![]() In other words, using an already established network allows us to offer Bleep as a private messaging app to even our first few users, eliminating that chicken-and-egg problem. Bleep will eventually use the same DHT network as uTorrent, which has millions of active nodes already. As you can imagine, if only few nodes are participating in the network, it’s easy to inject more nodes into that network and collect some information that might lead to the leakage of metadata. It is important to mention that the number of nodes that are participating in the DHT directly affects users’ privacy. Obtaining the initial peers to connect to can theoretically be done through other methods (or other bootstrap servers), and you can read more information on this subject on our forum. However, this is only the case if the cache is empty and our node doesn’t have any node that it was previously connected to. The Bleep engine talks to our bootstrap server to randomly obtain a few peers that are already participating in the DHT. metadata) even if the attacker has access to ISP-type information. This makes it practically impossible to figure out who is talking to who at what time (i.e. It’s extremely difficult to figure out what public key corresponds to what IP if the attacker is not a friend of the victim. A very important feature in Bleep is that the DHT traffic is disconnected from a user’s public key. These improvements are necessary to guarantee our users’ privacy because simply being distributed doesn’t mean it’s secure– unlike what some P2P messaging applications wrongfully claim. We have improved our DHT protocol to support many features needed to support Bleep, and we updated both uTorrent and BitTorrent mainline to support Bleep nodes. Joining the DHT network: As we explained, Bleep uses a DHT that is similar to that of BitTorrent clients, and we’ll eventually use that same DHT for those clients in the near future. Incognito users do not register their public key on our server, but they do have to use a QR code or direct public keys to be added as contacts by somebody else. actually finding the IP address of the contact) is done via our DHT. ![]() We also implemented a protocol to limit BitTorrent Inc.’s exposure to the graph of friends: This lookup is only done once when a user adds a contact. A public key, derived from the private key, is then registered on our server, and it is only used when another user wants to find or add a friend via phone or email address. Bleep registers all users as incognito initially, but in the cases where the user chooses to verify her identity via email or phone number, the engine asks our authentication server to send a token to make sure the user actually owns what she claims. That key is encrypted under the user account, so other local users cannot access it. Here is a list of its major functionalities:Ĭreating and authenticating the identity: When users install Bleep for the first time, the engine creates a new private key that can be used across multiple devices. We have previously described the software architecture of Bleep here, and in this piece I’ll focus on Bleep’s P2P engine. There’s more to Bleep than we can fit in a single blog post, but here’s an overview of the big picture, including some high level technical details and answers to some of the questions around how Bleep works. And today we’ve taken a step further, bringing Bleep to Open Alpha and adding clients for Mac and Android. We’ve also had many great questions that we will be gradually answering in blog posts, our forums and other social channels. We unveiled Bleep a few weeks ago, and we have received nothing but love from our users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |