BitTorrent unveils NSA-proof online calling and messaging software

Aug 01, 2014 by Jon Healey, Los Angeles Times
BitTorrent

BitTorrent Inc., the San Francisco company behind the most popular technology for sharing files online, is branching out into a new arena: snoop-proof calling and texting.

The company announced the availability Wednesday of a preliminary, test version of BitTorrent Bleep software, which will enable people to make calls (voice only) and send messages over the Internet without using a central server to direct traffic. Instead, users will find one another through groups of other users, with no records of the calls or texts stored anywhere along the way.

Once a connection is made for a call or text, the communication travels directly between the two computers involved. That peer-to-peer approach also defies mass surveillance. Granted, it doesn't pay to underestimate the National Security Agency's ability to monitor even well-hidden communications. But Bleep certainly makes the job harder than the most popular online calling and messaging apps do.

Bleep will be available by invitation only for now, the company said, because it still has plenty of rough edges. It's also limited to computers running Windows 7 or 8, although support for more platforms is coming.

The product reflects BitTorrent's effort to find more applications for the distributed-computing technology that underlies its file-sharing software. It launched BitTorrent Sync last year to provide an alternative to cloud-based programs that synchronize files across multiple devices. Shortly before that it unveiled BitTorrent Bundles, a publishing platform for digital content. The company has been working on Bleep at least since September, when it announced its plan to develop a secure online chat service.

Online calling and messaging services typically seek to preserve privacy by scrambling the communications between the sender and the recipient. The problem is that they rely on central servers to handle the electronic signals that establish the connection. The metadata that passes through those servers can be monitored or intercepted, potentially exposing the calls and texts themselves to surveillance, as leaked NSA data has revealed about Skype and other Voice over Internet Protocol services.

Bleep encrypts its traffic too, as well as enabling users to keep their identities secret even from those with whom they're communicating. But the main reason it's more secure, the company says, is because it has no central servers. "We are not even storing data temporarily on servers and then deleting it," Farid Fadaie, head of the Bleep project, wrote in a blog post Wednesday. "We never have the metadata in the first place."

Nor does anyone else. Unlike BitTorrent's file-sharing technology, there are no central, surveillance-susceptible indices helping to connect one user to another. Instead, when User X tries to start a call or send a text to User Y, X's Bleep software asks other BitTorrent users if they know Y's IP address. Their query eventually reaches a computer that Y's Bleep software has made contact with, revealing Y's address. The information is sent back to X, enabling X and Y to connect directly.

"Consider Bleep your personal redaction pen controlled by you and only you," Jaehee Lee, senior product manager at BitTorrent, wrote in a blog post Wednesday. "Anything you say is Bleep-ed out to us and everyone else for that matter."

This seems technologically nifty, but who would go to the trouble of running Bleep when millions of people around the world can easily be reached through Skype, WhatsApp or any number of other VOIP and chat apps? Lee offered four possible use cases: diplomats sharing sensitive dispatches, businesses safeguarding communications from industrial espionage, reporters protecting sources, or friends keeping their conversations private.

I could suggest any number of less noble uses for the software too. But as with the BitTorrent protocol itself, Bleep shouldn't be judged by the things people do with it. Instead, it should be judged by its ability to deliver on its promise of security.

The isn't interoperable with other chat or VOIP clients, at least not at this point, so its utility will be limited unless and until it gains a critical mass of users. The tremendous popularity of the BitTorrent protocol gives Bleep a strong global foundation, but not much else. That could change, though, if Bleep were built into updated versions of the apps people use to share torrent files.

One other potential factor is whether Congress changes the 1994 Communications Assistance for Law Enforcement Act to require data communications services to support wiretaps, as the Justice Department and federal security agencies have sought. Today, the wiretap requirement applies only to phone networks (including mobile ones) and online services that are effective substitutes for them (such as Vonage). If CALEA were extended to all online voice and messaging services, BitTorrent might be faced with the choice of withdrawing Bleep somehow from the United States or re-engineering it to remove its distinguishing feature.

Explore further: Cracks emerge in the cloud

4.5 /5 (25 votes)
add to favorites email to friend print save as pdf

Related Stories

Researchers find most BitTorrent users being monitored

Sep 05, 2012

(Phys.org)—Researchers from Birmingham University in the UK have found that users who frequent BitTorrent file sharing sites such as The Pirate Bay, risk having their IP address logged by monitors as quickly ...

Cracks emerge in the cloud

Jun 20, 2014

A systematic analysis reveals that cloud storage services have security weaknesses that can inadvertently leak users' data.

Recommended for you

CloudFlare tackles lost SSL key risk with Keyless SSL

Sep 19, 2014

Organizations looking for and concerned about optimal security protection are the targets of a new service announced by San Francisco-based CloudFlare. The offering is called Keyless SSL. CloudFlare explained ...

When does Google hand over your data to governments?

Sep 19, 2014

Governments around the world want to know a lot about who we are and what we're doing online and they want communications companies to help them find it. We don't know a lot about when companies hand over ...

User comments : 13

Adjust slider to filter visible comments by rank

Display comments: newest first

verkle
1 / 5 (12) Aug 01, 2014
Instead of trying to hide our communication online and elsewhere, why can't we just be more open? Only criminals have something to hide.
SoylentGrin
5 / 5 (12) Aug 01, 2014
Only criminals have something to hide.

Because all laws are Just. /s

What if your legal activity today becomes illegal tomorrow?
How about if I don't trust an individual in the NSA chain not to abuse their position?
If I'm collaborating with someone about an idea we've yet to patent, should our discussions be broadcast to our competitors?

Let's just go with my life isn't your business, or the government's. Remember, there is no single entity "The Government". They are comprised of fallible, corruptible, sanctimonious humans.
Captain Stumpy
5 / 5 (8) Aug 01, 2014
Instead of trying to hide our communication online and elsewhere, why can't we just be more open? Only criminals have something to hide.
not necessarily...
there should be a right to privacy within certain circumstances, as well as protection from abuse of privilege like SoylentGrin points out above

would you want your ex-spouse/enemy to be able to bring up all your personal data whenever they please for revenge purposes?
how about someone that just hates you because you are religious?
or maybe someone who thinks you should be dealt with severely because THEY are religious?
How about watching you as a threat to whatever just because of your public posts on a pop-sci site?

there are things that need to be kept private. like:
e-mails to your kids? wife? girlfriend? boyfriend? business partner? secret new business patented technology? classified documents? investigations that are on-going? HIPA data? STD/medical/lab results? clinical trials? new meds?
Captain Stumpy
5 / 5 (5) Aug 01, 2014
That peer-to-peer approach also defies mass surveillance.
Just because it is peer to peer does not mean it is not capable of being monitored... only that it is harder to monitor. glad it is also scrambled.
i know that you can tap a phone line without even violating the integrity of the line.
certain direct scrambled hard lines in the former USSR were tapped (without physically damaging the lines) while underwater by our gov't during the cold war
Lee offered four possible use cases: diplomats ...businesses ...reporters ...friends keeping their conversations private
I would also add private com between law enforcement during investigations (like above), ANY Dr. to Dr. consult/interface for HIPA protection, any private info that should be protected from 3rd party discovery...

I hope this does not get undermined by CALEA
it looks like it would be far too useful...
Requiem
5 / 5 (3) Aug 01, 2014
I don't buy that p2p makes communications any more secure in the face of the NSA et al, because it'll still be easily characterized and there is every reason to believe that they have access to all major transport into and out of ISPs. Anybody who knows the terrible state that our nationwide backbone diversity has fallen to would certainly agree that it wouldn't really be that hard, or require "taps" in that many locations. At least not as long as you're only looking to snoop on internet traffic - it would be a nightmare to try to tap every literal p2p transport fiber that businesses have run for their WANs and whatnot, but anyway...

In my opinion, if anything this service is probably more likely to get your communications stored than more conventional services.
Requiem
5 / 5 (3) Aug 01, 2014
...And not just their metadata.
rainbowbudland
2.8 / 5 (5) Aug 01, 2014
It's about time someone stood up to the NSA spying on law abiding citizens. Now we need a cell phone that can't be tapped or monitored by the NSA or any government agency.

And to all who say that ask what do you have to hide?
I laugh at you. If you want to display your ENTIRE life story for anyone to see, go for it.
I do not want any government agency listening to my phone calls, checking my emails, etc.
Plus, a government that has full access to their citizens life stories, is called a communist country.
Dr_toad
Aug 01, 2014
This comment has been removed by a moderator.
Doug_Huffman
1 / 5 (4) Aug 01, 2014
https://protonmai...-details

Welcome to the New World Order of the rule of men and not of the law.

MOLON LABE applies to much more than arms. Good people ought to be armed as they will, with wits and guns and the Truth.
Dr_toad
Aug 01, 2014
This comment has been removed by a moderator.
Doug_Huffman
1 / 5 (1) Aug 01, 2014
And a Tannerite fence line, no doubt. Where do you buy your truth? Yeehah.
Nope. About ten miles of Lake Michigan with a gatekeeper ferryman's tariff. I thought Karl Popper's The Logic of Scientific Discovery a good guide to truth, that and the aphorism to Believe Nothing Read or Heard Without Verifying It Oneself Unless Weltanschauung Congruent.
Sinister1812
5 / 5 (2) Aug 02, 2014
Instead of trying to hide our communication online and elsewhere, why can't we just be more open? Only criminals have something to hide.


Same thing as handing over rights to the government.
DeliriousNeuron
3.7 / 5 (3) Aug 04, 2014
Its not the government that worries me as much as malicious people. Our data in the wrong hands, is the reason I'd choose to be private.
interceptor
2 / 5 (2) Aug 04, 2014
How is this secure at all? If i maliciously modify my bittorrent code to LIE and say yes i know the IP address of Y it's my IP address. Then wouldn't X attempt to connect to me instead. i Could even connect to the REAL Y and just be a middle man they dont know about.
ffadaie
5 / 5 (1) Aug 05, 2014
How is this secure at all? If i maliciously modify my bittorrent code to LIE and say yes i know the IP address of Y it's my IP address. Then wouldn't X attempt to connect to me instead. i Could even connect to the REAL Y and just be a middle man they dont know about.


This is not possible unless you have the private key of the person who is being queried.