Henry Dalziel | Latest InfoSec News, Product Reviews | June 10, 2013
If you are concerned about email and messaging privacy following the fallout of PRISM there are several options available to you. For example, one solution that encrypts instant messaging is the Tor Chat (which is an extension of the Tails Linux Distro). Tor Chat, now in version 2 (Tor Chat2) is very simple once you have it set up. It has basic IM functionality that works over the Tor Network, which in itself is built around privacy. Another possible solution is an add-on for the Pigeon Messaging service called “off-the-record” which works pretty well in encrypting messaging. There are third party email clients like hushmail that have been around forever that also do a good job but the issue there is that you have to work with a third party whom likely will eventually give in to higher authorities when requested to do so.
However, our favorite here at Concise Courses is an amazing project called Bitmessage.
What is Bitmessage?
When it comes to sending secure emailing you could use GPG or PGP public keys etc, but there is a flaw, you can still be tracked and records can show when and to whom you communicated that can then be used to create patterns. If you are sending sensitive information and insist to use email then a better solution would be to use your own hosted email server using GPG.
However, Bitmessage is the boss when it comes to encryption and security. Bitmessage is a solution that is better than GPG and in our opinion is a not only a game changer but is also a replacement for email. Every message is encrypted from that start and a hacker (or evil government agency) will not be able to track the sender or the receiver of the message! Bitmessage is based in part on ‘bitcoin’ principles in the sense that the platform works in a decentralized and peer-to-peer fashion and unlike addons like Pretty Good Privacy, this solution will encrypt all aspects of messaging. The whole point of the platform is to secure the messages and the members that send the messages, i.e. it is like an all-round security platform on steroids. Every aspect and opportunity to encrypt has been grasped, adopted and implemented.
Every user (or member) has their own unique address and the GIU looks like a traditional, clean minimalistic email client inbox.
How secure is Bitmessage?
We absolutely do not doubt the power of Bitmessage encryption and it seems that the program is very stable as well. There was a previous vulnerability which seems to have been patched: which was to flood the bitmessage network with fake IP addresses pinging DAT files with unresponsive entries (which sound like a relative of a traditional DOS attack).
Bitmessage is an out of the box solution for complete encryption. Whilst nothing can ever be completely anonymous Bitmessage is in our opinion pretty damn close to being that. Bitmessage is a complete email replacement with IM chat that is secure in confidentiality and it is easy to set up. Bugs have been reported but we fond none in our testing. Go and check it out! In light of all this US government snooping business this project really could get a lot more attention. Let us know if you have used it and your thoughts to the future of this solution.