will have any of your other details. Optionally, you can verify your email addresses and mobile numbers with Bleep, which will let your friends discover you through Bleep when they open an account.
In Your Hands, Instead of the Cloud
Bleep’s logo represents a folded note – a message passed directly, hand-to-hand. In our implementation, we keep messages and the encryption keys for images stored on your local device, not the cloud. For messages and metadata, there is no server for hackers to target and because you hold the keys, images can’t be leaked to haunt you later. We’ve solved serverless peer-to-peer messaging, including the ability to get offline friends your messages when they come back online.
Whisper
Brand new for this release, is the ability to send whisper messages with Bleep. For parts of a conversation that you’d like to keep temporary, tapping “Go to Whisper” on your phone sends messages and pictures that disappear from devices after they’ve been viewed (25 seconds); holding shift on PC and Ctrl on Mac while hitting send does this on your desktop. You can switch back and forth between normal and whisper messages seamlessly, so you don’t lose the flow of your conversation.
Screenshot, or Not?
Whisper messages have additional protection for screenshots. If a friend manages to capture the screen, they won’t be able to capture who said what, since nicknames are blocked out. And if you forget who you’re whispering with, you tap the “eye” to display the nickname, but the conversation gets blurred. They can capture the conversation or the sender, but not both at the same time.
Adding friends is easy…
Invite friends via your device’s address book, their email, mobile number or Bleep key. In situations where you want to add a friend in-person, you can scan/share a Bleep code (tap “+”, tap “Bleep Code”).
Free Voice Calls.
Start a Bleep-to-Bleep call with any online contact by tapping the phone icon at the top of your text conversation. Calls are connected directly (no cloud), with end-to-end encryption.
iPhone, iPad, Android and Desktops…
Bleep is now available on iOS, and has significant updates on Android, in addition to being available for Mac and Windows desktop. Each device you own is registered with Bleep separately, but you can add your friends to each device stay in touch.
OWND
19%
COOL
56%
NICE
0%
WHAT ?
13%
MEH
6%
Comentários
Postar um comentário