Researchers are working on an instant messaging application that will obscure metadata and other information generated through IM conversations between people.
The prototype app being developed by the Invisible.im project will in effect erase evidence that two parties have been chatting and make it harder to organizations such as law enforcement and government agencies conducting digital surveillance to gather evidence indicating that the people have been conversing.
The Invisible.im said it is working on this project because current encryption technologies are not enough to protect the content of communications between journalists and their sources for law enforcement and government agencies.
“Armed with nothing more than a polite request on the correct leatherhead, law enforcement bodies ( and indeed other government bodies) are legally entitled to obtain metadata records from ISPs, telcos and online service providers,” the organization explained on its Web site. “Simply proving that a communication occurred between a source and a journalist prior to the publication of a story is often enough to see the source identified, fired or arrested. In some countries the identification of a journalist source can even result in their torture or murder.”
The Invisible.im project was launched by Patrick Gray, an IT security analyst and H.D. Moore, chief research office for security and data anlytics firm Rapid7 and two other researchers known only as Ductok RichAP and The Grugq.
While the app is aimed at journalist, Invisible.im is also seriously considering creating a help bot service that will help members of the public find the contact addresses of verified journalists and public interest groups. The architecture will allow users to establish their own hidden service to communicate with a journalist with a hidden service address and verifiable identity. The anonymous party can verify the journalist, but the journalist can’t verify the anonymous party.
There are other systems similar to Invisble.im like the SecureDrop and StrongBox, but they are more complex and require a supporting infrastructure.
The Tor Project has a similar IM anonymity network. The Tor IM bundle still relies on on a third-party messaging server to relay messages. With this method, a record of conversation remains with the third-party server.
Like Tor (The Orion Router), Invisible.im is built around XMPP, a widely used chat protocol. However, instead of relying on other servers to transfer messages, Invisible.im sets up a local XMPP server on a user’s computer.