BitTorrent Bleep: The P2P Plan to Make the World's Most Secure Chat

Illustration for article titled BitTorrent Bleep: The P2P Plan to Make the Worlds Most Secure Chat

Last fall, BitTorrent (the company) announced and experimental plan to build a secure chat system using the protocol that's most famous for enabling file sharing. Today, we're getting our first look at the what will eventually become a finished product: BitTorrent Bleep.

Advertisement

BitTorrent Bleep launches today as an invite-only pre-alpha on Windows 7 and Windows 8, with other platforms set to launch soon. (Click here to get on the list for an invitation.) The idea is to create a secure chat service that's immune to government snooping and tribunal-mandated data requests. According to development documents, BitTorrent's decentralized infrastructure makes it ideal for just such a platform.

When you're using a traditional chat service like Google Hangouts or AIM, you're really just interfacing with an app on a central server. This server needs to know who you are and, as BitTorrent points out, stores metadata about your interactions. Even if a service offers end-to-end data encryption, your chats aren't really secure because if someone gains access to the central server, you're compromised.

Advertisement

Instead of using a central server as a conduit for messages and information, BitTorrent has built a decentralized engine that uses a public key to identify you (instead of a username). Then it establishes a direct connection between you and whoever you're talking to. Not only does that mean that nobody can eavesdrop on your conversation, it also means that there's no metadata about your interactions stored on central servers.

BitTorrent Bleep is still pre-alpha, so we'll be interested to learn more as additional technical details about thee service emerge. But in the mean time it's nice to see technology fighting back against the government's prying eyes. [BitTorrent]

Share This Story

Get our newsletter

DISCUSSION

Except not.

Using a PKI of any sort (i.e. "uses a public key to identify you") kind of implies that I (as an attacker) could associate an identity with an individual. Further, if all you need is someone's public key in order to initiate a direct connection to them, that process becomes trivial. So, even if the attacker can't see *what* was said (which is not necessarily the case, but an in-depth discussion of cryptography is beside my point, so I digress), I would still be able to say with some certainty both *that* a conversation occurred and *who* was a part of that conversation.

That said, it's an unfinished product and on top of that it's not comprehensively documented yet, so we'll see.