Making "NSA-Proof" Social Networking Mainstream
BY Carola Frediani | Tuesday, February 18 2014
When Edward Snowden exposed the scale and depth of the National Security Agency's surveillance programs, his findings led to another disheartening revelation: that our Internet has become too centralized. Webmail services like Yahoo and Google and social networks like Facebook and Twitter are convenient and efficient platforms, as well as easy to use, but they collect massive amounts of user data that can facilitate intelligence spying and other types of snooping. Meanwhile, securer methods of communication are often cumbersome and overly technical for the average user who would like to send an email without having to download and set up various software. Yet after Snowden’s leaks, an increasing demand for securer alternatives has led to the development of anti-surveillance products with an eye towards being user friendly.
That is certainly true for Miguel Freitas, a research engineer based in Rio de Janeiro, Brazil, who decided to create a decentralized alternative to Twitter to counter NSA spying and protect against shutdowns of social media sites; but it would also be “something that my grandmother could use,” Freitas tells techPresident. “There was a coincidence of events that triggered the project: the protests in Brazil in June 2013, together with my reading of Manuel Castells’ interview about the dynamic of the social media within the Arab Spring. Then there was the first Snowden revelation, including PRISM,” he says. Castells is a sociologist who analyzes how social movements emerge and leverage themselves in the Internet age.
Hence, Freitas developed Twister, a microblogging platform that allows users to share updates through a decentralized network. It means that their information, since it is not collectively stored by a company, can't be accessed by third parties; moreover, the platform can't be shut down by governments. “I realized it was very bad conceptually to have this important flux of information in the hands of a single company,” adds Freitas. “You might remember the London riots when they considered shutting down Twitter and Facebook. It's not about the merit of London rioters, but the mere possibility of shutting down an important channel of information like that that strikes me. This is totally against the idea of the Internet, where you have no single point of failure.” So Freitas began looking into building a peer-to-peer (P2P) microblogging alternative to Twitter. However, it had to be simple and easy to use for non-technical people. It had to implement end-to-end encryption in a seamless way.
Not such a simple task. The first problem Freitas stumbled upon was the registration of usernames: how can one make it decentralized? Given a lack of central servers, he had to conceive of a way to publish and exchange messages that would scale with the number of users. The solution was to integrate BitTorrent, a system for peer-to-peer file sharing, with Bitcoin’s cryptographic technology, which also uses a peer-to-peer network to exchange money.The former allows users of the Twister app (there are test versions for Linux, OS X and Android) to connect to other users. The latter deploys a network of computers running Twister software to verify that usernames aren’t registered twice and that posts are really coming from a given user. Twister uses Bitcoin's framework to provide a sort of notary service that certifies who owns a given nickname. In the Bitcoin network, “miners” get bitcoins as a reward for their work. In the Twister network, “miners” are allowed to create promoted posts that in a way function like advertisements.
Also, it's up to users to decide whether or not to publicize their online presence. “What we have in Twister is the concept of ‘public’ or ‘private’ following: if I follow you ‘publicly’ people will be able to see this. However, I may just follow you ‘privately,’ that is, your posts will be shown in my timeline and I will be able to receive encrypted direct messages from you. But nobody will be aware of such a relationship,” explains Freitas. Those especially concerned with their privacy can even access Twister through Tor, a free software that enables its users to communicate anonymously on the Internet by masking their IP address even if someone is monitoring their Internet traffic.
The Beginnings of P2P and Circumvention
The idea for using P2P technology to circumvent censorship and surveillance is not new. One of the first projects to implement the technology was Freenet, a free software designed in 2000 to ensure freedom of communication. It creates a self-contained network that allows anybody to publish and read information with complete anonymity. It is not a web proxy, or a system which, by acting as an intermediary, anonymizes your browsing; by using Freenet, you can’t connect to websites outside of those created within Freenet, so your Google, Facebook and Twitter are off limits. The reason for that is Freenet allows users to create anonymous websites, filesharing services, forums, chats, microblogging, and email, that are all hosted within Freenet. Through the network of computers running its software, it works by creating a distributed P2P datastore, which is a hard drive space shared among its users. Once content is uploaded, it will remain on the network forever, since the same content is scattered all over, saved and encrypted in “pieces” among different computers, and not centralized in one place.
The Freenet software –- especially since it is an autonomous network, separated by the rest of the net -- is still a niche for early adopters: geeks, libertarians, paranoid filesharers, and pedophiles. “I wish we could wave a wand and make the last group go away, but "no censorship" means "no censorship,” says Matthew Toseland, who has been the chief developer of the project from 2002 to 2013 (now he is on a temporary leave, studying at Cambridge University). Freenet has around 10,000 users and that number has increased to 13,000 after the NSA-gate. “Around 2003 there were lots of Chinese users, and now there are quite a few Russians and Japanese. Japan had a major, and technically sophisticated, crackdown on file sharing a few years ago; as for Russia, it also seems to be political, Internet censorship,” explains Toseland.
The main characteristics of Freenet (and one of the main differences with Tor software) is that it stores data across the network in a censorship resistant way. If you host a site on Freenet, it should persist indefinitely, even if the person who originally uploaded it disappears. It can't be shut down by finding the person who runs the server, or by sending the site offline through a so-called denial of service attack or by using a malware to take control of the server. It also provides what Freenet calls a "darknet" mode, or a friend-to-friend mode: you get an invite from a friend, install Freenet, connect to their node, add a few more friends and in this way, create a network just through your personal contacts. This method guarantees a high level of anonymity and invisibility. “This isn't us playing Facebook. It's the best way to build a robust, invisible, censorship resistant network," says Toseland. "In particular, it provides dramatically greater security, although a lot of our users seem to have difficulty getting their heads around this concept."
Again, usability, performance and the small number of users are the main hurdles that limit these kinds of projects. But the Freenet community is hopeful. “We need a bigger network with more semi-mainstream content before we can really achieve our goals,” comments Toseland. “Is that naive? I don't think so. Freenet provides free, anonymous hosting, without adverts, mass privacy violation or traffic limits, and is immune to denial of service attacks.”
A Growing Trend?
If Freenet has been one of the first decentralized networks to fight censorship and to provide secure communications, Bitmessage is one of the latest. Labeled “the Bitcoin of online communication,” it allows users to easily exchange encrypted messages across a network of peers. There are no central servers for sending and receiving messages. Users create unique addresses that are used to exchange encrypted texts, which are stored and delivered through the computers running the software, but only the intended receiver is able to read them. And you can even route the traffic through Tor.
Bitmessage, a free application for Windows and Mac users, is very simple to set up and makes encryption something that is just a few clicks away for the average user. However, it still has usability issues. For instance, the user address is a meaningless alphanumeric sequence, like the following: BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash. Also, its network is still quite small: it processes only a few thousand private messages per day.
The idea of using distributed networking is trending. A growing number of applications are being developed, even if most of them are still experimental. BitChirp uses BitMessage as a platform for creating a secure, anonymous microblogging service similar to Twitter. NightWeb connects your device to a peer-to-peer social network where you can write posts and share photos using BitTorrent and running over an anonymous network. There's even a project, Redecentralize, that collects interviews with developers working on decentralizing the Internet. “The original Internet was decentralized,” the website explains. “Anyone could set up parts of it. That’s why it won. For various reasons, control of our information technologies is increasingly falling into a few hands. Some big companies and Governments. We want it to become decentralized. Again.”
Apart from decentralization, there's also the need to create new encrypted messaging systems, immune to snoops. That is the case with Pond, a system of messaging which does not use P2P architecture like Bitmessage. On its website, Pond describes itself as, “forward secure, asynchronous messaging for the discerning.”
To break it down in lay terms, Pond is something between an email and a chat system. Like email it is asynchronous: you don't communicate in real time. Like chat, its messages are ephemeral (since they are automatically deleted after a week), but they are also encrypted and they are forward secure. That means that even if someone (an intelligence agency for instance) compromises the encryption, they can't read old messages.
Unlike email, which allows you send messages to anyone you want provided you have an address, Pond is a closed system, which means you can't contact someone if you are not given permission by that user. “There are no public Pond addresses (like email addresses) to which you can just send a message. A contact needs to be established first,” explains its developer, Adam Langley, to techPresident. “This is primarily due to combatting spam as I think a major reason that many people use large, centralized email systems is because they are more effective at fighting spam due to economies of scale. A closed system has serious usability costs, of course, but Pond was conceived for people who are very concerned about their privacy.”
Pond, says Langley, whose day job is at a major tech company, is a personal project he started in 2012, and still experimenting with. But it immediately struck a cord within the crypto community, garnering a lot of attention by developers and geeks. Whether P2P or not, it appears that as an interesting by-product of the NSA surveillance scandal, the demand for new, more user-friendly secure systems of communication is growing.
Carola Frediani is an Italian journalist and co-founder of the media agency, Effecinque.org. She writes on new technology, digital culture and hacking for a variety of Italian publications, including L’Espresso, Wired.it, Corriere della Sera, Sky.it. She is the author of Inside Anonymous: A Journey into the World of Cyberactivism.
Personal Democracy Media is grateful to the Omidyar Network and the UN Foundation for their generous support of techPresident's WeGov section.