Pages:
Author

Topic: [ANNOUNCE] Bitmessage - P2P Messaging system based partially on Bitcoin - page 4. (Read 89814 times)

sr. member
Activity: 266
Merit: 250
is it the same as "troll box" or "chat box" Huh
maybe the difference is in the encryption?
wont it delay the message?

legendary
Activity: 1708
Merit: 1019
Is it possible to sign text with a Bitmessage address that can be verified externally by a Python script?

I wonder how I could securely link from a Bitmessage address to a namecoin ID e.g. by signing the ID with a Bitmessage address.

edit: nevermind, found private keys in "keys.dat" and some info in the wiki, should be able to figure out the rest from the source.
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
Some tradeoffs have to happen. If we send a fixed amount of data on fixed intervals, we can completely preserve anonymity provided the message data stays under that bandwidth limit. Unfortunately, mobile data caps suck, and would make that limit rather small.
sr. member
Activity: 249
Merit: 251
Do people these days still keep a computer on in their house? Assuming yes..

IPv6 should make it easier for mobile and home devices to connect. Then devices could pair by requiring that the user take a picture of a qr code on the computer screen using the phone. That's all it takes to authenticate the computer and the phone to each other when they connect forever after. Perfect forward secrecy could even easily be used for this connection. We can use all this to guarantee security but unfortunately not anonymity because a local passive attacker would be able to see when the user gets a message: it would be immediately* relayed to the phone.

*One might argue that you could introduce a randomized delay. But it would still be discernible after a number of trials and the number of trials wouldn't need to be very large. The only solution I'm aware of is to send data of definite size to the phone every x minutes thus an attacker wouldn't know what is real data and what is just filler. But I don't like this solution.
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
So the top priorities would be to support Android and iOS (and desktop OS), and to have low hardware/storage/traffic needs. Which would mean BitMessage would be a total niche product..

Here's the problem I see:

- Almost nobody runs an email server on their mobile device or even tablet. They connect to an email server.
- Unfortunately, a third party server would have to either compromise anonymity, or serve every message to the phone (not feasible due to mobile network limits).
- Running your own server requires a server (not free, in contrast to most people's email), or having a home computer reliably on for a good portion of time at least every two days--more if you want to have email-like speed.
- Even if the home computer or server was being run, it's nontrivial to securely connect to it (required if the server isn't serving every message on the network to the client).
legendary
Activity: 2126
Merit: 1001
XMPP with PGP Encryption over TOR or I2P (other anon net access like VPN, ...)
(OTR encryption is also very common for XMPP)

there are some semi-dead encrypt. p2p messenger projects like:

- TorChat
- Crypto.cat
- RetroShare

which had/have some community/users in the past


Tor Project is developing a new Instant Messenger to be bundled with their Browser/TOR Client downloads (will be an hardened fork of Instantbird with OTR encryption, that only uses TOR obvious)

I guess this will be the "market leader" / anon messenger with the most users medium term.

Thanks for the extensive list.
Honestly, all of this sounds awful.
i2p/TOR won't gain enough momentum for a messenger any time soon.
OTR is no good solution for a messenger neither.

Well, cool, I'll focus my mental energy on bitmessage then! :-)

edit:
Maybe it all doesn't matter, as 90% of all IM happens on mobiles anyway?
So the top priorities would be to support Android and iOS (and desktop OS), and to have low hardware/storage/traffic needs. Which would mean BitMessage would be a total niche product..

Ente
legendary
Activity: 1232
Merit: 1011
Monero Evangelist
XMPP with PGP Encryption over TOR or I2P (other anon net access like VPN, ...)
(OTR encryption is also very common for XMPP)

there are some semi-dead encrypt. p2p messenger projects like:

- TorChat
- Crypto.cat
- RetroShare

which had/have some community/users in the past


Tor Project is developing a new Instant Messenger to be bundled with their Browser/TOR Client downloads (will be an hardened fork of Instantbird with OTR encryption, that only uses TOR obvious)

I guess this will be the "market leader" / anon messenger with the most users medium term.
legendary
Activity: 2126
Merit: 1001
- where is my (linux) userstuff? I'd expect something like ~/.bitmessage, but can't find anything. The program folder is 6mb, which can't contain the "blockchain".
It's in ~/.config, where it's supposed to be.

Quote
- I believe it would help adoption *a lot* to have plugins for the common chatclients. Like kopete, for example. No matter if it's the whole bitmessage implementation, with huge size, as long as it visually fully integrates into the common clients. What do you people think?

Bitmessage provides a daemon mode, so it would just take someone with the time and motivation to write the plugins. Bitmessage isn't exactly instant though, I'm not sure how well it would work with clients focused around a primarily XMPP based ecosystem.

Whoops, thank you for pointing out.
No idea how I could miss this. Most programs have their config in ~/.program, was my impression.. It doesn't help that bitcoin-core now has a config in ~/.bitcoin and ~/.config/Bitcoin. At least doesn't help my overview! :-)

Daemon mode sounds good!
Sure, it wouldn't be exactly the way we are used to from instant messengers. But it would make it so much more convenient for BitMessage users, and it would make it less of a hassle for new users to start with BitMessage too.

I want to start a bounty: "Program a Kopete plugin which integrates BitMessage into its GUI".

Where should I do this, for maximum exposure?
Any other messengers with high user counts and easy plugin-usability?

Is there any other encrypted p2p messenger, fully anonymous (without knowing which IP sent a message)?

Ente
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
- where is my (linux) userstuff? I'd expect something like ~/.bitmessage, but can't find anything. The program folder is 6mb, which can't contain the "blockchain".
It's in ~/.config, where it's supposed to be.

Quote
- I believe it would help adoption *a lot* to have plugins for the common chatclients. Like kopete, for example. No matter if it's the whole bitmessage implementation, with huge size, as long as it visually fully integrates into the common clients. What do you people think?

Bitmessage provides a daemon mode, so it would just take someone with the time and motivation to write the plugins. Bitmessage isn't exactly instant though, I'm not sure how well it would work with clients focused around a primarily XMPP based ecosystem.
legendary
Activity: 2126
Merit: 1001
A Chrome addon? The article Javascript Cryptography Considered Harmful is still on my mind.

A web-based Bitmessage client should never exist. Just like that article talks about, there is no way to securely deliver the code. If HTTPS is secure and trustworthy then Bitmessage need-not exist. I argue that it isn't.

..I had to quote this, for all that happened lately with heartbleed.. :-)

Finally I read through this whole thread.

- where is my (linux) userstuff? I'd expect something like ~/.bitmessage, but can't find anything. The program folder is 6mb, which can't contain the "blockchain".

- I believe it would help adoption *a lot* to have plugins for the common chatclients. Like kopete, for example. No matter if it's the whole bitmessage implementation, with huge size, as long as it visually fully integrates into the common clients. What do you people think?


Also, I am BM-2cWuHRsRAwfbCdzKKEKRf1nc2BwzPgRLN2

Ente
legendary
Activity: 1400
Merit: 1009
I stopped using it when I realized how impractical it is that messages expire so quickly (after a couple of days). Unfortunately that meant I'd basically have to 'call ahead' via some other medium, to remind my recipient to open their bitmessage client.
The only reasonable use case for Bitmessage is that is it runs as a daemon in the background and you use some other means for receiving messages instead of their GUI, such as using a regular email client.
legendary
Activity: 1708
Merit: 1019
heartbleed? using openSSL...
hero member
Activity: 630
Merit: 500
How secure is Bitmessage? I like the idea of a decentralized messaging network in the wake of Lavabit. How come this isnt attracting more development?

I was initially very excited about bitmessage and started using it a lot.

I stopped using it when I realized how impractical it is that messages expire so quickly (after a couple of days). Unfortunately that meant I'd basically have to 'call ahead' via some other medium, to remind my recipient to open their bitmessage client.
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
How secure is Bitmessage?
If you want to fund an audit, we'll find out.


Quote
How come this isnt attracting more development?
There have been a number of concerns over scalability and security which have only been partially addressed. I can't speak too much about them because I've been rather distant from the project for a while, but AFAIK the scaling is still an unsolved issue, practically in the brainstorming stage. There are also a number of unfortunate misconceptions which have been propagated around the interwebs. Whenever Aetheros pops up with a well-reasoned response, he gets crickets. These include:

- But proof of work isn't a viable spam solution!
Email has no spam solution either, and yet it's done well for two decades. Spam in email is handled clientside, and this does not change with Bitmessage. Thunderbird (and other client) integration makes this simple. Proof-of-work is merely used to prevent flooding of the network.

- But wasn't it de-anonymized?!
No, some guy harvested addresses (which are public, because the existence of a particular address leaks no information), then sent out some spam. Users then copied and pasted an unclickable (by GUI design) link to an unknown website from an unknown sender into an unsecured web-browser, and were surprised when their IP address was then correlated with their intentionally disposable Bitmessage address which had no associated metadata. This still baffles me.

- But what about that one post on the Bitmessage forums with criticism?
Yes, we read the post. And then we discussed it. If you believe it contained an as-yet-unaddressed critical flaw, please let me know.
full member
Activity: 120
Merit: 100
How secure is Bitmessage? I like the idea of a decentralized messaging network in the wake of Lavabit. How come this isnt attracting more development?
full member
Activity: 178
Merit: 100
Is it possible to monitor the BitMessage blockchain for responses to an address and then parse the incoming message?

I have done similar in Bitcoin using Bitcoinmonitor.net, which uses an http callback but I understand the same can be done without using BitcoinMonitor.net.

In Bitmessage I see the function getAllInboxMessages. Would that do what I am wanting?

Thanks
full member
Activity: 140
Merit: 100
I've just discovered Bitmessage recently and I am quite enthusiastic about it.
How come almost nobody is using it? Is the learning curve to steep?
newbie
Activity: 59
Merit: 0
attachments sound like a good solution, thank you
is there any time frame for that?

There is not.  Sad
https://bitmessage.org/forum/index.php?topic=3327.0
is that the solution or will it be something different?
sr. member
Activity: 249
Merit: 251
attachments sound like a good solution, thank you
is there any time frame for that?

There is not.  Sad
newbie
Activity: 59
Merit: 0
it is an useful feature to have the html displayed formatted, allows things like image sending, which might be a necessary feature for this to spread
but unfortunately as soon as you unselect the message you were looking at the display changes to unformatted and needs to be changed for seeing it formatted again, which is a barrier to general users

so is there a way to have it format html by default that is acessible to people not compiling their own clients?
ideally at some point this would be accessible through a checkbox in the settings, but for the time being is there a config to edit or something like that?

also, what would be nice for a future release is a image to base64 converter built into the client, that could vastly broaden the userbase for bitmessage

HTML content is purposely not displayed by default unless the user is white-listed, is in your address book, or you are subscribed to them.

It would be better for us to support attachments before we bother building in a base64 encoding mechanism. It would be more data-efficient also.
attachments sound like a good solution, thank you
is there any time frame for that?
Pages:
Jump to: