Government surveillance has become a fact of life for anyone communicating digitally these last few years, and it’s been a bumpy transition for those that value privacy. Even with the adoption of PGP keys and VPNs, options for secure day-to-day communication are scarce. End-to-end encryption is a clunky mess for email and IM, and the commercial services that automate the process rely on the assumption that they won’t be subpoenaed or broken into.
Enter BitMessage, an open source project that has re-implemented Bitcoin’s block-and-transfer system to decentralise and automate encrypted communication. This protocol solves the biggest problem in secure communications: trusting a third party to safeguard your data.
If you’ve used a bitcoin wallet, PyBitMessage (the default BitMessage client) will feel eerily familiar to you. You generate a key and passphrase on your first startup, instead of a transactions page you have an inbox, and your contacts have unique strings that look like bitcoin addresses. Everything is encrypted end-to-end on the network, and messages are handled like transactions on Bitcoin’s blockchain. The main departure is that transactional mixing is a natively implemented feature – meaning that even capture of the encrypted data you send is incredibly difficult for potential eavesdroppers.
- Each alias has a unique public key attached to it, and you can create as many as you need.
Sending messages in the “vanilla” program also feels like dealing in cryptocurrency. You have long alphanumeric strings in your contact list instead of handles or email addresses, and you need proof-of-work to get your messages sent. You can set a different key and passphrase for each of your aliases, and create as many as you want. Contacts are not automatically labelled, and there is no peer discovery system, lending to the protocol’s overall security. However, these same features may turn the uninitiated user sour on the idea of using BitMessage, as they run counter to what are considered common conveniences in modern text communication.
Its real utility, though, comes from its extensibility. Bitmessage is a communication protocol, not an all in one package. There are more and more services popping up that connect it to traditional communications networks: bitmessage.ch and bitmail allow users to link a BitMessage alias to an email address, offering seamless end to end encryption out of the box. And as of version 0.3.5, the protocol supports “chans,” anonymous bbs-style mailing lists that are next to impossible to take down or censor; they are a permanent part of the ledger, accessible to anyone who knows their address.
While it is a solid communication proof of concept, BitMessage is barred from the mobile space. The current proof-of-work implementation is too computationally intensive for most SoC devices: I was able to get it working on an overclocked raspberry pi 2, but the processing delay between writing a message and upload made it unusable for instant messaging. As BitMessage comes out of alpha we may see this change, but whether the developers want to get the protocol working well on mobile platforms remains to be seen.
Currently, BitMessage is a secure drop in replacement for email, Instant messaging, and IRC. Though the alpha builds have limited scope and a somewhat arcane interface, we may well see support for hooks into XMPP, SMS, and other popular chat and text APIs as the protocol develops. For now, though, It’s most useful for desktop applications. Those interested in having a trustless solution to web privacy, BitMessage is a project to watch.
What do you think about Bitmessage? Let us know in the comments below!