Bitmessage
PyBitmessage version 0.3.5 | |
Original author(s) | Jonathan Warren |
---|---|
Developer(s) | Bitmessage Community |
Initial release | November 2012 |
Stable release |
0.6.1
/ August 21, 2016 |
Development status | Active |
Written in | Python, C++ (POW function) |
Operating system | Windows, macOS, Linux, FreeBSD |
Available in | English, Esperanto, French, German, Spanish, Russian, Norwegian, Arabic, Chinese |
Type | Instant messaging client |
License | MIT |
Website |
bitmessage |
Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers. Bitmessage encrypts each users' message inbox using public-key cryptography and replicates it inside its P2P network, mixing it with inboxes of other users in order to conceal user's identity, prevent eavesdropping and allow the network to operate in a decentralized manner. The Bitmessage communications protocol avoids sender-spoofing through authentication, and hides metadata from wiretapping systems.
In June 2013, the software experienced a surge of new adoptions after news reports of email surveillance by the US National Security Agency.[1]
As of June 2014, the network processes several thousand private messages per day.
Applications
Official client
PyBitmessage is the official instant messaging client designed for Bitmessage.
Bitpost client
An alternative client for OSX.
Original author(s) | Voluntary.net |
---|---|
Developer(s) | Voluntary.net |
Initial release | August 2014 |
Stable release |
0.9.1
/ August 24, 2014 |
Development status | Active |
Written in | Objective-C |
Operating system | macOS |
Available in | English |
Type | Anonymous P2P client |
License | MIT |
Website |
voluntary |
E-mail services
Type of site | Webmail, E-Mail service |
---|---|
Available in | English |
Slogan(s) | Bitmessage E-Mail Gateway |
Website | bitmessage.ch, bitmailendavkbec.onion, bitmessage.i2p |
Commercial | No |
Registration | Required |
Users | 19705[2] |
Launched | 2013 |
Current status | Online |
Passwords cannot be retrieved and inactive accounts do not expire. |
A number of services provide email endpoints to the BitMessage network. Bitmessage.ch is a service that supports sending and receiving Bitmessages over the email protocol.[3]
IMAP/POP and SMTP bridges
Type of site | IMAP/POP/SMTP |
---|---|
Available in | English |
Owner | Ben Kietzman |
Created by | Ben Kietzman |
Website | https://launchpad.net/bitmail |
Commercial | No |
Registration | No |
Launched | 2013 |
Current status | Online |
Written in | C/C++ |
A number of applications provide bridges between the PyBitmessage client and email applications via the IMAP/POP and SMTP protocols. BitMail is an application that bridges the IMAP, POP, and SMTP protocols.[4]
Operation
Bitmessage works by encrypting all the incoming and outgoing messages using public-key cryptography so that only the receiver of the message is capable of decrypting it. In order to achieve anonymity:
- Bitmessage replicates all the messages inside its own anonymous P2P network, therefore mixing all the encrypted messages of a given user with all the encrypted messages of all other users of the network, thus making it difficult to track which particular computer is the actual originator of the message and which computer is the recipient of the message.
- Bitmessage uses cryptographically generated addresses (for example, BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash).[5] Bitmessage addresses resemble bitcoin addresses, and its keys are compatible with bitcoin keys.
- Bitmessage uses public-key cryptography, designed such that only a recipient of a message is capable of decrypting it. This encryption algorithm works in such a way that even the original sender is not able to decrypt their own message due to different keys being used for encryption and decryption. More specifically, Bitmessage uses 256-bit ECC keys and OpenSSL for cryptographic functions.
- Outgoing messages do not contain the explicit address of the recipient of the message. Therefore, every network participant attempts decryption of every message passing through the network even if the message was not originally intended for that network participant. Since only the actual recipient can successfully decrypt the messages intended for them, all network participants know that if they fail to decrypt the message then the message was not intended for them.
- The original sender knows whether the recipient received the message or not (through an acknowledgement system), but the sender cannot discover which network participant is the actual recipient since all the network participants will have this encrypted message stored on their computer irrespective of whether the message was intended for them or not.
- Bitmessage nodes store the encrypted messages only for two days before erasing them, therefore, messages are not archived in the network. New nodes joining the network can only download and broadcast the pool's messages from the last two days. Any messages which did not result in a receipt acknowledgement can be re-sent by the originator of the message after the two-day period.
- Bitmessage uses a proof-of-work system to protect the network from flooding.
Bitmessage can be accessed via Tor or via I2P[6]
Chans
Starting from version 0.3.5, Bitmessage introduced an additional feature called a chan, a decentralized anonymous mailing list. Unlike traditional mailing lists used via email:
- a chan cannot be shut down by taking down any server or a group of servers due to decentralized nature of chans.
- a chan cannot be effectively censored since any Bitmessage user who knows the chan passphrase can read the chan or post any message into the chan.
- within a chan, user messages are anonymous to such a degree that messages contain neither the sender's nor the receiver's Bitmessage address.
A number of publicly known chans currently exists dedicated to the topics ranging from online privacy to politics to chess games.[7]
Development
The concept for Bitmessage was conceived by software developer Jonathan Warren, who based its design on the decentralized digital currency, bitcoin. The software was released in November 2012 under the MIT license.[1]
The source code is written in Python and uses the Qt cross-platform application framework as well as OpenSSL for cryptographic functions. It is available for Microsoft Windows, macOS, and Linux.
Public reception
Bitmessage has gained a reputation for being out of reach of warrantless wiretapping conducted by the National Security Agency (NSA) due to the decentralized nature of the protocol, and its encryption being difficult to crack. As a result, downloads of the Bitmessage program increased fivefold during June 2013 after news broke of classified email surveillance activities conducted by the NSA.[1]
Bitmessage has also been mentioned as an experimental alternative to email by Popular Science[8] and CNET.[9]
Some ransomware programs instruct affected users to use Bitmessage to communicate with the attackers.[10]
Security
BitMessage's security has not been independently audited.[11] The official Bitmessage website states: "Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer... ."
See also
- Anonymous P2P
- Bitcoin
- Comparison of instant messaging clients
- Freenet
- I2P-Bote plugin of the I2P network, similar principle as Bitmessage
- Instant messaging
- Namecoin
- Off-the-Record Messaging
- RetroShare
- TorChat
- Tox_(protocol)
References
- 1 2 3 Max Raskin (2013-06-27). "Bitmessage's NSA-Proof E-Mail". Business Week.
- ↑ "Bitmessage E-Mail Gateway". Retrieved 7 July 2015.
- ↑ "Bitmessage E-Mail Gateway". Retrieved 7 July 2015.
- ↑ "BitMail in Launchpad". Retrieved 7 July 2015.
- ↑ "Bitmessage Timeservice Broadcast". July 15, 2013. Retrieved 2013-07-15.
- ↑ "BMG FAQ". Retrieved 13 August 2015.
- ↑ "Bitmessage Address Directory". Retrieved 2013-08-14.
- ↑ Dan Nosowitz (2013-08-09). "What Are Your Options Now For Secure Email?". Popular Science.
- ↑ Molly Wood (2013-08-13). "Gmail: You weren't really expecting privacy, were you?". CNet.
- ↑ "Chimera Ransomware Tries To Turn Malware Victims Into Cybercriminals". International Business Times. 2015-12-04.
- ↑ Bitmessage Wiki, 2013-08-21
Further reading
- White paper about Bitmessage
- Daniel Cawrey (2013-06-03). "Bitmessage is the Bitcoin of online communication". CoinDesk.
External links
- Official website
- Bitmessage source code on GitHub