PRISM fallout: enter Bitmessage. The world’s most secure messaging platform.

PRISM fallout: enter Bitmessage. The world’s most secure messaging platform.

Henry Dalziel | Latest InfoSec News, Product Reviews | June 10, 2013

If you are concerned about email and messaging privacy following the fallout of PRISM there are several options available to you. For example, one solution that encrypts instant messaging is the Tor Chat (which is an extension of the Tails Linux Distro). Tor Chat, now in version 2 (Tor Chat2) is very simple once you have it set up. It has basic IM functionality that works over the Tor Network, which in itself is built around privacy. Another possible solution is an add-on for the Pigeon Messaging service called “off-the-record” which works pretty well in encrypting messaging. There are third party email clients like hushmail that have been around forever that also do a good job but the issue there is that you have to work with a third party whom likely will eventually give in to higher authorities when requested to do so.

However, our favorite here at Concise Courses is an amazing project called Bitmessage.

What is Bitmessage?
When it comes to sending secure emailing you could use GPG or PGP public keys etc, but there is a flaw, you can still be tracked and records can show when and to whom you communicated that can then be used to create patterns. If you are sending sensitive information and insist to use email then a better solution would be to use your own hosted email server using GPG.

However, Bitmessage is the boss when it comes to encryption and security. Bitmessage is a solution that is better than GPG and in our opinion is a not only a game changer but is also a replacement for email. Every message is encrypted from that start and a hacker (or evil government agency) will not be able to track the sender or the receiver of the message! Bitmessage is based in part on ‘bitcoin’ principles in the sense that the platform works in a decentralized and peer-to-peer fashion and unlike addons like Pretty Good Privacy, this solution will encrypt all aspects of messaging. The whole point of the platform is to secure the messages and the members that send the messages, i.e. it is like an all-round security platform on steroids. Every aspect and opportunity to encrypt has been grasped, adopted and implemented.

Every user (or member) has their own unique address and the GIU looks like a traditional, clean minimalistic email client inbox.

How secure is Bitmessage?

We absolutely do not doubt the power of Bitmessage encryption and it seems that the program is very stable as well. There was a previous vulnerability which seems to have been patched: which was to flood the bitmessage network with fake IP addresses pinging DAT files with unresponsive entries (which sound like a relative of a traditional DOS attack).

In Summary
Bitmessage is an out of the box solution for complete encryption. Whilst nothing can ever be completely anonymous Bitmessage is in our opinion pretty damn close to being that. Bitmessage is a complete email replacement with IM chat that is secure in confidentiality and it is easy to set up. Bugs have been reported but we fond none in our testing. Go and check it out! In light of all this US government snooping business this project really could get a lot more attention. Let us know if you have used it and your thoughts to the future of this solution.

  • bodycode

    Bit message doesn’t use a vpn! It’s also not routed through the onion router. Therefore, your IP can be hacked! Why are you saying that it’s completely secure if your IP address is not mis-directed by being relayed around the planet through different forwarders? I disagree with you. I’m not saying I have the skills, it’s just that your high level description, does not sound like it’s doing things through and “anonymized” IP address.

    • k3p

      Like he said, set up your own serve. More over set up your own vpn or “onion router” to proxy yourself. You can easily run all your traffice(includng this) through the Tor network with tweaked router. Also if you’re really concerned about security then 1) it takes more than the ip to hac into a system and 2)just pick up an Rpi or cheap android, runa tor proxy or vpn, and run this.

    • Unlike most communication protocols, Bitmessage encrypts the metadata and the messages are broadcast rather than routed. That makes it more difficult to find the IP address of either the sender or the recipient. There are also additional security measures, for example the broadcasts are randomly delayed, the communication protocol supports anonymous TLS and you can use Bitmessage on Tor, it can run both as a Tor client as well as hidden service.

Leave a comment or reply below...thanks!