

Bitmask: an open source app to provide easy and secure encrypted communication - psiconaut
https://bitmask.net/

======
therealmarv
I would be sceptical. Does this thing breaks open standards like OpenVPN? I
would love an opensource implementation of
[http://www.goldenfrog.com/vyprvpn/chameleon](http://www.goldenfrog.com/vyprvpn/chameleon)
which works in China and also prevents Deep Packet Inspection. And about VPN:
VPNs can also be a single point of failure for trust. You are giving away
trust on your current connection from your ISP to maybe Bitmask/LEAP and a VPN
which they call service provider. I also wonder how you want to make the
financial side of this working. Running VPNs is expensive. I hope you succeed
but I would say: Do not trust any free VPN out there.

~~~
meskio
Bitmask actually uses OpenVPN, just makes easy to use it securely. One summer
of code has implemented support for obfsproxy
([https://www.torproject.org/projects/obfsproxy.html.en](https://www.torproject.org/projects/obfsproxy.html.en)),
that hopefully will solve the problem in places like China.

Bitmask doesn't want to provide a proper VPN service, for the moment there is
a demo service to try it. But the idea is to provide all the software easy to
set up for providers, and the providers will charge you for it to sustain
themselves. The nice thing of this model is that the provider only provides
the service but your client comes from an independent organization, your
provider can not put back doors on it.

The trust is a hard problem, we are moving the trust from the ISP to your
provider ([https://leap.se/en/doc/platform](https://leap.se/en/doc/platform)).
Your ISP is something that you can not choose much, but on the provider you
can choose or set up your own
([https://leap.se/en/doc/platform](https://leap.se/en/doc/platform)).

------
tinloaf
Encrypted E-Mail is not the problem, there already are packages that install
gpg without any hassle. What must be solved is the problem of which keys to
trust. The web of trust just doesn't work. Are there any concepts how to solve
this with Bitmask?

~~~
meskio
The key distribution is the actual problem that bitmask try to address
([https://leap.se/en/docs/tech/hard-
problems](https://leap.se/en/docs/tech/hard-problems)), it tries to make
transparent the key discovery but keeping it as secure as possible. But this
is still a work in progress.

------
TD-Linux
So, this is a VPN client? I find it odd that it only supports Linux and
Android, considering that these two platforms already have built in and fully
functional VPN clients.

~~~
meskio
Other platform support on working, but this is just a beta.

OpenVPN is hard to use by non-hackers and complicated to configure well, too
easy to have DNS or IPv6 leaks. Bitmask makes all that easy.

~~~
p1mrx
Do you prevent "DNS leaks" by running DNS through the tunnel, or by turning
off DNS?

Do you prevent "IPv6 leaks" by running IPv6 through the tunnel, or by turning
off IPv6?

And, more interestingly, are these answers consistent?

------
utnick
I don't really understand what this is, is it a vpn?

~~~
psiconaut
In its current beta state, Bitmask boils down to an easy-to-configure, easy-
to-use VPN with Linux and Android clients. But it's part of a wider strategy
that includes easy-to-deploy providers (using puppet, basically) A bigger
picture can be read at
[https://leap.se/en/docs/tech](https://leap.se/en/docs/tech).

The demo providers currently offer only VPN, but encrypted email is planned to
be released soon.

------
romseb
For secure communication we should leave email behind because there's still a
lot of metadata when using email.

Bitmessage ([https://bitmessage.org](https://bitmessage.org)) might prove to
be a viable solution to the metadata problem.

~~~
wcummings
Bitmessage (afaik) works like alt.anonymous.messages, but w/ a bitcoin-like
broadcast protocol instead of usenet. Not sure how well this will scale (if
we're talking about Bitmessage as an email replacement)

