Once upon a time, whistleblowers relied on tricks like fake glasses and invisible ink to conceal their identities. Now those analog disguises are getting a digital makeover, thanks to a project called Invisible.im.
Invisible.im is designed to be a “leave no trace” tool for messaging and file transfers. The initial version of the site is being designed with whistleblowers (think Edward Snowden) and journalists in mind, but the vision is broader than that.
“There is no reason people need to expose their conversations to mass surveillance, interception by their service providers, law enforcement or intelligence agencies,” write the founders, a team of four security experts. “We want to make absolute privacy from mass surveillance the default.”
Secure communications, and the privacy of metadata in particular, have become hot topics ever since investigators began to reveal the extent of surveillance efforts underway at the National Security Agency, as well as the CIA and FBI. Leaked documents revealed that agency officials were able to capture metadata, such as geolocation information, without a warrant. Last month President Obama introduced a set of reforms designed to placate uneasy voters; the revised policies have curtailed metadata surveillance, but have not eliminated it.
While there are dozens of online tools for anonymous communications, like Off the Record, most leave trails of metadata that law enforcement officials can easily obtain and use as evidence. Invisible.im, still in its prototyping phase, aspires to reduce that problem.
Invisible.im doesn’t claim to be foolproof, but its ability to conceal all metadata does represent an improvement over existing practices. In addition, the tool’s designers are considering a “help bot” feature that would provide whistleblowers with a “buddy list” of verified journalists. According to the founders, with Invisible.im’s architecture “the anonymous party can verify the journalist, but the journalist can’t verify the anonymous party.”
Of course, whistleblowers who have already been bugged are out of luck. As the founders make clear, “If a source is already the subject of targeted surveillance, Invisible.im cannot facilitate secure, anonymous chats.”