Private messaging apps like SnapChat and WhatsApp aren’t as private as you might think.
SnapChat settled with the Federal Trade Commission earlier this month over a complaint that its privacy claims were misleading, as reported by USA Today, and last week, the Electronic Frontier Foundation published a report listing the company as the least privacy-friendly tech outfit it reviewed, including Comcast, Facebook, and Google. Last year, WhatsApp faced privacy complaints from the Canadian and Dutch governments, and like Snapchat, its security has been an issue as well.
The only way to ensure your messages are reasonably safe is to you encrypt them yourself.
When you use messaging services like these, you’re depending on
outside companies to properly encrypt your messages, store them safely,
and protect them when the authorities come calling. And they may not be
up to the task. The only way to ensure your messages are reasonably safe
is to encrypt them yourself, using keys that no one has access
to–including your messaging service provider. That way, even if hackers
bust into your service provider or the authorities hit it with
subpoenas, your messages are protected.Unfortunately, this is easier said than done. Encryption tools are notoriously hard to use. But several projects are working to change this, building a more polished breed of encryption software that can serve the everyday consumer. A new open source project called Briar is part of this crowd, but it puts a fresh twist on the idea. It doesn’t just encrypt your messages. It lets you jettison your messaging service provider altogether. Your messages travel straight to the person you’re sending them to, without passing through a central server of any sort. It’s what’s known as a “peer-to-peer” tool.
This has a few advantages. You and your contacts keep complete control your data, but you needn’t setup your own computer server in order to do so. Plus, you can send messages without even connecting to the internet. Using Briar, you can send messages over Bluetooth, a shared WiFi connection, or even a shared USB stick. That could be a big advantage for people in places where internet connections are unreliable, censored, or non-existent.
The Internet Is Not Private
Briar is the work of computer scientist Michael Rogers, security expert Eleanor Saitta, interaction designer Bernard Tyers, software engineer Ximin Luo, and a few other volunteers. The project grew out of a few observations Rogers made while working on his PhD thesis, which concerned “Private and Censorship-Resistant Communication over Public Networks.”
The Briar interface. Image: Courtesy of Briar
Yes, this limits who you send messages to, and it requires them to be close-by. But Briar can also work over the public internet, where it will send messages via Tor, an existing system that anonymizes internet traffic by routing it through computers run by volunteers around the world. Briar also offers public discussion forums, using a system that harkens back to Usenet, a decentralized group discussion system that’s been around since the early days of the internet. Each user who subscribes to a particular forum will only share posts with those who also subscribe to the forum.
Fewer Steps, Please
All this may sound a bit complicated, but Rogers and crew are doing their best to cut down on the complexity, and they believe their model will be easier–and yet more functional–than many other crypto tools available. They want to make it as easy to use as something like Skype. “If someone wants to chat with you over Skype, what do you do?” Rogers asks. “You go to skype.com, hit the download button, choose a username and password, and start your chat.”That’s not what you get from existing encryption tools. If you want to use OffTheRecord, an encryption plugin for the Pidgen and Adium instant messaging clients, you need to do quite a bit more. The SMS alternative TextSecure is a dead simple way to encrypt short messages, but it routes messages through central servers, and for now, it still requires a phone number for identification, meaning it can only work on smartphones, not tablets or laptops.
Briar aims to offer a single app that you can download and start using right away. But that goal is still some way off. For now, you can download the source code and install the app on your Android phone, but the team hasn’t yet offered an easy installer. “I’m not comfortable with releasing alpha builds because we’re targetting high-risk users,” Rogers says.
The Briar team knows they won’t be competing with the Snapchats of the world any time soon. “We’re concentrating first of all on people who need secure communication the most: activists, journalists and civil society,” Rogers says. But he does hope that, eventually, Briar will be simple enough to help anyone keep their data safe.
from http://www.wired.com/2014/05/briar/
https://briarproject.org/
源代码:https://code.briarproject.org/briar
相关帖子:
http://briteming.blogspot.com/2013/08/tox.html
