Geek Excursions: BitMessage

Along with my curiosity surrounding Bitcoin, there is a similar technology that has been released for public use called BitMessage. This system is a really neat way to securely communicate in a secure method that involves absolutely no trust whatsoever. It’s a completely decentralized email infrastructure and has captured a lot of my spare attention. BitMessage works a lot like how Bitcoin does, you can create email addresses on the fly, they are a long sequence of random characters that your system can display because you have both a public key and a private key. In a lot of ways BitMessage deals with the biggest problem surrounding PGP/GPG, which is key management. Nobody really wants to manage keys or use the system because it’s extra work. Plus even with PGP/GPG, your identity is written on your keys for everyone to see.

Getting started with BitMessage is a snap. First you need to download the BitMessage client, and you can get that at bitmessage.org. There’s a Windows and Mac client available, you can start it and be instantly attached to the BitMessage network, ready to create new “BitMessage Addresses” and throw them away just as easily. So, for example, you could reach me by sending me a BitMessage to this address: BM-2cWAk99gBxdAQAKYQGC5Gbskon21GdT29X. When you send a message using BitMessage, its to this address and from an address that your client makes, so the conversation occurs securely and since every node has a copy of the data it’s impossible to tell who is getting what information. I think an even more secure method would be to cross BitMessage with a PGP/GPG key. The only problem with a key like that is that classically PGP/GPG keys require that you include your email address as a subkey so that you can be identified by a human-readable email address when looking for your public key or when someone else is looking for it, to verify a signature for example. The PGP/GPG system doesn’t require an email address, you can of course create a public and private keypair using PGP/GPG and make the email address up from whole cloth, and instead just let people know the key ID that you want them to use. So technically if Alice wanted to secretly communicate with me, we could give each other our public keys to start and then use BitMessage as the messaging mule. I don’t see how any eavesdropper could make sense out of any of that data flow. It’s unclear what the contents are, the PGP/GPG encryption keeps the contents of the message secure, and BitMessage itself seriously obfuscates if not outright eliminates being able to tell where the messages are ultimately going to or coming from.

I have to admit that BitMessage is very user friendly and very handy to have. My only issue with it is that I don’t know anyone who uses it, but perhaps this blog post will change that. If you are interested in this bleeding-edge crypto/privacy software, I encourage you to chat me up on BitMessage for serious matters or for fun.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.