New Instant Messenger Plans to Leave No Metadata Worth Harvest​ing

A murders' row of cyber security experts have announced their intention to produce a new instant messaging service, designed for government and corporate whistleblowers (obviously) and the journalists they blow their whistles to. This should be fun.

Invisible.im is still in its nascent phases, but has a functional proof-of-concept, according to its FAQ, which lays out in broad strokes the group's primary intention with the software: to better anonymize the metadata in communications between journalists and sources. From the FAQ:

As demonstrated several times over, the content of communications barely matters when determining the identity of a leaker. Simply proving that a communication occurred between a source and a journalist prior to the publication of a story/package is often enough to see the source identified, fired or arrested. In some countries the identification of a journalist's source can even result in their torture and murder.

In other words, the general context of the communication can almost always be inferred from the "metadata", which is information about a communication, not the content of the communication.

Toward this end, Invisible.im does several things that differ uniquely from other popular options (e.g. linking up a Jabber IM account with Off The Record encryption à la training from the Center for Investigative Journalism).

In current IM services, user's install an XMPP client that then connects with — and, more often than not, stores messages with — that company's servers, Yahoo, AIM, Jabber, whomever. Invisible's strategy is to let the user locally run their own XMPP server, a handy trick that allows for more robust anonymity when the chats are run through a distributed anonymizing network, like TOR or I2P. Invisible.im also forces Off The Record encyrption on all of its chats, automatically generating and discarding encryption keys between each session, so that no potentially incriminating keys are left on a source's hardware, if and when that hardware's confiscated. ("Journalists will have established, provable ID," according to one member of the Invisible.im team.)

Is it a foolproof system? No. The group readily acknowledges that.

Will your confidential source always wind up hemorrhaging blood on the concrete floor of a parking garage, with just enough breath to whisper one last cryptic message before dying in your arms? Yes, dammit. Why!? Who is behind this? Who let us fool ourselves into thinking it would be different this time!?

Four people are currently attached to Invisible.im.

One of the big names is HD Moore, a founder and developer of Metasploit, an open-source suite of penetration testing software, and the Chief Research Officer of Boston-based security firm Rapid7. (Penetration testing software is sort of an industry-wide euphemism for "scary impressive digital armories of hacking tools that, frankly, could just as easily be used for mischief or evil, but which we promise we only use to test your systems against such mischief/evil makers." Good penetration testing software is cool.) Another is "the Grugq" — a Bangkok-based security researcher who, according to Forbes, once had a sideline selling software vulnerabilities, zero-day exploits, to government agencies on behalf of even more privacy-conscious hackers. Rounding out the Invisible.im team are Australian IT security analyst Patrick Gray, who has a podcast about such things, and some guy that's calling himself Ducktor Richö, M.D. on Twitter. He seems pretty chill, actually:

That's Invisible.im! Get stoked!

[h/t the Register; invisible.im logo via invisible.im; invisible man ascii art via scoop.it]