The National Security Agency has some of the brightest minds working on its sophisticated surveillance programs, including its metadata collection efforts. But a new chat program designed by a middle-school dropoutin his spare time may turn out to be one of the best solutions to thwart those efforts.
Prompted by Edward Snowdens revelations about the governments intrusive surveillance activities, loosely knit citizen militias of technologists and security professionals have cropped up around the world to develop systems to protect us from government agencies out to identify us online and grab our communications.
John Brooks is now among them.
Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which he dubbed Ricochet, began as a hobby. But by the time he finished, he had a full-fledged desktop client that was easy to use, offered anonymity and encryption, and even resolved the issue of metadatathe to and from headers and IP addresses spy agencies use to identify and track communicationslong before the public was aware that the NSA was routinely collecting metadata in bulk for its spy programs. The only problem Brooks had with the program was that few people were interested in using it. Although hed made Ricochets code open source, Brooks never had it formally audited for security and did nothing to promote it, so few people even knew about it.
Ricochet is idiot-proof and anonymous.
Then the Snowden leaks happened and metadata made headlines. Brooks realized he already had a solution that resolved a problem everyone else was suddenly scrambling to fix. Though ordinary encrypted email and instant messaging protect the contents of communications, metadata allows authorities to map relationships between communicants and subpoena service providers for subscriber information that can help unmask whistleblowers, journalistss sources and others. Its not just these kind of people whose privacy is harmed by metadata, however; in 2012 it was telltale email metadata that helped unmask former CIA director and war commander General David Petraeus and unravel his affair with Paula Broadwall.
With metadata suddenly in the spotlight, Brooks decided earlier this year to dust off his Ricochet program and tweak it to make it more eleganthe knew hed still have a problem, however, getting anyone to adopt it. He wasnt a known name in the security world and there was no reason anyone should trust him or his program.
Enter Invisible.im, a group formed by Australian security journalist Patrick Gray. Last July, Gray announced that he was working with HD Moore, developer of the Metasploit Framework tool used by security researchers to pen-test systems, and with another respected security professional who goes by his hacker handle The Grugq, to craft a secure, open-source encrypted chat program cobbled together from parts of existing anonymity and messaging systemssuch as Prosody, Pidgin and Tor. They wanted a system that was highly secure, user friendly and metadata-free. Gray says his primary motivation was to protect the anonymity of sources who contact journalists.
At the moment, when sources contact a journalist, theyre going to leave a metadata trail, whether its a phone call record or instant message or email record [regardless of whether or not the content of their communication is encrypted], he says. And that data is currently accessible to authorities without a warrant.
When Brooks wrote to say hed already designed a chat program that eliminated metadata, Gray and his group took a look at the code and quickly dropped their plan to develop their own tool, in favor of working with Brooks to develop his.
View post:
Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying