TorChat had a number of implementation problems when it came out, however, and has largely been abandoned by users and its developers. To build Ricochet, Brooks patterned his program on something that already existed- TorChat, a peer-to-peer instant messaging program released in 2007 that used Tor hidden services to transmit communications. But the metadata is something fairly new and very challenging and something we're only figuring out now." "It's embarrassing as a securing industry that.we're scrambling to now. "We should have had figured out fifteen years ago," he says. The problem is metadata."īrooks says he's surprised it has taken this long to address the metadata problem though given that user-friendly email encryption is still something developers have yet to perfect, it perhaps shouldn't be a surprise. Nine out of ten people who are trying to do it don't really know what the problem is. "That's the problem with this whole anonymous space. "Tox pushes forward in that there's not really a central server.but as it's currently designed, it allows a direct IP-to-IP connection ," says Gray. A protocol developed by members of the 4Chan forum, it uses peer-to-peer technology to securely transmit files, text, and voice communication. Tox is another solution that isn't ideal in its current state. So far, however, Wickr is only available for the mobile platform, though Sell says they're expanding to other platforms soon. Wickr CEO Nico Sell says the company has implemented a number of solutions, including proprietary ones that she declined to identify, that prevent timing attacks from occurring. "ntel agencies can watch the traffic going in and out, and just the timing of those messages will probably be enough to tell you which IP address is talking to this IP address," Brooks notes. >Ricochet's absence of metadata, and its ease of use, means it has a good chance of going mainstream in a way others have not. Anyone tapping the connections to Wickr's servers could conceivably map the parties who are communicating and establish relationships between them. But unlike Ricochet, it uses central servers to transmit the communication, which Brooks says make users vulnerable to timing attacks. Wickr, for example, is a competing encrypted chat program that doesn't preserve the communication or metadata of users, so there's nothing recorded by default for spy agencies or law enforcement to collect from Wickr with a court order. Ricochet's absence of metadata, and its ease of use, means it has a good chance of going mainstream in a way others have not. What's more, few solutions purport to eliminate the metadata problem. Why It May Be Better Than the CompetitionĪlthough a number of encrypted communications solutions already exist for email and chats, many are not entirely secure or are difficult to use. It's not just these kind of people whose privacy is harmed by metadata, however in 2012 it was telltale email metadata that helped unmask former CIA director and war commander General David Petraeus and unravel his affair with Paula Broadwall. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalists's sources and others. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Then the Snowden leaks happened and metadata made headlines. >"Ricochet is idiot-proof and anonymous." Although he'd made Ricochet's code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it. The only problem Brooks had with the program was that few people were interested in using it. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadata-the "to" and "from" headers and IP addresses spy agencies use to identify and track communications-long before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The program, which he dubbed Ricochet, began as a hobby. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties.
0 Comments
Leave a Reply. |