Hacker News new | past | comments | ask | show | jobs | submit login
Bitmask: an open source app to provide easy and secure encrypted communication (bitmask.net)
45 points by psiconaut on Aug 25, 2014 | hide | past | web | favorite | 12 comments

I would be sceptical. Does this thing breaks open standards like OpenVPN? I would love an opensource implementation of http://www.goldenfrog.com/vyprvpn/chameleon which works in China and also prevents Deep Packet Inspection. And about VPN: VPNs can also be a single point of failure for trust. You are giving away trust on your current connection from your ISP to maybe Bitmask/LEAP and a VPN which they call service provider. I also wonder how you want to make the financial side of this working. Running VPNs is expensive. I hope you succeed but I would say: Do not trust any free VPN out there.

Bitmask actually uses OpenVPN, just makes easy to use it securely. One summer of code has implemented support for obfsproxy (https://www.torproject.org/projects/obfsproxy.html.en), that hopefully will solve the problem in places like China.

Bitmask doesn't want to provide a proper VPN service, for the moment there is a demo service to try it. But the idea is to provide all the software easy to set up for providers, and the providers will charge you for it to sustain themselves. The nice thing of this model is that the provider only provides the service but your client comes from an independent organization, your provider can not put back doors on it.

The trust is a hard problem, we are moving the trust from the ISP to your provider (https://leap.se/en/doc/platform). Your ISP is something that you can not choose much, but on the provider you can choose or set up your own (https://leap.se/en/doc/platform).

Tor works in China if you use a Bridge. Their obfsproxy bridges disguise Tor traffic as other forms of traffic that aren't being blocked, while giving you all the benefits of a Tor connection.

Encrypted E-Mail is not the problem, there already are packages that install gpg without any hassle. What must be solved is the problem of which keys to trust. The web of trust just doesn't work. Are there any concepts how to solve this with Bitmask?

The key distribution is the actual problem that bitmask try to address (https://leap.se/en/docs/tech/hard-problems), it tries to make transparent the key discovery but keeping it as secure as possible. But this is still a work in progress.

So, this is a VPN client? I find it odd that it only supports Linux and Android, considering that these two platforms already have built in and fully functional VPN clients.

Other platform support on working, but this is just a beta.

OpenVPN is hard to use by non-hackers and complicated to configure well, too easy to have DNS or IPv6 leaks. Bitmask makes all that easy.

Do you prevent "DNS leaks" by running DNS through the tunnel, or by turning off DNS?

Do you prevent "IPv6 leaks" by running IPv6 through the tunnel, or by turning off IPv6?

And, more interestingly, are these answers consistent?

I don't really understand what this is, is it a vpn?

In its current beta state, Bitmask boils down to an easy-to-configure, easy-to-use VPN with Linux and Android clients. But it's part of a wider strategy that includes easy-to-deploy providers (using puppet, basically) A bigger picture can be read at https://leap.se/en/docs/tech.

The demo providers currently offer only VPN, but encrypted email is planned to be released soon.

For secure communication we should leave email behind because there's still a lot of metadata when using email.

Bitmessage (https://bitmessage.org) might prove to be a viable solution to the metadata problem.

Bitmessage (afaik) works like alt.anonymous.messages, but w/ a bitcoin-like broadcast protocol instead of usenet. Not sure how well this will scale (if we're talking about Bitmessage as an email replacement)

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact