Private messaging apps like SnapChat and WhatsApp aren’t as private as you might think.
SnapChat settled with the Federal Trade Commission earlier this month over a complaint that its privacy claims were misleading, as reported by USA Today, and last week, the Electronic Frontier Foundation published a report listing the company as the least privacy-friendly tech outfit it reviewed, including Comcast, Facebook, and Google. Last year, WhatsApp faced privacy complaints from the Canadian and Dutch governments, and like Snapchat, its security has been an issue as well.
The only way to ensure your messages are reasonably safe is to you encrypt them yourself.
When you use messaging services like these, you’re depending on
outside companies to properly encrypt your messages, store them safely,
and protect them when the authorities come calling. And they may not be
up to the task. The only way to ensure your messages are reasonably safe
is to encrypt them yourself, using keys that no one has access
to–including your messaging service provider. That way, even if hackers
bust into your service provider or the authorities hit it with
subpoenas, your messages are protected.Unfortunately, this is easier said than done. Encryption tools are notoriously hard to use. But several projects are working to change this, building a more polished breed of encryption software that can serve the everyday consumer. A new open source project called Briar is part of this crowd, but it puts a fresh twist on the idea. It doesn’t just encrypt your messages. It lets you jettison your messaging service provider altogether. Your messages travel straight to the person you’re sending them to, without passing through a central server of any sort. It’s what’s known as a “peer-to-peer” tool.
This has a few advantages. You and your contacts keep complete control your data, but you needn’t setup your own computer server in order to do so. Plus, you can send messages without even connecting to the internet. Using Briar, you can send messages over Bluetooth, a shared WiFi connection, or even a shared USB stick. That could be a big advantage for people in places where internet connections are unreliable, censored, or non-existent.
The Internet Is Not Private
Briar is the work of computer scientist Michael Rogers, security expert Eleanor Saitta, interaction designer Bernard Tyers, software engineer Ximin Luo, and a few other volunteers. The project grew out of a few observations Rogers made while working on his PhD thesis, which concerned “Private and Censorship-Resistant Communication over Public Networks.”The first observation was that, if you want to communicate privately, the internet’s not a good place to do it. “The whole network can be monitored from a small number of points–and it is,” he says. The second was that internet censorship moves faster than the adoption of new tools that prevent censorship. “It can take years for a tool to gain a significant user base, and then it can be blocked overnight.” In other words, we can’t protect privacy and guard against censorship without building something that fundamentally changes the way the internet works–or bypasses it altogether. This is what Briar aims to do. When used over a local area wireless connection, it works kind of like a “mesh network,” in which each computer or device acts as a type of repeater for the data that travels from one location to another. But Briar alters this setup a bit. With a classic mesh network, your device communicates directly with every other device within range, and it transfers data by finding a path across the mesh in real time. But Briar takes a simpler approach: your device only communicates with the machines it wants to send messages through. “You don’t walk around saying ‘Hey, I’m using Briar!’ to everyone in range,” Rogers says. Your device picks which machines it wants to talk to. This approach is more secretive, and it eliminates the need for messages to find their way across a network.
Yes, this limits who you send messages to, and it requires them to be close-by. But Briar can also work over the public internet, where it will send messages via Tor, an existing system that anonymizes internet traffic by routing it through computers run by volunteers around the world. Briar also offers public discussion forums, using a system that harkens back to Usenet, a decentralized group discussion system that’s been around since the early days of the internet. Each user who subscribes to a particular forum will only share posts with those who also subscribe to the forum.
Fewer Steps, Please
All this may sound a bit complicated, but Rogers and crew are doing their best to cut down on the complexity, and they believe their model will be easier–and yet more functional–than many other crypto tools available. They want to make it as easy to use as something like Skype. “If someone wants to chat with you over Skype, what do you do?” Rogers asks. “You go to skype.com, hit the download button, choose a username and password, and start your chat.”That’s not what you get from existing encryption tools. If you want to use OffTheRecord, an encryption plugin for the Pidgen and Adium instant messaging clients, you need to do quite a bit more. The SMS alternative TextSecure is a dead simple way to encrypt short messages, but it routes messages through central servers, and for now, it still requires a phone number for identification, meaning it can only work on smartphones, not tablets or laptops.
Briar aims to offer a single app that you can download and start using right away. But that goal is still some way off. For now, you can download the source code and install the app on your Android phone, but the team hasn’t yet offered an easy installer. “I’m not comfortable with releasing alpha builds because we’re targetting high-risk users,” Rogers says.
The Briar team knows they won’t be competing with the Snapchats of the world any time soon. “We’re concentrating first of all on people who need secure communication the most: activists, journalists and civil society,” Rogers says. But he does hope that, eventually, Briar will be simple enough to help anyone keep their data safe.
from http://www.wired.com/2014/05/briar/
https://briarproject.org/
源代码:https://code.briarproject.org/briar
相关帖子:
http://briteming.blogspot.com/2013/08/tox.html