
BitTorrent Bleep Now Publicly Available Across All Major Platforms - xngzng
http://blog.bittorrent.com/2015/05/12/bleep-private-messenger-now-on-all-major-platforms/
======
joshstrange
I don't trust anything released by BitTorrent. Sync was a huge let down and
frankly I'm not going to waste my time on any more of their software after the
ad/toolbar/bitcoin-mining infested installers they put out for uTorrent...

~~~
higherpurpose
Care to elaborate on why Sync is a huge let down?

~~~
zaroth
Sync was great until it locked all my folders and demanded $39 to start
working again. Their free tier makes it sound like you get 10 shares free but
I think it actually turned out to be 10 folders _including_ sub-folders within
a share...

~~~
danieldk
_I think it actually turned out to be 10 folders including sub-folders within
a share..._

No. The documentation says it is 10 shares with any number of subfolders and
that is also my experience - when the Pro trial expired, I could sync 10
shares with a large number of subfolders without any problems.

Of course, changing the number of shares from unlimited to 10 was a bait and
switch move, and a scam because their website said that they wouldn't remove
any functionality from the free version.

Also, it's very weird that they switched to a subscription model. You bring
most of the infrastructure (bandwidth & disk space) and they bring mostly
software (and some infrastructure). Why not just let people buy the
software?!?

~~~
seanp2k2
Because then you don't generate recurring revenue. Microsoft also gets this
now (finally).

------
Cantremeber
No mention of it being open source and after what happened with Sync I don't
understand who would use this.

~~~
azdle
Wait, what happened to sync?

~~~
rpedroso
There was some concern about the security of the product:

[http://2014.hackitoergosum.org/bittorrentsync-security-
priva...](http://2014.hackitoergosum.org/bittorrentsync-security-privacy-
analysis-hackito-session-results/)

These concerns were amplified by the difficulty of auditing a closed-source
product. Their argument that hashes are one-time secrets and not permanent
keys is difficult to validate without access to the source.

~~~
lewisl9029
I personally switched to Syncthing (and the Syncthing-GTK GUI) and never
looked back.

------
black_puppydog
I am particularly annoyed by the name "Whisper" for the "25 seconds only"
messages: It got me to read on because I thought they interfacing with
WhisperSystem's protocol for TextSecure. Because, open protocols, federation
and all that. Would have been nice, right? Well, thumbs down for that.

Also, if you don't trust the other to not _want_ to log your conversation,
don't send sensitive stuff. But then again people do seem to like snapchat and
thelike, so I shouldn't judge too much there maybe.

~~~
robmcm
I guess it's a slight reassurance, for example if I want to send a password to
someone I trust, I could do it with whisper knowing if someone picks up their
phone in a weeks time it will be gone.

------
pnt12
That screenshot protection thing is kind of dumb. As they show in their
website, you take 2 screenshots and there you go, name and message.

You can say you make it harder to take screenshots but you cant promise a
secure way to prevent people from saving the data you send them. That's
unfeasible, its promotion of false security.

------
sandebert
Apparently "all platforms" means Mac, Win, IOS and Android. Not to be snarky,
but that's not even close to "all", even if we exclude esoteric ones with
extremely few users.

~~~
derefr
Now available across all major app stores.

------
sarciszewski
Warning: This is going to sound mean. Feel free to skip it if mean words upset
you.

They claim to support "all major platforms" then completely skimp out on Linux
and BSD.

Bleep isn't open source.

They claim to provide privacy, and their testimonials read:

    
    
        Software Engineering at it's finest. If you haven't read
        the blog post on this app then you need too. Once you see
        how it works your gonna want it. Most secure messaging
        I've seen yet.
    

That's great, now show me the source code so I can decide whether or not it's
the most secure messaging _I've_ seen yet.

Publish the git repository. Make it run on GNU/Linux and *BSD.

Or get the fuck out and stop making claims you cannot back up.

    
    
        DDDD   i    t          h      TTTTT  h     i   sss 
        D   D     ttttt   ccc  h        T    h        s 
        D   D  i    t    c     hhh      T    hhh   i   sss
        D   D  i    t    c     h  h     T    h  h  i      s
        DDDD   i     tt   ccc  h  h     T    h  h  i   sss
        
          BBBB   U   U  L    L     SSSS   H  H  I  TTTTT !
          B   B  U   U  L    L    S       H  H  I    T   !
          BBBB   U   U  L    L     SSSS   HHHH  I    T   !
          B   B  U   U  L    L         S  H  H  I    T    
          BBBB    UUU   LLLL LLLL  SSSS   H  H  I    T   !

~~~
GutenYe
Open source is the way to go.

------
FreeKill
I'm very intrigued by Bleep, I think that attempting to leverage the bitorrent
protocol in a chat platform is a unique take, that I would like to see
continue to evolve.

However, I think it's important that they open the source up for this project
and even potentially offer the ability for me to install and run my own
server. I think until they take those steps, it will be difficult for them to
gain any kind of large following.

~~~
mike-cardwell
Run your own server? From my understanding there is no server involved. It is
peer to peer and peers find each other by using DHT. It's closed source
though, so you have to take their word on that.

~~~
gcb0
it's bi bittorrent. you need a tracker.

how do you think one client can find another? i hope you don't think it was a
internet wide broadcast... :)

~~~
mike-cardwell
My understanding is that you don't need a tracker when using the DHT. I'm not
sure what the bootstrap method is to find the initial peers to start accessing
the DHT, but once you've found one peer, it's easy enough to find more. Feel
free to correct me.

~~~
gcb0
Thats nonsense. The clueless torrent news sites like to boast that you dont
need a tracker for dht, just a 'bootstrap node'. Whick is exactly a tracker.

Its one simple node which address is hardcoded in the clients. So, it is a
tracker, just not a full bittorrent tracker.

------
spullara
There is no way to make a service that guarantees that messages are erased
with current mobile technology that doesn't allow you to make another client
that saves the message. Snapchat and the FTC had a conversation about this.

[https://www.ftc.gov/news-events/press-
releases/2014/05/snapc...](https://www.ftc.gov/news-events/press-
releases/2014/05/snapchat-settles-ftc-charges-promises-disappearing-messages-
were)

------
lenova
I would love to hear Moxie's thoughts on Bleep and whether he thinks this is
secure or not...

~~~
dmix
Two benefits over TextSecure that I can see:

\- Doesn't require your mobile phone number to use it

\- Not dependant on google services on Android

Downsides:

\- Cant beat Textsecures crypto \- Not opensource

The last two points make this a no-go for me.

~~~
higherpurpose
Another benefit is that it's P2P, which doesn't do much in terms of privacy
(although Bleep's website claims that it does somehow...) but it can help with
censorship - think Turkey, Iran bans of apps and services. I think even Brazil
wanted to ban Whatsapp at some point.

I wouldn't consider it a top 5 priority right now, but I do hope OWS takes
into consideration making Signal P2P as well in the future (perhaps with some
new technologies that may appear or mature by then).

My own priorities for what I want to see in Signal/Textsecure next:

1) integrated Android app

2) desktop client (ideally web/browser-based, but if that's not too secure, I
could live with a native app, too, maybe one that works only through Windows
10's store for the sandbox security and digital signing benefit, as well as
for the new auth features)

3) video-chat support

~~~
dmix
Re #2: TextSecure has a web/chrome extension version in development:

[https://github.com/WhisperSystems/TextSecure-
Browser](https://github.com/WhisperSystems/TextSecure-Browser)

------
dotBen
Some things are highly valuable but just don't make sense to monetize. Bit
Torrent is a great example of that.

BitTorrent Inc is evidently scrambling to find a way to monetize the core
technology having raised money and promised investors it would do that.

They just laid off a %age of their staff, which indicates to me the end of the
road might be nearing and Bleep maybe one of the last attempts they have to
pull something off.

I love Bram, but IMHO Bit Torrent should return to being a true open source
technology developed by the community.

~~~
Thlom
They could potentially have sold BitTorent technology/software to companies
that needs to move lots of data across multiple nodes. Instead most of them
use libtorrent.

~~~
zbyte64
I don't think that makes sense. It is kind of like selling TCP/IP before the
internet age ; network standards should be just that - an open standard that
is open to all players.

------
danieldk
One thing that is missing from the marketing copy: even if you accept a
closed-source messenger and forget the whole uTorrent saga, what's the
monetization model here? What costs can we expect in the future and where?

(The cynic in me thinks: Bleep 2 offers many new features, buy Bleep 2 Pro if
you communicate with more than 10 contacts.)

------
cmdrfred
What are the limits on implementing the bittorrent protocol? A open source
sync alternative seems doable (even if I had to resort to port knocking or
something), maybe build it on top of owncloud and get the best of both worlds?

------
leni536
So far I know these decentralized (supposedly) secure messaging
software/protocols:

    
    
       1. Bleep
       2- Tox
       3. Ring (formerly SFLphone, DHT based authentication)

~~~
zbyte64
Add OTRTalk to the list:

[https://github.com/mnaamani/otrtalk](https://github.com/mnaamani/otrtalk)

------
higherpurpose
What's with the super weird installation process on Windows?

Also very little information about how everything works on its website (the
technical stuff, especially for security).

~~~
sarciszewski
Security through obscurity, exhibit A.

Just kidding, we know there are too many exhibits for even Unicode to
enumerate.

------
tui
I tried it for 5 mins,the encryption is freaky slow. Telegram is still my
favorite private chat app

~~~
lxgr
"Private"?

------
baran1
What about Telegram?

~~~
MichaelGG
Telegram should be avoided. They do weird things with their security and
ignored criticism on it. The key verification requires checking an image, so
you can't do it over the phone. Plus closed source, so you're very likely
entirely depending on trusting Telegram.

Their response to using AES IGM? It's along the lines of "yeah this strange
mode no one uses has issues but not in the way we use it so whatever. We've
got math PhDs, so trust us."

I'm no expert, but I get a really bad feeling about them, since it's the
totally wrong attitude to take.

~~~
leni536
>closed source

I can't comment on the other arguments, but the client of Telegram is
certainly FOSS [1]. Their service being open source is irrelevant, since you
couldn't verify it anyway.

[1]
[https://f-droid.org/wiki/page/org.telegram.messenger](https://f-droid.org/wiki/page/org.telegram.messenger)

------
userisuser
Why not use Kik? Its a more popular closed source messenger.

~~~
mike-cardwell
Kik is not end to end encrypted. Kik the company can access any message you
send or receive.

~~~
cbd1984
And how do you know the same isn't true here?

~~~
mike-cardwell
We don't know what the truth is. We know what we're being told though. And Kik
is telling us that their messages aren't encrypted end to end, whilst
bittorrent are telling us their messages are.

