BitTorrent launches private secure messenger Bleep to the public
We looked at BitTorrent Bleep in mid-2014 for the first time when it launched as a private beta. The messaging application, available for the mobile platforms Android and iOS, and the desktop operating systems Windows and Mac OS X, promised end-to-end encrypted messaging in a decentralized environment.
BitTorrent launched Bleep to the public yesterday and with it come new features and improvements. Time to take another look at the application to see what changed and how it works now.
The first great feature of Bleep is that you don't need to register an account to start using it. All you do is enter a nickname which your friends and contacts see in their contacts bar and in chat.
You may however have Bleep look through your list of contacts to find friends who already use it or add an email address or phone number to it so that your friends can find you easier.
That's however completely optional and if you prefer not to do so, you don't have to as there is another option to add contacts to Bleep.
Note: if you don't add an email or phone number, a not-verified badge is displayed in the contacts listing.
All Bleep installations use public and private keys, and offer options to add contacts using public keys. So, to add a contact without revealing anything about you, you simply add their public key to Bleep.
On mobile devices, this is usually done by scanning a QR Code using Bleep's built-in scanner while desktop users need to enter the public key manually.
One issue here is that the public code is not displayed on mobile devices while it is displayed on desktop systems which means that you cannot add mobile users currently to desktop environments that Bleep is running on. So, if you want to establish a connection between a desktop client and mobile device, you need to initiate it from the mobile device and verify it afterwards on the desktop.
To communicate select a contact and start writing a message. One of the new features of Bleep is the whisper option which is used to send self-destructing messages from mobile devices or the desktop apps.
Please note that you need to hold down the Shift-key on the desktop to send a whisper as there is no indicator or button you can press or tap on as there is on mobile devices.
To do so select the whisper option on your mobile device or hold-Shift on the desktop, enter a message and add photos if you like, and hit send afterwards.
The message is displayed on the recipients device as a new whisper message. It needs to be activated first and is from that moment on displayed for 25 seconds before it is deleted automatically.
The protection on mobile devices blurs some information on mobile devices from being captured. Basically, the name of the sender is not displayed in full on whisper pages. While you can reveal it, that will automatically blur any photo that is visible in the conversation so that one or the other cannot be captured this way.
But Bleep is not only about texting and sending pictures as it supports audio calls as well. Simply activate the call option after you have selected an account to call that account from within Bleep.
Calls just like messages are protected end-to-end and connected directly between recipients without use of the cloud.
Verdict
There is certainly no abundance of messaging applications but Bleep sets itself apart in several ways that I like a lot.
For instance, it can be used without revealing information about yourself or even registering an account. While that limits visibility somewhat, it may not be an issue at all depending on how you want to use Bleep.
It does a lot of things right from a privacy point of view besides that. Connections are direct end-to-end encrypted so that personal information or metadata are not leaked to a cloud server somewhere on the Internet.
Martin, do you trust online installers?
I will skip this since I cannot examine it with my security tools. I never install a program which doesn’t provide a decent offline installer.
Martin, one thing you didn’t mention is asynchronous or “offline” messaging. Bleep is one of the few (the only?) encrypted p2p messaging apps which supports storing messaging in the DHT. That allows sending messages to offline contacts. See http://blog.bittorrent.com/2014/11/21/offline-messages-come-to-bleep/ — This is light years ahead of TOX for example.
The one thing missing in Bleep still IMO is message synchronization across devices (e.g. desktop and mobile.
David thanks for mentioning that!
Bleep’s audio sucks. Audio “loops” too much compared to nice apps like Skype or even Jitsi.
No way to alter the audio/video settings.
The program itself crashed a bit and I could not get it to close a few times.
Jitsi might be the only open source program that comes close to Skype.
All these programs need much more development work.
I recommend looking into Tox. https://tox.im/
This is another piece of software that I have been looking forward to from the BitTorrent team.
I like the thought of making encrypted calls from one computer to another that would be difficult to intercept by third parties.
I was hoping that this client would serve as a per-to-per substitution for Skype, I would like to get all of my contacts to communicate with me exclusively through encrypted per-to-per means like BitTorrent Bleep… although I must say that I wish the desktop client were a little more appealing in the user interface design department, the awkwardness of security is that it is a little cumbersome, facilitating that process would make being secure online more appealing for those who are interested in doing so.
If the Snowden Leaks taught us anything, it would be to be more careful from now one when it comes to your internet activity because you never know who is out there siphoning up all your data.
The apparent paradise that was once the internet is slowly being ruined by these institutions who seek to aggregate and track our data.
I don’t trust chat applications that aren’t open source. I’ll stay with Conversations, great xmpp app.
Is Bleep available to use for Windows XP? As Microsoft put it on rest previous year.
I’m almost sure I’m getting lost here but how can this app be completely p2p?
If I install it, set a nickname, then try to message one of my contacts, without them registering an account with a verified email address, there must be a central server involved to search for my contact’s nickname. There must also be a central server validating nicknames for uniqueness wouldn’t there?
Yes, if you use email address or phone, then they are registered so that you can find them. But you can add users using their public keys as well without using servers to do so.
I don’t have any information how that is handled on the backend though, what’s saved there and what’s not.
What is their business model ? Voice calling for free ? How are they affording it ?
I don’t think they have lots of overhead apart from development. The voice calling is peer to peer (direct). If I had to guess, they may introduce a Pro version in the future or a business version.
Of course they will. They are the same company who ruined μTorrent.