Time to Ring In Some Changes
Secure Communication with RingBy
In the last few years, secure text, voice, and video transmission have become major areas of free software development. One of the leaders in this field is Ring.
Ring is a GNU communication project started by Savoir-faire Linux. Based in Montreal, Savoir-faire Linux was founded in the late 1990s, when the possibilities of free software were first being widely recognized. “Our bet was that open source software would become a key player of the world’s digital economy and that organizations that wouldn’t be open source experts would need partners like us,” says the Ring team. The bet paid off, and today Savoir-faire employs a multidiscipline team of 150 employees, working with “tools ranging from Red Hat to the Azure cloud” and designing products on every level, from kernel hacking to application and mobile development. In addition to Ring, the company contributes to a wide range of projects, including the Linux kernel, FFmpeg, Debian, Buildroot, and Eclipse.
What makes Ring stand out as a telephony solution is its attention to cutting edge security techniques. Ring as a whole depends on OpenDHT, a library developed by Savoir-faire that is similar to the distributed hash table (DHT) used by BitTorrent to find peers sharing a file on a network. Each installation of Ring runs its own DHT node, so users connect peer to peer and control their own accounts and identities; damage to systems from denial of service attacks and natural disaster is therefore contained rather than affecting the entire network.
Ring identifies users via their RSA public key, with control of an account defined by control over a particular private key. Different devices connected to the same account are associated with an x509 certificate chain, with each device assigned a new key and certificate pair signed using the main Ring account’s private key. The certificate chain is verified each time a device is used to prevent man-in-the-middle atacks.
A somewhat novel aspect of Ring is its use of an Ethereum blockchain – a free software version of the distributed databases used in other distributed systems, such as Bitcoin – as a directory of user names. According to the Ring team, in the first versions of Ring, users could identify each other only by their public key fingerprints – a 40-character hash that is cumbersome to transmit and difficult for humans to use. By using a blockchain, in newer versions of Ring, users can register unique usernames without the need for a centralized database.
Information is shared through Ring with perfect forward secrecy (PFS) protocols, which change the exchanged keys in each session. Media streams do much the same, using a Secure Real-Time Transport Protocol (SRTP).
The User Experience
Such details have been a major obstacle to the general use of security and encryption. As the Ring team notes, users are accustomed to weak security, such as passwords on email, and can be reluctant to change their habits, even when the necessity is obvious. In fact, a truism in security circles is that, when asked to choose between convenience and security, users will almost always choose convenience. In this situation, the challenge for the developers of applications like Ring is to provide the features that users expect without compromising the distributed network and encryption.
Ring is currently in beta release, but it is already well on its way to balancing these requirements. Ring can be downloaded for Android, GNU/Linux, Mac OS X, and Windows, along with full instructions for each. For GNU/Linux, recent releases of Debian, Ubuntu, and Fedora are officially supported, with options for installation from the project site, packages, and tarballs. The only potential problem is that releases are not upgradable, which means that an installed version must be removed before an upgrade is installed. If not, the users of one version cannot communicate with the users of another.
Once installed, users must register with the blockchain, using the starting wizard to register an avatar, user name, and password. Users may also want to adjust the settings, configuring such features as notifications for calls and chat, and the position of the chat window on the desktop. Users may also want to install Ring on other devices, associating the device with the already installed account and adding a PIN to the new device, so they can receive incoming calls without being on a particular device.
With this setup, Ring works much like Signal or the standard Android apps for voice and chat messaging. However, you might want to study Ring’s other features before you need them. The feature list includes putting a call on hold, disabling the microphone and video camera, recording audio, and sharing screens and files.
Overall, Ring is not as easy to use as the apps on the average phone. However, the beta hides much of the complexity from average users and is a promising indicator of what the general release will be like. The biggest challenge, says the Ring team, is to provide the same features across different platforms.
Ring already includes many features that similar software does not. However, before general release, Savoir-faire hopes to add such features as content management; synchronized contact lists; history, group chat, and enhanced file sharing; and improved encryption for texting. “In general,” says the Ring team, “we work to make Ring as user friendly as possible while preserving user privacy and the distributed nature of Ring.”
Future plans include bringing Ring to embedded systems, smart TVs, and other Internet of Things devices – all supported by documentation.
Ring is an ambitious effort that appears to be making a successful transition from a walled garden to a public project. Although it has not reached the level of simplicity for the end user as its rival Signal, it is not far off and offers more features, as well. If Ring can develop its user interface as well as it has its behind-the-scenes technology, it has a strong chance of becoming one of the leading free software tools of the next few years.
The bug was introduced back in 2009 and has been lurking around all this time.
The new release deprecates the sshd_config UsePrivilegeSeparation option.
Lives on as a community project
Five new systems join Dell XPS 13 Developer Edition that come with Ubuntu pre-installed.
The Skype Linux client now has almost the same capabilities that it enjoys on other platforms.
At CeBIT 2017, OpenStack Day will offer a wide range of lectures and discussions.
A major setback for the Linux desktop.
Improved support for GPU in virtualization.
News site for the openSUSE community falls victim to a Wordpress exploit.
The source code is available online.