topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 5:43 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Bitmessage - a protocol for secure decentralized e-mail  (Read 12360 times)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Just ran into this interesting item over at the CoinDesk website. It discusses a new method of implementing a decentralized e-mail system that encrypts and secures message content - and heavily obscures the sender/receiver addresses as well.

Sounds like a marriage made in heaven.

We’ve seen the impact that Bitcoin can have on the future of payments. But money is not the only area that the movement is influencing. Bitmessage is a protocol that implements some of the ideas of Bitcoin into communications.

Given the pressure on technology companies to cooperate with governments regarding services like email, those looking for a private way to communicate could find Bitmessage’s concept quite interesting.

We live in a time where cloud computing has become the norm for our digital services. That means that a lot of our information is actually stored in data centers scattered around the globe. This has provided us with convenience in the form of access to our data from anywhere. At the same time, however, we are losing a sense of control and security over our communications whether it is via chat, email or on social networks.

Enter Bitmessage:

Bitmessage is like Bitcoin in that it is a decentralized, peer-to-peer protocol. Unlike using an add-on component for email similar like Pretty Good Privacy (PGP), Bitmessage is a unified system that encrypts every message. The whole point of the platform is to keep your communications secure. And on top of that, it keeps secure the members of the communication: not only is the content of messages protected, but the sender and receiver of those messages is kept secret as well.

According to the official Bitmessage whitepaper, even those who use encryption standards such as PGP find it an overwhelming process. In this way, one can think about Bitmessage as a decentralized email server.

<more>

It's still too early in the game to see if this takes off. Or (more likely) if it's permitted to take off.

There's more to read at the Bitmessage wiki (https://bitmessage.org).

There's also an official whitepaper, written by Jonathan Warren, that gets into the nitty-gritty of how it works. You can download your own copy from this link.

This could get interesting... 8)

resist2.gif

joiwind

  • Participant
  • Joined in 2009
  • *
  • Posts: 486
  • carpe momentum
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #1 on: June 15, 2013, 12:38 PM »
You might be interested in this (I am) :

"To complement its search products, the company (Ixquick - StartPage) will be introducing StartMail, a private, subscription-based email platform with strong encryption, later this year. Anyone interested in beta testing the program upon its release can sign up at www.Startmail.com."

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #2 on: June 15, 2013, 01:10 PM »
Sounds interesting, but as a proxy (if I understand what they're saying on their websites) it's only as trustworthy as you're willing to trust them.

Bitmessage is a little more promising to me (assuming it gets popular enough) since nobody has direct control over it due to it's decentralized and anonymized (is that a word?) design.

In some respects it hearkens back to FidoMail and FidoNet in that regard.

Time will tell if it actually flies. :)

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,776
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #3 on: June 15, 2013, 01:14 PM »
Just ran into this interesting item over at the CoinDesk website. It discusses a new method of implementing a decentralized e-mail system that encrypts and secures message content - and heavily obscures the sender/receiver addresses as well.

Thanks. That deserves a good conduct medal...

                            GCM.gif

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #4 on: June 16, 2013, 03:31 AM »
Thanks 40hz :)

The Bitmessage Wiki mentioned the following article:

  Setting Up and Using Bitmessage – An Encrypted Communications Platform Based On Bitcoin



Thought the following (also from the wiki) was worth noting:

Security audit needed

Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer. You will be helping to create a great privacy option for people everywhere!

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #5 on: June 16, 2013, 07:08 AM »
Downloaded and installed it under Linux Mint. Very easy process.

Seems to be working correctly. Got this after it was up for around 10 seconds. It appears to be pretty active:  

bmsg.pngBitmessage - a protocol for secure decentralized e-mail

Heh! What a perfect application for a RaspberryPi or similar inexpensive SBC.

Next step will be to get it to work with DD-WRT so that it can be embedded in an open router. Or better yet - a PirateBox! 8)

However, to emphasize ewemoa's earlier point, the people behind Bitmessage are still waiting for the independent security audit they themselves requested be done. So don't just assume this thing is as as secure as is hoped until that happens.

And (if you're ultra-paranoid) also don't rule out the possibility that this could eventually become a very sneaky and sophisticated honeypot if the wrong people can figure out a way to somehow co-opt it. There's just no rest for the wicked.

But who should know that better than us, right? ;)



Shiny. Browncoats Unite! :Thmbsup: ;D

« Last Edit: June 16, 2013, 07:36 AM by 40hz, Reason: Added screenshot of running app after installation »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #6 on: June 16, 2013, 06:21 PM »
Shiny. Browncoats Unite!

Don't really have anything to add... just had to give a shout out as a Browncoat.  Now let's go be bad guys.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #7 on: June 16, 2013, 07:25 PM »
Shiny. Browncoats Unite!

Don't really have anything to add... just had to give a shout out as a Browncoat.  Now let's go be bad guys.

Let's!  ;D "Because we are so... very... pretty. We are just too pretty for God to let us die." :Thmbsup:

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #8 on: June 16, 2013, 07:31 PM »
(had to look up browncoats...ah, firefly, why is joss wheden so prolific?!)

bitmessage...very cool, very excited about it.

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #9 on: June 16, 2013, 11:32 PM »
Installation under Arch was straightfoward.

Tried the echo server with some success:

Here is a simple echo server which will send your message back to you after being received: BM-orkCbppXWSqPpAxnz6jnfTZ2djb5pJKDb



Found the following thread at their forums:

  My Security Analysis of Bitmessage

Quite technical.  IIUC there are some references to other similar independent efforts as well.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #10 on: June 17, 2013, 06:54 AM »
Found the following thread at their forums:

  My Security Analysis of Bitmessage

Quite technical.  IIUC there are some references to other similar independent efforts as well.

Ouch, that does not look good. My impression of what the analyst is carefully not saying is not good. Especially if one assumes who is the most likely choice for a local external "attacker", hm...



@ 40hz - What is second choice?

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #11 on: June 17, 2013, 09:20 AM »
Ouch, that does not look good. My impression of what the analyst is carefully not saying is not good. Especially if one assumes who is the most likely choice for a local external "attacker", hm...

Yup. Problematic. At least in its current implementation - which is why it's so important to have people who really understand signal and data security take a very hard look at these things.

Although it is very nice that people are working on creating secure and anonymous messaging systems, I am afraid that BitMessage is weak to a variety of attacks. I fear that the people working on it do not have sufficient expertise, in the fields of security and anonymity, to design and implement a proper cryptographic communications system + anonymity network. After reading the two design .pdf documents, I have identified a variety of weaknesses and overall poor design choices in the BitMessage protocol.

And therein lies the problem with so much of this - and also shows the value of building such protocols in an open fashion - many eyes (often with greater expertise) can chime in with corrections and suggestions. Something which is absolutely critical here. Because the only thing more dangerous than lacking security is the false belief you have some.

watch.png

At any rate, the discussion on their forum is most instructive. I've learned more than a few of things I didn't know after reading through it slowly - then giving it some serious thought a few hours later while gazing at the stars with a nice glass of ale by my side.

Be interesting to see if this is an issue of detail and implementation - or - if the fundamental design itself is flawed and needs to be scrapped. But at the very least, people are thinking, talking and working on this idea. And that can only lead to good things down the road.

@ 40hz - What is second choice?

Nothing else like it so far. At east from what I've seen. Right now encryption+proxy is the only other viable alternative AFAICT.

Onward! :Thmbsup:
« Last Edit: June 17, 2013, 09:30 AM by 40hz »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #12 on: June 17, 2013, 09:46 AM »
(had to look up browncoats...ah, firefly, why is joss wheden so prolific?!)

More like... why is he not more prolific?

Sorry that this didn't pan out.  Seems a good idea with a bad implementation.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #13 on: June 17, 2013, 10:05 AM »
(had to look up browncoats...ah, firefly, why is joss wheden so prolific?!)

More like... why is he not more prolific?

He is. He just can't get anybody behind him. ;D

Joke:

Q: What's are two the best ways to guarantee a good TV show will be canceled early?

A: 1) Have Joss Wheden write it. 2) Give Summer Glau a role in it.

wh.jpg

It's a fiendish plot. They'll never convince me otherwise. :-\

Sorry that this didn't pan out.  Seems a good idea with a bad implementation.

So it goes. Onward!... :) :Thmbsup:

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Bitmessage - a protocol for secure decentralized e-mail
« Reply #14 on: June 17, 2013, 10:44 AM »
And the funny thing is looking back at Buffy (7 seasons) and Angel (5 seasons) is that their beginnings weren't as good as the endings.  There were glimmers, for sure, but it just wasn't there.  Given that, how good would Firefly have been after a few seasons?  It was just starting to get into the main plot...

...A special hell indeed.