Twister is free software for experimental peer-to-peer microblogging. Being completely decentralized means that no one is able to shut it down, as there is no single point to attack. The system uses end-to-end encryption to safeguard communications. It is based on both BitTorrent and Bitcoin-like protocols and is considered a (distributed) Twitter clone.
Twister is experimental software in alpha phase, implemented as a distributed file sharing system. User registration and authentication is provided by a Bitcoin-like network, so it is completely distributed and does not depend on any central authority. Distribution of posts uses Kademlia distributed hash table (DHT) network and BitTorrent-like swarms, both provided by libtorrent. Included versions of both Bitcoin and libtorrent are highly patched, and intentionally not interoperable with the already existing networks.
As a completely decentralized network, no one is capable of incapacitating Twister since there is not a unique point of attack to the system. Twister uses end-to-end encryption to protect the communications. Furthermore, Twister is designed to prevent other users from knowing your GSM localization, IP address, and who you are following. Users can publish public messages as with other microblogging platforms, but when they send direct messages and private messages to other users, these are protected from unsolicited access.
The Brazilian computer engineer and programmer, Miguel Freitas, started developing the new social network after learning about the massive spy programs of the USA's National Security Agency (NSA) as revealed by the NSA whistle-blower Edward Snowden. He started to worry about the accessibility of that amount of information under the control of a single company under American jurisdiction.
According to Freitas, Twitter has been the social network that has helped the most to promote democracy and to organize protests, as the magazine 'Wired' claims. He believes that massive surveillance by the likes of the NSA makes it dangerous to provide personal information to the social networks that currently exist. For this reason he decided to build a new system based on privacy-preserving technology.
Freitas used to believe that in the future, social networks would be based on decentralized protocols and with no central point of control. But on learning that existing social networks were already massively compromised by the state he began to take action with the development an alternative service based closely on Twitter.
After a while, Miguel and his developer, Lucas Leal, considered the alpha version of the application for Android, Linux and OS X. The versions for Windows and iPhone aren’t planned, but, since it is open source, any of them is free to migrate the application for other operating systems.
Even though the project is in this moment in alpha phase, Brian Armstrong, co-founder of Coinbase, believes that it is a great example of how the open protocol of Bitcoin can be used with diverse purposes.
Twister is a decentralized system, but instead of other networks of this kind (like pump.io / Identi.ca, StatusNet / GNU social or Diaspora), it doesn't require you to use your own server or doesn’t require you to trust on a third one in order to use it. It works as a peer-to-peer program.
This is achieved through the bitcoin protocol (not through the net used by the cryptocurrency). Basically, the protocol handles the register of users and the accesses. In the same way the miners verify the transactions on the bitcoin network to secure that no one makes a double spent, Twister network verifies the users names and that the messages belonging to a specific user are really from that user.
The messages are driven through the BitTorrent protocol. This allows keeping a distribution system of a great number of messages along the network in a fast an efficient way; and also, allows the users to receive notifications almost instantly about new messages and alerts – all of it without the necessity of a central server.
Since Twister uses End-to-end_encryption, if intercepted the private direct messages cannot be read by any other person apart from the addressee. The code used is the elliptic curve cryptography (different from the one used by NSA) that is used in Bitcoin. It is thought to give a security level similar to a RSA code of 3072 bits. The data isn’t stored anywhere, so it can’t be used by any other cut. As a consequence, if you lose your entry password, it is impossible for you to access your private messages.
Because it is a peer-to-peer system, there isn’t a central server from which your publications may be compiled (see PRISM). As Freitas explains, the system is designed in a way that the users can’t know if the other is online, their IP address, or what messages have been read. This information isn’t registered anywhere. Despite this, Freitas warns to the users that anonymity may not be total depending on the circumstances.
Twister was developed under the Linux environment.
Another long-term interesting objective would be moving the whole cryptographic code of the implementation to the interface of the user of the browser. This way, the users would be capable of accessing Twister through any client platform that they use, choosing any third server and still maintaining the security of their private passwords at all times.
The first Twister prototype is intended for reproducing the basic characteristics of any microblogging platform. Including:
- Search of users and profiles of navigation
- Follow / Unfollow
- Sending of text messages limited to 140 characters
- Broadcasting and answering messages
- Browsing through mailing routes, mentions, hashtags and direct messages (private)
The private messages require the addressee to be follower of the speaker, which is a common requisite in most of the existing platforms.
Some other characteristics can be difficult to implement in a completely decentralized system, requiring more effort. This includes the arbitrary register of the words in the posts and the recompilation of hashtaghs to find out the main tendencies.
Twister uses the same parameters of elliptic curves as Bitcoin: secp256k1.This isn’t the curve that was usually implicated by the NSA, called sec256r1. A 256 bits of Public-key cryptography (no comprometido), ECC must proportionate a security similar to a key RSA of 3072 bits (al at least that is what is said by the experts) .
They usually stimulate the people who try to break the security in the systems with something that everyone desires, money. There are millions of $ USD on the table, coded with keys secp256k1 Bitcoin.
The direct application of messages encoding is based on an example code that was published on the Internet by Ladar Levison of Lavabit. It is known that Ladar took his service down because he denied cooperating with the US government that allows the control of all its clients.
Twister is a platform of microblogging peer-to-peer. This means that the communication is established between computers without going through a central node that would be the one who recorded the information.
There is not a company behind that provides the server or the machinery used, and that can detect in that case the conversations.
People who run a node can delete your posts in the DHT, but not block your account.
Due to the fact that the messages are sent directly from a user to another, without going through a central node, and also, in an encrypted way, -from beginning to end, it is encrypted on the exit and decrypted on the arrival- they travel in a private way through the web as a black-box. Besides, the IP directions are also protected.
In this application, our IP (the direction of our machine to go into the internet) is not recorded at any moment avoiding being followed by some entity or company.
According to Freitas, this guarantees the anonymity but does not mean that our IP won’t be detected from the ISP (Internet Service Provider) but that the content of the message won’t be visible except for some spy that knows how to decrypt breaking the algorithms.
In order to be 100% anonymous, you would have to use a browser that masks the IP such as Tor or another one similar protecting more against spies.