Topic: [ANNOUNCE] Bitmessage - P2P Messaging system based partially on Bitcoin - page 4. (Read 89814 times)

is it the same as "troll box" or "chat box"
maybe the difference is in the encryption?
wont it delay the message?

Is it possible to sign text with a Bitmessage address that can be verified externally by a Python script?

I wonder how I could securely link from a Bitmessage address to a namecoin ID e.g. by signing the ID with a Bitmessage address.

edit: nevermind, found private keys in "keys.dat" and some info in the wiki, should be able to figure out the rest from the source.

Some tradeoffs have to happen. If we send a fixed amount of data on fixed intervals, we can completely preserve anonymity provided the message data stays under that bandwidth limit. Unfortunately, mobile data caps suck, and would make that limit rather small.

Do people these days still keep a computer on in their house? Assuming yes..

IPv6 should make it easier for mobile and home devices to connect. Then devices could pair by requiring that the user take a picture of a qr code on the computer screen using the phone. That's all it takes to authenticate the computer and the phone to each other when they connect forever after. Perfect forward secrecy could even easily be used for this connection. We can use all this to guarantee security but unfortunately not anonymity because a local passive attacker would be able to see when the user gets a message: it would be immediately* relayed to the phone.

*One might argue that you could introduce a randomized delay. But it would still be discernible after a number of trials and the number of trials wouldn't need to be very large. The only solution I'm aware of is to send data of definite size to the phone every x minutes thus an attacker wouldn't know what is real data and what is just filler. But I don't like this solution.

Here's the problem I see:

- Almost nobody runs an email server on their mobile device or even tablet. They connect to an email server.
- Unfortunately, a third party server would have to either compromise anonymity, or serve every message to the phone (not feasible due to mobile network limits).
- Running your own server requires a server (not free, in contrast to most people's email), or having a home computer reliably on for a good portion of time at least every two days--more if you want to have email-like speed.
- Even if the home computer or server was being run, it's nontrivial to securely connect to it (required if the server isn't serving every message on the network to the client).

Thanks for the extensive list.
Honestly, all of this sounds awful.
i2p/TOR won't gain enough momentum for a messenger any time soon.
OTR is no good solution for a messenger neither.

Well, cool, I'll focus my mental energy on bitmessage then! :-)

edit:
Maybe it all doesn't matter, as 90% of all IM happens on mobiles anyway?
So the top priorities would be to support Android and iOS (and desktop OS), and to have low hardware/storage/traffic needs. Which would mean BitMessage would be a total niche product..

Ente

XMPP with PGP Encryption over TOR or I2P (other anon net access like VPN, ...)
(OTR encryption is also very common for XMPP)

there are some semi-dead encrypt. p2p messenger projects like:

- TorChat
- Crypto.cat
- RetroShare

which had/have some community/users in the past


Tor Project is developing a new Instant Messenger to be bundled with their Browser/TOR Client downloads (will be an hardened fork of Instantbird with OTR encryption, that only uses TOR obvious)

I guess this will be the "market leader" / anon messenger with the most users medium term.

Whoops, thank you for pointing out.
No idea how I could miss this. Most programs have their config in ~/.program, was my impression.. It doesn't help that bitcoin-core now has a config in ~/.bitcoin and ~/.config/Bitcoin. At least doesn't help my overview! :-)

Daemon mode sounds good!
Sure, it wouldn't be exactly the way we are used to from instant messengers. But it would make it so much more convenient for BitMessage users, and it would make it less of a hassle for new users to start with BitMessage too.

I want to start a bounty: "Program a Kopete plugin which integrates BitMessage into its GUI".

Where should I do this, for maximum exposure?
Any other messengers with high user counts and easy plugin-usability?

Is there any other encrypted p2p messenger, fully anonymous (without knowing which IP sent a message)?

Ente

It's in ~/.config, where it's supposed to be.


Bitmessage provides a daemon mode, so it would just take someone with the time and motivation to write the plugins. Bitmessage isn't exactly instant though, I'm not sure how well it would work with clients focused around a primarily XMPP based ecosystem.

..I had to quote this, for all that happened lately with heartbleed.. :-)

Finally I read through this whole thread.

- where is my (linux) userstuff? I'd expect something like ~/.bitmessage, but can't find anything. The program folder is 6mb, which can't contain the "blockchain".

- I believe it would help adoption *a lot* to have plugins for the common chatclients. Like kopete, for example. No matter if it's the whole bitmessage implementation, with huge size, as long as it visually fully integrates into the common clients. What do you people think?


Also, I am BM-2cWuHRsRAwfbCdzKKEKRf1nc2BwzPgRLN2

Ente

The only reasonable use case for Bitmessage is that is it runs as a daemon in the background and you use some other means for receiving messages instead of their GUI, such as using a regular email client.

heartbleed? using openSSL...

I was initially very excited about bitmessage and started using it a lot.

I stopped using it when I realized how impractical it is that messages expire so quickly (after a couple of days). Unfortunately that meant I'd basically have to 'call ahead' via some other medium, to remind my recipient to open their bitmessage client.

If you want to fund an audit, we'll find out.


There have been a number of concerns over scalability and security which have only been partially addressed. I can't speak too much about them because I've been rather distant from the project for a while, but AFAIK the scaling is still an unsolved issue, practically in the brainstorming stage. There are also a number of unfortunate misconceptions which have been propagated around the interwebs. Whenever Aetheros pops up with a well-reasoned response, he gets crickets. These include:

- But proof of work isn't a viable spam solution!
Email has no spam solution either, and yet it's done well for two decades. Spam in email is handled clientside, and this does not change with Bitmessage. Thunderbird (and other client) integration makes this simple. Proof-of-work is merely used to prevent flooding of the network.

- But wasn't it de-anonymized?!
No, some guy harvested addresses (which are public, because the existence of a particular address leaks no information), then sent out some spam. Users then copied and pasted an unclickable (by GUI design) link to an unknown website from an unknown sender into an unsecured web-browser, and were surprised when their IP address was then correlated with their intentionally disposable Bitmessage address which had no associated metadata. This still baffles me.

- But what about that one post on the Bitmessage forums with criticism?
Yes, we read the post. And then we discussed it. If you believe it contained an as-yet-unaddressed critical flaw, please let me know.

How secure is Bitmessage? I like the idea of a decentralized messaging network in the wake of Lavabit. How come this isnt attracting more development?

Is it possible to monitor the BitMessage blockchain for responses to an address and then parse the incoming message?

I have done similar in Bitcoin using Bitcoinmonitor.net, which uses an http callback but I understand the same can be done without using BitcoinMonitor.net.

In Bitmessage I see the function getAllInboxMessages. Would that do what I am wanting?

Thanks

I've just discovered Bitmessage recently and I am quite enthusiastic about it.
How come almost nobody is using it? Is the learning curve to steep?

https://bitmessage.org/forum/index.php?topic=3327.0
is that the solution or will it be something different?

There is not. 

attachments sound like a good solution, thank you
is there any time frame for that?