BitTorrent trialling P2P secure messaging
Going where Lavabit and Silent Circle fear to tread
BitTorrent wants to (a) take another step towards either respectability, or (b) take itself further outside the mainstream by defying Uncle Sam (take your pick), announcing that it's trialling a secure, serverless messaging application.
The P2P messaging system is taking alpha sign-ons now, here.
The idea is that if messages can be encrypted properly – which presumably means working out algorithms that don't have trap-doors or backdoors – then without a centralised server processing the messages, government interception should be harder to implement.
Alec Perkins did the groundwork for
the a similar system, and has published an outline here*.
If Perkins' work represents the current state of the BitTorrent messaging alpha, then it currently relies on an out-of-band exchange for the exchange of users' keys. He notes that if BitTorrent Sync were upgraded, it could support key exchange in the future. A small node.js Webserver provides the UI to the system.
Each user (contact, or message channel) has a folder containing inbox and outbox. Users provide each other with read-only keys providing access to their in- and out-boxes (note that a different key is used for each). The recipient of a message can only read the message in the sender's outbox: they can't change the message. All messages are encrypted with AES 256 with secrets greater than 20 bytes.
BitTorrent is offering alpha sign-ups here. ®
Update: Since this was published, a representative of the BitTorrent team has contacted The Register. He stated that while Alec Perkins' work is "an interesting use of BitTorrent Sync", BitTorrent Chat will be "built entirely by one of our internal teams". ®
Sponsored: The Nuts and Bolts of Ransomware in 2016