Security researchers have teamed up for the independent Invisible.im project – instant messaging client, designed specifically for “whistleblowers and media sources who wish to remain anonymous” that leaves literally no trace, scrubbing of any kind of evidence after the conversations.
The spy-proof chat system, which is claimed to become the “de facto standard for instant message conversations on the Internet,” is still in its early stages. The IM is said to allow anybody to communicate with anyone in an “anonymous” mode without “leaving a retrospectively recoverable forensic trail behind on third-party servers.”
Invisible.im claims its goal to be creating a platform simple enough for anybody, who has information, to get connected and share it with journalists and public interest groups securely and privately without being traced.
The project, which is currently looking for developers, is the creation of Metasploit Founder HD Moore, Australian security analyst & Risky Business security podcast host Patrick Gray, infosec and opsec experts The Grugq and another researcher, Ducktor Richö.
Patrick Gray tweeted that the project has had a great welcome, stating “We’ve had a great response so far though… a bunch of coders and even a offer to support Farsi. Will be getting back to people tomorrow.”
The project is built around XMPP, the most widely used chat protocol, to set up a local XMPP server on the users’ system and connects to a TOR hidden service that encrypts Internet traffic to provide greater privacy. Chats are said to be encrypted using Off The Record (OTR) encryption plug-in, along with “ephemeral” feature that deletes the messages once the conversations ends.
Invisible.im team is looking for developers and security experts knowledgeable in various platforms Windows, OS X and Linux, the darknet, specifically the i2p anonymisation network and even Tor.
Invisible.im is likely considering the addition of “address book” feature to make it easy for users to contact other people, which will give cryptographically verified addresses, a more secure mode in chat. However, it is not possible to know each other’s “buddy lists” or if any two persons have even had a conversation.
The creators of Invisible.im have acknowledged that any system developed under the project is never going to offer 100 percent level of anonymity in all circumstances. Especially, if the source is already a target of surveillance, the project cannot “facilitate secure, anonymous chats.”
