Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers. Bitmessage encrypts each user's message inbox using public-key cryptography and replicates it inside its P2P network, mixing it with inboxes of other users in order to conceal user's identity, prevent eavesdropping and allow the network to operate in a decentralized manner. The Bitmessage communications protocol avoids sender-spoofing through authentication, and hides metadata from wiretapping systems.
PyBitmessage version 0.3.5
|Original author(s)||Jonathan Warren|
|Initial release||November 2012|
0.6.3.2 / February 13, 2018
|Written in||Python, C++ (POW function)|
|Operating system||Windows, macOS, Linux, FreeBSD|
|Available in||English, Esperanto, French, German, Spanish, Russian, Norwegian, Arabic, Chinese|
|Type||Instant messaging client|
PyBitmessage is the official instant messaging client designed for Bitmessage.
Bitpost is an alternate client for OSX users.
|Initial release||August 2014|
0.9.1 / August 24, 2014
|Type||Anonymous P2P client|
Type of site
|Webmail, E-Mail service|
|Website||bitmessage.ch, bitmailendavkbec.onion, bitmessage.i2p|
|Passwords cannot be retrieved and inactive accounts do not expire.|
A number of services provide email endpoints to the BitMessage network. Bitmessage.ch is a service that supports sending and receiving Bitmessages over the email protocol.
IMAP/POP and SMTP bridgesEdit
Type of site
|Created by||Ben Kietzman|
A number of applications provide bridges between the PyBitmessage client and email applications via the IMAP/POP and SMTP protocols. BitMail is an application that bridges the IMAP, POP, and SMTP protocols.
Bitmessage works by encrypting all the incoming and outgoing messages using public-key cryptography so that only the receiver of the message is capable of decrypting it. In order to achieve anonymity:
- Bitmessage replicates all the messages inside its own anonymous P2P network, therefore mixing all the encrypted messages of a given user with all the encrypted messages of all other users of the network, thus making it difficult to track which particular computer is the actual originator of the message and which computer is the recipient of the message.
- Bitmessage uses cryptographically generated addresses (for example, BM-BcbRqcFFSQUUmXFKsPJgVQPSiFA3Xash). Bitmessage addresses resemble bitcoin addresses, and its keys are compatible with bitcoin keys.
- Bitmessage uses public-key cryptography, designed such that only a recipient of a message is capable of decrypting it. This encryption algorithm works in such a way that even the original sender is not able to decrypt their own message due to different keys being used for encryption and decryption. More specifically, Bitmessage uses 256-bit ECC keys and OpenSSL for cryptographic functions.
- Outgoing messages do not contain the explicit address of the recipient of the message. Therefore, every network participant attempts decryption of every message passing through the network even if the message was not originally intended for that network participant. Since only the actual recipient can successfully decrypt the messages intended for them, all network participants know that if they fail to decrypt the message then the message was not intended for them.
- The original sender knows whether the recipient received the message or not (through an acknowledgement system), but the sender cannot discover which network participant is the actual recipient since all the network participants will have this encrypted message stored on their computer irrespective of whether the message was intended for them or not.
- Bitmessage nodes store the encrypted messages only for two days before erasing them, therefore, messages are not archived in the network. New nodes joining the network can only download and broadcast the pool's messages from the last two days. Any messages which did not result in a receipt acknowledgement can be re-sent by the originator of the message after the two-day period.
- Bitmessage uses a proof-of-work system to protect the network from flooding.
- a chan cannot be shut down by taking down any server or a group of servers due to decentralized nature of chans.
- a chan cannot be effectively censored since any Bitmessage user who knows the chan passphrase can read the chan or post any message into the chan.
- within a chan, user messages are anonymous to such a degree that messages contain neither the sender's nor the receiver's Bitmessage address.
The concept for Bitmessage was conceived by software developer Jonathan Warren, who based its design on the decentralized digital currency, bitcoin. The software was released in November 2012 under the MIT license.
Bitmessage has gained a reputation for being out of reach of warrantless wiretapping conducted by the National Security Agency (NSA) due to the decentralized nature of the protocol, and its encryption being difficult to crack. As a result, downloads of the Bitmessage program increased fivefold during June 2013 after news broke of classified email surveillance activities conducted by the NSA.
BitMessage's security has not been independently audited. The official Bitmessage website states: "Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer..."
A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2 here. If you run PyBitmessage via code, we highly recommend that you upgrade to 0.6.3.2. Alternatively you may downgrade to 0.6.1 which is unaffected.
Bitmessage developer Peter Šurda's Bitmessage addresses are to be considered compromised.
- Max Raskin (2013-06-27). "Bitmessage's NSA-Proof E-Mail". Business Week.
- "Bitmessage E-Mail Gateway". Retrieved 7 July 2015.
- "Bitmessage E-Mail Gateway". Retrieved 7 July 2015.
- "BitMail in Launchpad". Retrieved 7 July 2015.
- "Bitmessage Timeservice Broadcast". July 15, 2013. Retrieved 2013-07-15.
- "BMG FAQ". Retrieved 13 August 2015.
- "Bitmessage Address Directory". Retrieved 2013-08-14.
- Dan Nosowitz (2013-08-09). "What Are Your Options Now For Secure Email?". Popular Science.
- Molly Wood (2013-08-13). "Gmail: You weren't really expecting privacy, were you?". CNet.
- "Chimera Ransomware Tries To Turn Malware Victims Into Cybercriminals". International Business Times. 2015-12-04.
- Bitmessage Wiki, 2013-08-21
- "Bitmessage Wiki". bitmessage.org. Retrieved 2018-02-17.
- White paper about Bitmessage
- Daniel Cawrey (2013-06-03). "Bitmessage is the Bitcoin of online communication". CoinDesk.