
Bitmessage: a decentralized, encrypted, trustless communications protocol - CapacitorSet
https://en.wikipedia.org/wiki/Bitmessage
======
openasocket
I highly recommend not using this, it has a variety of weaknesses and
vulnerabilities.
[https://bitmessage.org/forum/index.php?topic=1666.0](https://bitmessage.org/forum/index.php?topic=1666.0)
is a pretty thorough analysis. The biggest problem IMO is that there is no
encryption when passing messages between peers, so a passive adversary can
easily determine who's sending what message.

There's over 30 years of papers and academic research on anonymous mailing
systems and Bitmessage incorporates not one of those concepts

~~~
rnhmjoj
If you run PyBitmessage over tor you should be fine.

~~~
openasocket
Actually, not against certain attacks. If a passive adversary knows you use
BitMessage and want to determine your Bitmessage identity they can simply
watch your traffic, and can determine any message you send out that you did
not receive must have come from you. This can be used to determine which
messages you sent, and if you respond to a request for your public key your
identity will be revealed. Because the inter-peer connections are not
encrypted, this is all trivial, and using Tor changes nothing.

So no, you are not necessarily fine.

~~~
rnhmjoj
But isn't the traffic between me and the entry node completely encrypted? How
can a passive observer even detect I'm sending/receiving a specific message.

~~~
wcummings
Timing, maybe?

------
divbit
Iirc, a difference in bitmessage from other protocols is that it has 'receiver
anonymity,' in that since a message is received by all parties, the receiver's
metadata is not leaked. This is possibly a benefit over some existing
protocols, although it has obvious performance / scaling side-effects.

~~~
ycmbntrthrwaway
Bitmessage is just a broadcast protocol implemented with floodfill.

Anonymity protocols are mostly divided into 3 classes: broadcast (dining
cryptographers, buses, bitmessage), mixes/rerouting (mixmaster, mixminion,
tor) and private information retrieval (dissent and followups).

After decades of work in the field [1], bitmessage implements broadcast in the
most naive way: floodfill. Global passive adversary can simply find out where
the message appeared first. If the message is encrypted with a key which is
only known to the receiver (i.e., message is not for chan), everything is ok.
But in this case bitmessage is not better than alt.anonymous.messages.

If messages can be linked together, active non-global adversary can measure
time and exploit dynamic topology of the network to reconnect closer to the
sender. Bitmessage offers no protection against it. With
alt.anonymous.messages the solution is remailers, and bitmessage offers no
alternative.

[1] [http://freehaven.net/anonbib/](http://freehaven.net/anonbib/)

~~~
divbit
The receiver anonymity tidbit was something I recalled from this summary
[http://fanti.web.engr.illinois.edu/ciss2016.pdf](http://fanti.web.engr.illinois.edu/ciss2016.pdf)
which for some reason was in my crypto / chat papers folder..

------
ycmbntrthrwaway
Bitmessage is mostly used for "chans" and they are insecure. Basically, when
you send a message to chan, everyone who knows about this chan can decrypt the
message. So the message is essentially not encrypted.

Streams are not implemented, so bitmessage does no scale.

As you can request a list of neighbors from anyone you can easily attack
network by constantly reconnecting closer to the message sources. For example,
you can track down all active users of some particular chan.

Freenet project did a lot of work to protect against opennet attacks, and
bitmessage completely ignores it.

~~~
CyberDildonics
Isn't the point more about concealing who is sending the message in the first
place?

~~~
ycmbntrthrwaway
Bitmessage is essentially a floodfill algorithm. You just need to request
neighbor list from your neighbor which delivered the message to you before
others. Then, you connect to them and you are one step closer to the sender.
Repeat it until you are connected to the original sender and all its
neighbors. So Bitmessage does not protect you if you use the same sender
identity multiple times.

------
wslh
Bitmessage requires a professional security audit:
[https://github.com/Bitmessage/PyBitmessage/issues/381](https://github.com/Bitmessage/PyBitmessage/issues/381)

Full stop.

------
wmantly
I would be very weary of this product. I used it a while ago on a project for
a course I was taking. During my research, I found a FAQ where the creator
stated that if ever asked to place a back door in it, he would.

~~~
eth0up
Could I burden you for a link to that, if possible?

~~~
eth0up
I browsed the tubes for a bit and couldn't find anything but the following,
which is a Feature Request comment under Backend[1] mentioning a "controlled
backdoor", possibly added by this contrib[2]. It reads as follows:

 _at the cost of getting scorned, but dead serious: a controlled backdoor,
with an automatic audit trail, to be used by lawful agencies for keeping us
safe. Bitcoin by design supports criminal activities, which undermine the
community. A community messaging system should have a way of cleaning itself._

1\.
[https://bitmessage.org/wiki/Feature_request_list#Backend](https://bitmessage.org/wiki/Feature_request_list#Backend)

2\.
[https://bitmessage.org/wiki/Special:Contributions/14skywalke...](https://bitmessage.org/wiki/Special:Contributions/14skywalker)

Probably not the example mentioned by Parent, though.

------
theparanoid
BitMessage is very useful for receiving notifications from Dark Net markets.

~~~
ycmbntrthrwaway
If you are the receiver, it is ok. Simply connect to the network and offer you
identity to the sender, then wait for message. As you do nothing else besides
connecting to the network, there is no difference between you and other users.

What is questionable is the security of the sender.

------
slim
The amount of FUD that bitmessage is receiving is strange. It's both easy to
use tool and powerful. It's shortcomes are obvious so you rely on your opsec
(mainly managing your multiple identities) which is the only way to be
anonymous anyway. I'll continue using it and bet on the future of bitmessage

------
vbezhenar
I was excited about it once, but this project doesn't seem to get a traction,
so probably it's not worth to use it for real secure messaging. Awesome
concept, though. I hope, it'll reborn somewhere. Spam problem is a huge
problem and most other messaging systems don't bother.

~~~
ycmbntrthrwaway
Look at the Freenet Message System. It even offers the captcha.

I doubt proof-of-work can really help against determined attacker. Spammers
will happily calculate proof-of-work to send spam. Spamming chans is really
easy and all chans will be flooded with spam once it is worth the effort.

