Veilid: A new secure peer-to-peer network for chat and messaging

 The Cult of the Dead Cow, a prominent Infosec group from DEF CON, has unveiled Veilid, an innovative open source project. This project facilitates applications to establish peer-to-peer connections and share information in a decentralized manner. The main objective is to enable various types of apps – mobile, desktop, web, and headless – to communicate privately and securely across the internet without relying on centralized systems, often owned by corporations.

Veilid offers a codebase that developers can integrate into their applications. This code enables their clients to participate in a peer-to-peer network, fostering communication within a community of users. During a DEF CON presentation, Katelyn "medus4" Bowden and Christien "DilDog" Rioux elaborated on the technical aspects of the project, which took three years to develop.

The system is primarily coded in Rust, complemented by elements of Dart and Python. It draws inspiration from both the anonymity features of the Tor service and the peer-to-peer InterPlanetary File System (IPFS). When two apps connect via Veilid, neither of the clients can ascertain the other's IP address or location. This approach enhances privacy and prevents app makers from accessing this information as well.

Veilid's design documentation can be found here, while its source code is available under the Mozilla Public License Version 2.0.

Unlike Tor, Veilid doesn't rely on exit nodes. All nodes within the Veilid network are equal. Even if entities like the NSA were to attempt surveillance on Veilid users, they would need to monitor the entire network, which is ideally challenging. Rioux likened Veilid to a fusion between Tor and IPFS, delivering a novel approach.

Each instance of an app employing the Veilid library acts as a network node, facilitating communication with other nodes through a 256-bit public key ID. There are no privileged nodes or single points of failure. The project is compatible with various platforms including Linux, macOS, Windows, Android, iOS, and web applications.

Veilid supports both UDP and TCP communication. Connections are secured through authentication, strong end-to-end encryption, digital signatures, and timestamps. The cryptography used, termed VLD0, employs established algorithms to avoid potential weaknesses. This involves XChaCha20-Poly1305 for encryption, Elliptic curve25519 for authentication and signing, x25519 for key exchange, BLAKE3 for cryptographic hashing, and Argon2 for password hashing.

Files saved by Veilid are fully encrypted, and encrypted table store APIs are provided for developers. Encryption keys for device data can be password protected.

The system ensures no tracking, data collection, or IP addresses are exposed, countering the monetization of internet use. VeilidChat, a secure instant messaging app akin to Signal, was developed as a demonstration of the system's capabilities. The potential success of Veilid could disrupt the surveillance capitalism landscape, potentially addressing previous mixed results in similar endeavors. The Cult of the Dead Cow is known for its effective accomplishments, making Veilid's prospects promising.

Previous Post Next Post