Frequently Asked Questions - Streembit

See below a list of our most frequently asked questions

Streembit is a decentralised communication network for humans and machines. You can send messages, make audio and video calls, send files, and even share your screen with another user.

If you wear clothes, use passwords, close doors, use envelopes, or sometimes speak softly, then you do have something to hide; you're just having trouble understanding that you already do care about privacy. Here are some references to help you understand why everyone, especially honest hard-working people, needs privacy. (source: REDDIT http://bit.ly/2n8530J)

There is no middleman. Every message goes directly to its intended recepient, and to no one else. Your data is not stored on a central server as it is in many current communication platforms such and Skype and Snapchat.

Yes! You can use it to communicate with devices as well. Streembit is built to bring the Internet-of-Things to life.

Yup. There will never be advertisements. It is also open source, meaning that the code is available to anyone to review or even use.

Nothing, no personal information, no email, no secret questions, all you need is a username and a password.

Incredibly. The combination of a decentralised network and unbreakable cryptography makes communicating through Streembit not only secure, but private. The basic premises of the Streembit security are

  • Human users and Internet of Things devices use public/private key (PPK) infrastructure and PPK cryptography functions to secure messages.
  • The system uses elliptic curve Diffie Hellman (ECDH) key exchange algorithms to facilitate the exchange of session keys.
  • Each actor of the system must generate a public/private key pair. (Typically keys are generated prior to configuring the device and will be burned into the devices’ firmware).
  • The device or user publishes the public key to other users of the system. We mitigate Sybil attacks with cryptographically secure identity management (i.e. the contacts know each other's public key).
  • The data integrity and authenticity of the messages is guaranteed with PPK signatures and embedded in JWT, JWS and JWE data structures.
  • Each session between users is secured with strong symmetric cryptography keys.
  • All messages between users are secured with 256-bit AES symmetric encryption/decryption.

A. DDoS attacks: Denial of service attacks are effective against centralized servers because only a small amount of servers are responsible for providing a service for their users. These servers can be flooded with requests from a large amount of computers/bots, making it impossible for them to do their job. On a decentralized peer-to-peer network, instead of a small amount of servers, you have a large amount of nodes doing this job. The bigger the decentralized network, the more uneconomical the DDoS attack would be. A perfect example of this is Bitcoin, since it's inception it hasn't experienced a single network outage. To even further prevent a DDoS attack, the IP address and port of Streembit nodes are encrypted. Centralized server vulnerabilities: With central servers, you never know what you are going to get. Do they encrypt your data that they store? Are they up to date on the latest security standards? Do their employees be careful when giving up user information, and watch out for social engineering attacks? Fortunately with Streembit none of these problems will concern you, your data isn't stored on a server and due to the nature of public key cryptography nobody even needs to know what your password (private key) is in order to verify that you are you.

Streembit uses public key cryptography in order to make sure that only white-listed accounts have access to your devices, and a Kademlia DHT for user/device discovery to connect you directly to your device.

Yes, once you have initialized your account by connecting to the Streembit public network, you will need to backup your account incase your computer crashes, or if you want to communicate from another computer or device. For your own privacy the network does not store your account information, so if you lose your account data it will be irretrievable. It is always a good idea to have a few backups.

Click on the Actions/Restore account menu item or the "Restore Account" button to start restoring the account from a backup file.

Yes, you can make a network that only allows users and devices you approve to join. The applications of a private network include businesses, your home, and even military operations.

Streembit uses a Kademlia DHT (distributed hash table) for user discovery and any distributed storage needs of the network. Contact information of each node is encrypted and stored in the DHT, as well as undelivered messages. Streembit will be able to fulfill other distributed storage needs of future applications built on the network.

Hiding metadata is practically impossible with the way the internet works. We don't hide metadata, but instead use well implemented cryptography to keep your communications private. This approach mathematically allows you to be absolutely certain your communications are private, rather than just hoping that your metadata is hidden.

When you create an offline contact offer you encode your public key, account name, and network connection details. You can then send this encoded text to who you wish to communicate with, and they can send you their offline contact offer. You can send this text in a letter, an online channel, or even HAM radio. How secure you want to be with it is up to you. Exchanging information this way eliminates the possibility of a man in the middle attack because you are not using central servers to exchange contact information.

Streembit aims to comply with open security and communication standards. The compliance is verifiable via peer review of the Streembit open source system. Streembit is built on FIPS, IETF and W3C security; data and communication standards such as JWT, JWS, WebRTC, as well as the latest planned and actual standards from W3C Web of Things initiative. The system uses recommended curves for the ECDSA and ECDH elliptic curve cryptography functions. Our developers take an active role in the W3C Web of Things Initiative (https://github.com/w3c/web-of-things-framework) and mirror all WoT standards in the Streembit codebase.

Aside from always improving Streembit, we are working on integrating streaming, smart contracts, an application marketplace, and a cryptocurrency. We are currently developing Streembit mobile applications for Android and iOS.

To use signal you need to give your phone number in order to register. Streembit registration requires no personal information, only a username to publish to the network. A key difference is that Signal is a centralised solution. All communication goes through the Signal server. That enables collection of metadata, never mind the requirement to comply with legislations such as the UK Investigatory Powers Act. Key disclosure laws are already enforced in many countries and it is safe to assume more will come. https://en.wikipedia.org/wiki/Key_disclosure_law Streembit is a peer-to-peer application, meaning users communicate directly without using a centralised service provider. Streembit users are not subject to key disclosure legislations.

No, but it is recommended. At the moment you must forward your port to fully utilize Streembit, but if that is not an option you can use our WebSocket server to communicate. Opening your port will allow you to connect directly to who you are communicating with, meaning a server will not facilitate your connection. The Streembit P2P desktop application tries to open the port using UPnP. Don't worry though, if you don't want to open your port your data will still be encrypted, the WebSocket server will not be able to read your messages or other data.

Join our Gitter here: https://gitter.im/streembit/home We will be available to assist you, as well as many other community members.