​BitTorrent unwraps chat app Bleep

BitTorrent's new instant messaging program doesn't store metadata and offers end-to-end encryption.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
3 min read

BitTorrent's new chat app Bleep promises encrypted, decentralized chats. BitTorrent

Why did BitTorrent call their new Windows chat program Bleep?

"We never see your messages or metadata," said Jaehee Lee, the senior product manager for Bleep, in a blog post announcing the new app on Wednesday. "As far as we're concerned, anything you say is 'bleep' to us."

The chat application promises real messaging secrecy that slices through the technological Gordian knot of encrypting instant message traffic by using the same decentralized approach behind torrents. Windows 7 and Windows 8 users can sign up now for the Bleep pre-alpha.

While BitTorrent would no doubt love for the entire world to start using Bleep, Lee said that the app should appeal immediately to people in four kinds of situations: friends who want to keep a conversation private, reporters looking to have privacy-protected or anonymous conversations with sources, private communiques among diplomats, and businesses wishing to keep message content safe from leaks or industrial espionage.

BitTorrent's Director of Communications Christian Averill said that the company is focusing on building Bleep, and it's not concerned with making money from it at the moment.

"We will explore the monetization opportunities at an appropriate time," he said.

In the works for close to a year, the previously-unnamed instant messaging app and the engine that powers it improve messaging protocol security by decentralizing it, the same way that BitTorrent decentralized downloads. Bleep is available today as a Windows-only download, but it's a rough pre-alpha. While anybody interested can request an invite, it's best to stay away from Bleep until it becomes more stable.

Other platforms are expected to get their own versions of Bleep as the Windows version becomes more usable. Bleep doesn't store any metadata ever, so it wouldn't be subject to the legal standards that govern metadata collection. Contacts connect to each other through others nodes in the network, so there's no central address lookup, and its end-to-end encryption relies on advanced encryption protocol such as curve25519, ed25519, salsa20, poly1305. Assuming that they have been properly implemented, this would make Bleep very secure indeed.

Currently, Bleep supports text-based messages and voice calls when a contact is online, and the app works on Windows 7 and 8. Android and Mac OS X support are due when Bleep reaches its alpha release in the coming months. Offline support, along with the ability to have more than one installation, is due later. So for now, you're not only restricted at this point to Windows, but to one specific Windows computer. That's expected to change as Bleep develops.

You can sign up with an email address, phone number, or even as unlisted so that you don't have to provide any personal identifiable information. Testers can invite their friends and can import their Google address book.

The biggest problems with securing instant message traffic on the Internet have been getting messages to go to the right target -- without revealing its contents. Messages for most chat apps are sent from your device to a centralized server, and then sent on to the recipient. However, traditional implementation of message encryption hides the message content and the addressee, obfuscating where it's supposed to go.

BitTorrent Bleep decentralizes your instant messages using similar technology that decentralizes torrent downloads. BitTorrent

Lee explained that Bleep solves both those problems. It uses the same kind of Distributed Hash Table (DHT) that decentralizes torrents for BitTorrent and uTorrent, so that while the lookup and locate components of the message are sent to a server, the message contents have been stripped out and are sent directly to the addressee. The DHT used with Bleep has been updated by BitTorrent to support encryption.

BitTorrent explained how the decentralized DHT works in a blog post from December 2013:

With BitTorrent Chat, there aren't any "usernames" per se. You don't login in the classic sense. Instead, your identity is a cryptographic key pair. To everyone on the BitTorrent Chat network at large, you ARE your public key. This means that, if you want, you can use Chat without telling anyone who you are. Two users only need to exchange each other's public keys to be able to chat.

By using public key encryption in conjunction with forward secrecy, BitTorrent is able to encrypt messages while ensuring they reach their destination.

BitTorrent might be in a position to succeed with protected instant messaging where others have failed. Although companies like Google are working on plans to encrypt chats and emails end-to-end, their business models depend on the kind of data mining that BitTorrent avoids.