BitTorrent Chat promises messaging free from prying eyes -- including the NSA's
BitTorrent continues its push into spy-proof products with BitTorrent Chat, a messaging app that doesn’t rely on centralized servers.
BitTorrent announced its chat service in September, and started taking sign-ups for a private alpha, but now the company that best known for its file-sharing protocol offers some more insight into how the chat service works.
The challenge for BitTorrent was to create a service that lets users communicate without logging into a central server. Not having a centralized service ensures that communications won’t be susceptible to security breaches or government data requests.
BitTorrent Chat uses public key encryption to keep conversations out of the wrong hands. Users exchange their public keys to initiate a chat without revealing their identities, while a private key remains secret to each user.
Once the chat begins, BitTorrent Chat generates a temporary encryption key that only applies to that specific conversation. The temporary key is deleted when the conversation ends, ensuring that it can’t be accessed in the future, even if one user’s private key becomes compromised.
To make the connection between users, BitTorrent Chat relies on a “Distributed Hash Table,” or DHT, which is basically a way to route requests through a peer-to-peer network. BitTorrent says this is akin to asking a neighbor if they know the person you’re looking for, and that person asks someone else, who asks someone else, and so on—except a new DHT protocol uses encryption to keep IP addresses secure.
“Eventually, you’ll get to a peer (neighbor) who knows the address of the person you’re looking for” wrote BitTorrent engineer Abraham Goldoor in a blog post. “They return this address to you. This is done in such a way that only you know who you are looking for.”
Impressive as that may sound, it’s all academic until BitTorrent Chat actually launches, and we can see how useful it is. For now, BitTorrent is still taking sign-ups for the private alpha, and there’s no word on when the service will launch.