
Bitpost – Private decentralized messaging - draegtun
http://voluntary.net/bitpost/
======
integricho
I automatically open all posts where I see the words "distributed",
"decentralized", "fault-tolerant", and similar catchy ones, and now I'm
feeling like I'm a victim of clever marketing.

~~~
awt
Disclosure: I contributed (in a small way) to this project. I agree. I'm not
sure who posted this link but the title should say something about Bitmessage
in it.

~~~
draegtun
I posted this link after seeing Steve Dekorte's twitter post this morning -
[https://twitter.com/stevedekorte/status/493947090507014145](https://twitter.com/stevedekorte/status/493947090507014145)

The posted title simple copies the title/heading verbatim from the webpage.

PS. Sorry for not replying till now... been out all day since posting this.

------
flixic
The text is super-hard to read, field spacing needlessly big:
[http://cl.ly/Wnhs](http://cl.ly/Wnhs)

If the whole idea of this is to have good UI over BitMessage, it's not that
good of a UI.

~~~
oriste
I like the minimalism in the UI. Don't know how to get any use out of Channels
though. Is it broken?

~~~
awt
It looks like it's broken. We will fix ASAP. Message me here for an update:
BM-2cVsnhcfNkU1D87u4hy7SfYw3qZ9m7Su55

------
Maran
Not sure if the poster is also the author but why is the application
connecting to a server? Is it using a centralised point to connect to the
Bitmessage network?

Edit: It also appears to connect to Tor. Perhaps a quick overview of what's
happening under the hood could be useful.

~~~
stevedekorte
It's not connecting to a centralized server.

The UI launches a local pybitmessage node in the background which uses tor to
connect to the Bitmessage network.

------
danesparza
Information is a bit sparse on the page, so here is more information:

Source is available here:
[https://github.com/stevedekorte/Bitpost](https://github.com/stevedekorte/Bitpost)

This is a client based on the BitMessage protocol. Here is a whitepaper that
describes BitMessage:
[https://bitmessage.org/bitmessage.pdf](https://bitmessage.org/bitmessage.pdf)

What I would like to know (since it seems that the original developers are
reviewing comments made here it seems): How is this different from PGP?
(Wikipedia article in case you're reading this and haven't heard of PGP:
[http://en.wikipedia.org/wiki/Pretty_Good_Privacy](http://en.wikipedia.org/wiki/Pretty_Good_Privacy))

~~~
awt
PGP AFAIK is simply encrypting the content of an email with the public key of
the person you're going to send it to. The address is public. PGP is a bit of
a hassle in terms of exchanging public keys and integrating with legacy email
clients/web clients.

Bitmessage has additional features, such as the ability to broadcast messages
from a public address to all subscribers.

Especially with this client, Bitmessage is actually much more user friendly
and powerful.

To simplify,

PGP hides: content Bitmessage hides: content, recipient, sender.

~~~
danesparza
PGP isn't just for email.

"PGP is a bit of a hassle in terms of exchanging public keys" this is true,
but it's a bit of a necessary evil. How do you accomplish this in a secure and
transparent way?

------
johnchristopher
It requires macos X 10.9. Really frustrating not being able to try out the app
(it seems to have a better interface) while bitmessage runs on 10.6.8.

I suppose it uses bitmessage as a daemon and the app is a UX layer over it.

------
motters
I'm also working on database encryption for Bitmessage, such that the data at
rest always remains encrypted, regardless of whether the underlying file
system is.

------
heliumcraft
that's a great interface for bitmessage!

~~~
davidcollantes
Is that what it is, a BitMessage client? The package is not signed, so I am
reluctant to open it.

~~~
awt
Yes. This is a bitmessage client. It is also opensource.

------
wcummings
So is BitMessage like alt.anonymous.messages on top of a blockchain?

~~~
awt
There is no blockchain. Messages are broadcast (encrypted) to everyone on the
network. The biggest similarity to bitcoin is the use of a "Proof of Work"
concept. The mechanism for this is different, however.

~~~
tree_of_item
What do you mean by "there is no blockchain"? Are you saying Bitmessage
doesn't work on top of Bitcoin?

~~~
oleganza
Bitmessage uses similar p2p messaging as Bitcoin (all messages are broadcasted
to everyone on best effort basis), similar binary protocol, Base58 encoding
for addresses which are hashes of EC pubkeys and per-message proof-of-work to
combat spam in Hashcash-manner.

But there's no currency and no blockchain.

------
hisabness
every time i see a service promising privacy i laugh. no company can guarantee
privacy, and most companies don't know what they don't know.

~~~
okso
BitMessage is a pretty neat idea, and this service is only a GUI on top of it.

------
JetSpiegel
> centralized services such as email

Stopped reading right there.

~~~
id
Email is centralized to a great extent. Think of gmail, yahoo mail or outlook
/ hotmail.

~~~
JetSpiegel
Bitcoin is centralized to a certain extent. Think GHash, etc

See how silly this sounds?

~~~
kaoD
Your counterargument sounds silly because _it is_ silly.

Email is a federal system. Even if it's more decentralized than having a
single point of failure, it still has authoritative nodes and just a few
points of failure (maybe 4-5 instead of a single one, not much of a difference
here).

If your system has servers on which clients have to rely, it's not fully
decentralized. A fully decentralized system is peer-to-peer only and does not
rely on anyone else. You just join the network as a peer and that's all.
There's no single point (or a few points) of failure because _everyone_ is
authoritative.

If, for example, GMail is taken over your email is gone and any email sent to
you thereafter is lost. Your mail address is owned and controlled by GMail,
they just allow you access. Even switching from GMail to Yahoo is a burden!
All your contacts have to update their address books and all non-updateable
media (think printed, downloaded or out of your control, like some whitepapers
I published which feature my email) is stuck with your old, unusable address
forever. My Bitcoin address is working, regardless of who joins or leaves the
Bitcoin network.

Your GMail/GHash simile is misleading. GHash users can leave the pool and
they'll still have their coins in their wallet, operating normally. If GHash
is closed or DDoSed users could carry on normally, or even switch to another
pool if they want to do so.

GHash is external to Bitcoin (a service to gather peers for convenience),
while GMail and other massive email servers are critical parts of the system.

Even if you set up your own email server, other servers could refuse to relay
email to you, or perhaps DNS servers might choose not to handle your domain...
and you're gone. In a federal system, other authoritative nodes have to
acknowledge you, which they might not. And even if they acknowledge your
existence, your server is still a single point of failure for yourself! And
you're still relying on other single-points-of-failure for delivery. Even if
your server is fine, you might not be able to deliver messages to your friend
in GMail if it's gone.

We've already seen this happening. MtGox is gone, but Bitcoin (the system, not
the community) didn't even notice.

~~~
phlo
For all intents and purposes, E-Mail (assuming you are in control of your own
domain name) and Bitcoin are equally decentralized.

E-Mail uses DNS information to find ip addresses matching recipients' host
names. Bitcoin uses DNS seeds to bootstrap new peers.

E-Mail can avoid using DNS, for example using /etc/hosts (a series of more-or-
less hard coded hostname-ipaddr pairs). Bitcoin can avoid using DNS, through a
series of hardcoded seed nodes' ip addresses.

Unless the destination host's IP address is known, E-Mail will rely on DNS to
discover it. Bitcoin will broadcast the message and hope for its inclusion in
the block chain.

DNS providers, E-Mail providers and other participating Bitcoin peers may at
any time decide to ignore or block messages or not to forward them. Bitcoin
miners may choose not to include messages in the block chain.

Once the destination host is known, E-Mail can transport messages directly
through SMTP. Bitcoin can broadcast to any nodes, including the desired
recipient.

As far as I can tell, SMTP is _at least_ as decentralized as Bitcoin. And it
avoids the problem of having to rely on unreliable peers and picky miners. I'm
happy to learn though, so please feel free to point out any mistakes I made.

~~~
kaoD
> For all intents and purposes, E-Mail (assuming you are in control of your
> own domain name) and Bitcoin are equally decentralized.

I completely disagree.

If your system isn't fully peer-to-peer, it's not decentralized. Period.

The central servers might federate with each other, but it's still not
decentralized since you're still relying on central third parties.

Even if you set up your own server, the recipient's server is still a third
party you have to rely on.

> Bitcoin uses DNS seeds to bootstrap new peers.

You focus too much on DNS (which I purposely skimmed over in your parent
comment, just a single sentence) while I'm talking about the system itself.

In the first place, Bitcoin relies on DNS much less than email: it's easier to
replace DNS for Bitcoin (e.g. using list of known seeds, as you said) and it's
something you do once (when connecting to the network for the first time),
while email relies entirely on DNS for normal operation.

\- If you want to send email to a new unknown domain, you must fetch it's mail
server from DNS if you don't know its IP already. And you still have to rely
on the destination server proper operation!

\- If you want to send some BTC to a new Bitcoin address, you're good to go as
long as you're already connected to the network.

Let's level it: even if you avoid using DNSs both on email and Bitcoin,
Bitcoin is still way more decentralized (since it's peer-to-peer) compared to
email (which is peer-to-server-to-server-to-peer).

If there's a server inbetween, it's not decentralized.

Also: Bitcoin addresses are not tied to single providers, while email
addresses are.

> Bitcoin miners may choose not to include messages in the block chain.

But because it is a decentralized protocol, someone else may choose to include
it. That's the magic! If a single peer refuses to do something, there are
still thousands of peers which might not refuse! In email, you rely on two
authoritative servers, the sender and the recipient. If any of those two fail,
communication is interrupted.

Even you can include the transaction (with enough horsepower) or offer some
compelling reason for others to include it, such as a huge fee.

In email, if the server you rely on refuses to do something (think of a
judicial order)... you can't do anything about it other than changing
providers, updating your addresses, sharing your address with your recipient
(which you might not be able to), etc.

> Once the destination host is known, E-Mail can transport messages directly
> through SMTP. Bitcoin can broadcast to any nodes, including the desired
> recipient.

Exactly! Quoting you: _Bitcoin can broadcast to any nodes!_ Even if the
recipient isn't even connected, the system keeps working!

That's what makes Bitcoin more decentralized than email.

I'll quote you again: _Bitcoin can broadcast to any nodes!_

> And it avoids the problem of having to rely on unreliable peers and picky
> miners.

So you'd rather rely on _a few_ unreliable and picky servers which might be
subject to coercion, instead of _a lot_ of unreliable and picky peers which
are easily repleaceable without damage or any burden to the system or its
users?

The key here is _a few_ vs. _a lot_ , and replaceability of nodes without
burden for the users.

~~~
knz42
Technically SMTP can be decentralized in the way you describe. Anyone can run
a MTA. In principle a MTA should try routing messages through alternate routes
to the destination if the first route does not work; also messages are stored
on the way if some routes are blocked.

The fact people do not currently use SMTP in a fully distributed fashion does
not detract from the fact that e-mail can be (re-)made fully distributed
if/when need be.

~~~
kaoD
Kind of, and I acknowledge it here:

[https://news.ycombinator.com/item?id=8102128](https://news.ycombinator.com/item?id=8102128)

But even then it wouldn't be decentralized.

Everyone would have his own single point of failure, but it's still
centralized (as I explain there) because SMTP is designed to rely on
centralized services (DNS, which you can't practically avoid) and assumes
servers which are single points of failure (even if there are millions of
them, you can still be cut off from yours).

A government can disrupt email communications even if everyone has its own
server because SMTP assumes single central points of delivery by design.

> if the first route does not work

Bitmessage does it _even if_ the first route works. Which is exactly what
makes email centralized, and Bitmessage not.

Imagine a malicious MTA saying "ok, got the message" but not relaying it. The
email is gone forever and you wont even notice. In Bitmessage the message will
reach its destination one way or another... by design!

If you have to hack email to be more like Bitmessage for it to be
decentralized... what's exactly your point? :P

