Privacy and anonymity

Privacy claims

Ring is a Free Software project. Its main purpose is to provide a distributed communication system which respects users' confidentiality by not having any centralized servers.

Ring uses distributed hash tables for establishing communication. This avoids keeping centralized registries of users and storing personal data.

However, we can't assure that Ring provides complete anonymity and privacy over the network. We know of two possible weaknesses.

One possible weakness is that OpenDHT collects and saves metadata. This makes it possible for eavesdroppers to observe the traffic on some DHT node and see who is talking to whom. However, they won't be able to access the contents of the conversations.

A second possible weakness is that Ring keeps the user's passphrase in memory for the length of a session. This could be the source of a vulnerability in some (rather unlikely) circumstances.  We are studying how to avoid keeping it in memory.

Finally, Ring has not yet been studied thoroughly, so we cannot make categorical assertions about the effectiveness of its security and anonymity.

We will update this page to follow the development of Ring.

We welcome your suggestions or reflections about these points; please write to our public mailing list, <ring@gnu.org>.

Acknowledgements

A special thanks to:
- Mr. Mike Gerwitz, GNU maintainer and volunteer whose expertise and feedback on aspects of Ring's security were a great help for our team.
- The FSF and Mr. John Sullivan for supporting the Ring project.