Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Twister – An Open Source, Encrypted, Peer-to-Peer Alternative to Twitter

Twister – An Open Source, Encrypted, Peer-to-Peer Alternative to Twitter
Twister – An Open Source, Encrypted, Peer-to-Peer Alternative to Twitter

Freitas had relied on Twitter to provide the news that his local media excluded during the Brazilian political protests of last June. But when news of the extent of NSA surveillance began to emerge, he became concerned that so much information was accessible under court order or surveillance from just one company. His solution was to develop a Twitter-alternative that keeps private messages private and inaccessible even to the NSA.

“As much as I like using Twitter for news reading, the possibility of a single entity being able to control this important flux of information made no sense to me,” Freitas told Wired. His solution is called Twister – an open source peer-to-peer encrypted micro-blogging platform that borrows code from Bitcoin and BitTorrent. 

Because it is encrypted, even if intercepted, private (direct) messages cannot be read by anyone other than the intended recipient. The encryption used is the elliptic curve algorithm (not the same as that subverted by the NSA) that is used in bitcoins. It is thought to provide security comparable to a 3072-bit RSA. Since it is recorded nowhere, it cannot be subpoenaed by any court – but with the obvious corollary that if the user loses his key, he permanently loses access to all existing private messages.

Because it is peer-to-peer, there is no central server from which 'twists' can be recovered by a third party (for which, read Prism). It is designed, Freitas explains in a FAQ, "so that other users can’t know if you are online or not, what your IP address is, or which users’ posts you might be reading. This information is recorded nowhere." But he also warns that he cannot fully guarantee this. "What I’m trying to say is that I personally have no means of doing it, nor any other normal user. However if one entity is capable of recording the entire internet traffic, he will probably be able to sort out exactly where you are connecting from (your IP address). If this bothers you then you probably already know the solution: use Tor."

But even if a single entity, for which read the NSA and GCHQ, "is capable of recording the entire internet traffic" (and this is not entirely impossible), what it gets is partial metadata only – that entity will be incapable of reading the content however much it tries (with currently known technology).

Twister was developed under Linux. Freitas has successfully ported it to Android and OS/X (both Linux-based operating systems). "Because the UI is just HTML5/Javascript," he comments, "porting it to other platforms is only a matter of recompiling the daemon. Windows, Mac and iPhone are certainly possible but I have no resources myself to do it." That is a clear invitation for the open source community to take up the challenge.

"Another more interesting long-term goal," he adds, "is to move all cryptography code into browser’s Javascript UI. This way users would be able to access twister from any client platform they use, choosing any third party server they want, while still keeping their private keys safe."

What’s Hot on Infosecurity Magazine?