Bitmessage

Last updated
PyBitmessage
Original author(s) Jonathan Warren
Developer(s) Bitmessage Community
Initial releaseNovember 2012;11 years ago (2012-11)
Stable release
0.6.3.2 / February 13, 2018;6 years ago (2018-02-13)
Written in Python, C++ (POW function)
Operating system Windows, macOS, Linux, FreeBSD
Available inEnglish, Esperanto, French, German, Spanish, Russian, Norwegian, Arabic, Chinese
Type Instant messaging client
License MIT
Website bitmessage.org

Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers.

Contents

Bitmessage was conceived by software developer Jonathan Warren, who based its design on the decentralized digital currency, Bitcoin. The software was released in November 2012 under the MIT license. [1]

Bitmessage gained a reputation for being out of reach of warrantless wiretapping conducted by the National Security Agency (NSA), due to the decentralized nature of the protocol, and its encryption being difficult to crack. This prevents the accidental eavesdropping. [2] As a result, downloads of the Bitmessage program increased fivefold during June 2013, after news broke of classified email surveillance activities conducted by the NSA. [1]

It achieves anonymity and privacy by relying on the blockchain flooding propagation mechanism and asymmetric encryption algorithm. [2]

Bitmessage has also been mentioned as an experimental alternative to email by Popular Science [3] and CNET. [4]

Some ransomware programs instruct affected users to use Bitmessage to communicate with the attackers. [5]

PyBitmessage version 0.6.2 (March 1, 2017) had a remote code execution vulnerability. It was fixed in version 0.6.3 (February 13, 2018). [6] [7]

Related Research Articles

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

<span class="mw-page-title-main">Email client</span> Computer program used to access and manage a users email

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

<span class="mw-page-title-main">Instant messaging</span> Form of computer communication over the internet or locally

Instant messaging (IM) technology is a type of synchronous computer-mediated communication involving the immediate (real-time) transmission of messages between two or more parties over the Internet or another computer network. Originally involving simple text message exchanges, modern IM applications and services tend to also feature the exchange of multimedia, emojis, file transfer, VoIP, and video chat capabilities.

<span class="mw-page-title-main">GNUnet</span> Framework for decentralized, peer-to-peer networking which is part of the GNU Project

GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports and various basic peer-to-peer algorithms for routing, multicast and network size estimation.

<span class="mw-page-title-main">Skype</span> Telecommunications software service/application

Skype is a proprietary telecommunications application operated by Skype Technologies, a division of Microsoft, best known for IP-based videotelephony, videoconferencing and voice calls. It also has instant messaging, file transfer, debit-based calls to landline and mobile telephones, and other features. It is available on various desktop, mobile, and video game console platforms.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

The Invisible Internet Project (I2P) is an anonymous network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic, and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an "I2P router", and a computer running I2P is called an "I2P node". I2P is free and open sourced, and is published under multiple licenses.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse. End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves. Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.

Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.

Cryptovirology refers to the study of cryptography use in malware, such as ransomware and asymmetric backdoors. Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. Cryptovirology employs a twist on cryptography, showing that it can also be used offensively. It can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

<span class="mw-page-title-main">TorChat</span> Anonymous instant messaging application

TorChat was a peer-to-peer anonymous instant messenger that used Tor onion services as its underlying network. It provided cryptographically secure text messaging and file transfers. The characteristics of Tor's onion services ensure that all traffic between the clients is encrypted and that it is very difficult to tell who is communicating with whom and where a given client is physically located.

Silent Circle is an encrypted communications firm based in Washington DC. Silent Circle provides multi-platform secure communication services for mobile devices and desktops. Launched October 16, 2012, the company operates under a subscription business model. The encryption part of the software used is free software/open source and peer-reviewed. For the remaining parts of Silent Phone and Silent Text, the source code is available on GitHub, but under proprietary software licenses.

<span class="mw-page-title-main">Twister (software)</span> Blog software

Twister is a decentralized, experimental peer-to-peer microblogging program which uses end-to-end encryption to safeguard communications. Based on BitTorrent- and Bitcoin-like protocols, it has been likened to a distributed version of Twitter.

<span class="mw-page-title-main">Tox (protocol)</span> Distributed protocol for telephony and instant messaging

Tox is a peer-to-peer instant-messaging and video-calling protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. A reference implementation of the protocol is published as free and open-source software under the terms of the GNU GPL-3.0-or-later.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

<span class="mw-page-title-main">Crypto Wars</span> Attempts to limit access to strong cryptography

Attempts, unofficially dubbed the "Crypto Wars", have been made by the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).

EternalBlue is a computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a vulnerability in Microsoft Windows that allowed users to gain access to any number of computers connected to a network. The NSA knew about this vulnerability but did not disclose it to Microsoft for several years, since they planned to use it as a defense mechanism against cyber attacks. In 2017, the NSA discovered that the software was stolen by a group of hackers known as the Shadow Brokers. Microsoft was informed of this and released security updates in March 2017 patching the vulnerability. While this was happening, the hacker group attempted to auction off the software, but did not succeed in finding a buyer. EternalBlue was then publicly released on April 14, 2017.

Autocrypt is a cryptographic protocol for email clients aiming to simplify key exchange and enabling encryption. Version 1.0 of the Autocrypt specification was released in December 2017 and makes no attempt to protect against MITM attacks. It is implemented on top of OpenPGP replacing its complex key management by fully automated exchange of cryptographic keys between peers.

References

  1. 1 2 Max Raskin (2013-06-27). "Bitmessage's NSA-Proof E-Mail". Business Week. Archived from the original on June 29, 2013.
  2. 1 2 Shi, Liucheng; Guo, Zhaozhong; Xu, Maozhi (2021). "Bitmessage Plus: A Blockchain-Based Communication Protocol With High Practicality". IEEE Access. 9: 21618–21626. doi: 10.1109/ACCESS.2021.3056135 . ISSN   2169-3536. S2CID   231851942.
  3. Dan Nosowitz (2013-08-09). "What Are Your Options Now For Secure Email?". Popular Science.
  4. Molly Wood (2013-08-13). "Gmail: You weren't really expecting privacy, were you?". CNet.
  5. "Chimera Ransomware Tries To Turn Malware Victims Into Cybercriminals". International Business Times . 2015-12-04.
  6. "CVE - CVE-2018-1000070". cve.mitre.org. Retrieved 2022-05-09.
  7. "Fix message encoding bug · Bitmessage/PyBitmessage@3a8016d". GitHub. Retrieved 2022-05-09.

Further reading