π

Bitmessage: a Privacy-Aware Secure Alternative to Email

Show Sidebar

From now on, you can reach me via BM-NBPFzM7jqFjpHkBB3nLRau4RdLtLTGxw which is an address used by the rather new Bitmessage protocol. This whitepaper describes the basic principles.

Disadvantage of Email

One disadvantage of email is that the header information (who is sending when an email to who; subject; other time-stamps; ...) is clear-text even when you encrypt your mail body with GnuPG. This way, anybody is able to determine to which other parties you are communicating with.

Advantages of Bitmessage

If you want more privacy, you can now test Bitmessage. With Bitmessage, every message gets encrypted and sent to everybody in the Bitmessage network. Yes, everybody. This sounds crazy. However, there are certain mechanisms that compensate things so that Bitmessage should be able to grow to a large number of participants. (Please refer to the whitepaper for more details.) As with any serious security-aware software, Bitmessage is open source (MIT license). Of course.

My Experience after Two Days

So far, I am really pleased by Bitmessage. In contrast to GnuPG/OpenPGP, most people should be able to use Bitmessage without any deeper knowledge of cryptography. It is very easily set up on GNU/Linux, OS X, and even Windows. You first generate you first set of addresses (this takes a couple of minutes on current hardware). You have to know Bitmessage address of your peers (funny looking character sequences starting with "BM-" as shown above). Then you can start sending messages. Sending of each message needs a certain amount of computation. This way, spam should not be of any issue with Bitmessage. Messages are transferred through the whole Bitmessage network. (Exception: when the network grows, it gets splitted into distinct sections called streams.) This is usually not instant. Each message stays on each node for two days. If the receiving person is not online for those two days, the network keeps sending the message in larger periods of time. The sender gets an acknowledgment in case the message gets delivered. I published one of my Bitmessage addresses on Twitter. This way, somebody contacted me not telling me, who he/she is, which is somewhat weird/funny. In case you need authentication, you might as well sign (or also sign and encrypt) you message using GnuPG/OpenPGP and paste the result into the message window. In order to do this in a user-friendly way, I added a feature wish to the Github repository of PyBitmessage. Let's see how this turns out. Well, that's it so far. I guess this is almost even easier to use than email. And much easier to use than GnuPG with all of its related stuff like key management, web of trust, and so forth. If you are really privacy-aware, Bitmessage gives you the opportunity to communicate with peers in a way that nobody is able to notice any communication (meta-) data at all.

Comment via email or via Disqus comments below: