World-class metadata privacy

Clique is a network protocol for communicating in the presence of strong adversaries, specifically parties with unlimited funding, computing power, network access, and legal authority.

Why do we need Clique?

Until Clique’s publication, there has been no organized, systematic way of communicating in secret over a distance. Previous methods either relied on eavesdroppers not discovering the data channel, or on encrypting the data. The first model was fragile, required that communication stop when a channel was discovered, and required absolute trust of every user. The encryption model, on the other hand, compromised sensitive metadata including sender and recipient identity, message length, and time of transmission. More often than not, unencrypted metadata can be as sensitive as the actual content of a message.

How does Clique change the scene?

The Clique protocol turns the paradigm of privacy invasion inside out: instead of determining who is speaking, the attacker must determine who is listening. This does not work well for an eavesdropper, because the critical information — who is paying attention — is not sent across the network.

As an example, consider a small network of 20 users having a total of four conversations:

20 dots are shown in random places. Line segments are drawn between four pairs of dots.

An eavesdropper with any kind of global view of the network can trivially see who is conversing. But what happens if these 20 users collude to make up distracting chitchat? An eavesdropper now would see 190 conversations — note this is the exact same chart:

20 dots are shown as before, but every pair of dots is connected by a line segment.

Because these 20 users are now completely connected, we call them what graph theory calls them: a clique. And this is where our protocol gets its name from. Now imagine a clique that’s so big, anyone in the world can join. Attorneys, clergy, journalists, lovers, inventors, physicians, musicians. You.

What does Clique do well?

Clique is ideal for exchanging short messages between people who already know each other, but do not want to recklessly share their association or the fact they are in contact. From a speed perspective, Clique is faster than regular mail, but not as fast as email or “instant messaging”.

Clique also provides a fulfilling outlet for technically gifted privacy activists, whether or not they intend to communicate using the protocol. Every computer that joins the Clique global network increases the size of the problem that would-be eavesdroppers need to contend with.

What does Clique do poorly?

Because every Clique user is always sending data to every other Clique user, mobile devices are not supported directly. A mobile user could, however, run the Clique software on a permanently connected machine, and sync her mobile device with it from time to time.

The current Clique software is written for POSIX operating systems such as Linux. A version for Microsoft Windows is not expected until 2015.

Although Clique is a powerful tool for ordinary citizens who do ethical things, it doesn’t shine as well as a tool for criminals. Spammers will find that they share no secret key in common with their readers; every single message they send will be automatically rejected without notification. Fraudsters will encounter not only that problem, but also discover that Clique is not an anonymity protocol. Spies have it worst of all, as they will either join a heavily-used clique where every other user can see their IP address, or slink off and start their own teeny-tiny clique, where all of Clique’s metadata privacy assurances collapse for lack of covertext.

Who is Clique for?

The global Clique network is able to support tens of thousands of Linux users who are passionate about privacy and online security, and can argue if necessary that they have nothing to hide. Joining a clique puts a user “on the map” as far as eavesdroppers go, because a machine’s presence within the clique cannot be concealed. Installing and running Clique-enabled software is like hiding in plain sight, or carrying a sidearm that may or may not be loaded. All that an eavesdropper can determine is that you have the skills to get the implementation running, and that you share a commitment with others around the world to assert and defend freedom of association for everyone.

As Clique matures and gains acceptance, implementations will be released that make it ever easier for people with fewer computer skills to get in the game.