BitMessage is one of its kind communication protocol which makes communicating with another person or many; a lot more encrypted, secure and simpler than using complex programs like PGP or unsecure ones like E-mail.
Throughout this piece, I’ll cover almost everything you need to know about the program, what it is, what it does, how it’s better than PGP and than finally How to use BitMessage step by step.
What is BitMessage and How it Works?
Even though you may know, have heard or read about BitMessage, chances are you found a complex and technical whitepaper which didn’t make a lot of sense to you.
Cause not everyone who needs to send an encrypted E-mail or message is a tech-geek; so let me explain to you in laymen’s terms how exactly BitMessage works.
It’s an open-source; Peer to Peer messaging protocol which first appeared in 2012, it’s also called the “Bitcoin of communication” because its name, addresses, keys along with decentralized and trustless structure essentially make it alike Bitcoin in quite a few ways.
In the very simple terms, you can send messages and other communication via BitMessage which can’t be intercepted, hacked or viewed by anyone else except the intended party.
After being sent, not even the sender of the message can decrypt it, as it uses different keys for encryption and decryption. Also, even though the sender is informed if the message is read or not, they don’t know which person read it from the network (What network? Explained later).
Let’s first have a look at how to use BitMessage, meaning what “you” have to do from your end, and then I’ll explain how it actually works meaning what happens in the back-end and how it encrypts your data.
How to use BitMessage
First of all, you’ll have to download the BitMessage program from the following links:
Once you’ve downloaded it for your system, simply run it from the downloaded icon. It does n’t need any formal installation.
Because it’s a portable application; you can store the complete app on a thumb-drive or any other storage device, and run it on different computers easily.
The first screen when running the application you’d see is this:
Click on “connect now”, then click on the “allow” button if it needs special permissions from your system.
The screenshot below is what the next screen looks like, first thing you’d want to do is create a new address so people can send you messages, simply click on “New identities” from the left-sidebar.
The following popup would show itself, let me explain what all the options mean before you decide which one you wish to go with:
- Use a random number generator to make an address: This is the simplest, easiest and fastest method to create a new identity.
- Use a passphrase to make an address: If you use this option, you can recover your messages and keys as long as you remember the password. The only problem is, you need to use an exceptionally unique passphrase, or else anyone else who uses the same passphrase in the world would have access to your account.
- Label: Basically a name for your addresses, such as work, family, friends so you know who has sent you the message (provided you share that particular address with only that group of people).
- You can tick the “Spend several minutes of extra computing time to make the address 1 or 2 characters short if you want a shorter address (it’s not worth it in most cases, as the address is still nearly 30 chars. Long and no one remembers it anyway).
Leave the other options as they are; if you understood the above options make your choice, if you didn’t, simply click on the “use a random number generator” option.
The address would be included to your address-list on the left-sidebar, and you can right-click > copy address to clipboard to share it with people who need to send you texts.
You can also enable/disable; as well as set avatar for the address the same way.
Anyway, that’s how you create a new identity; or address. Let’s now take a look at how to send a message using BitMessage.
Sending a Message
Simply click on the “send” tab, insert the address of the receiver in the “to” tab; include a subject; type the message and click on send.
Note that you can and should include a TTL (Time to Live) for the message from the bottom-centre-left TTL slider.
It’s the duration of time for which the message will be available on the network for the recipient to read, after which it’ll be auto-deleted.
Also, the longer you set this TTL time to be, the more processing power and bandwidth your computer will have to shell out.
Anyway, that’s how you send a message.
What are Subscriptions?
Let’s not leave things half-way, so what are subscriptions? You basically can subscribe to other people, and other people can subscribe to you; so when they send a message as a “broadcast” the message gets sent to all their subscribers.
You can subscribe to people from the button on the left-sidebar when you’re in the Subscriptions tab.
If you right-click on an address of yours, click on “special address behavior” > Behave as a pseudo-mailing list address, all the emails to that address will be automatically sent out or broadcasted to the subscribers of that address.
So those were the options that the tool has or at least the options that you can play around and make changes. Let me now explain what actually happens in the background.
How BitMessage Works?
Here’s how it works; suppose my name is Evan and I wish to send a message to Olivia, so I uses Olivia’s BitMessage address which is a cryptographically generated address of random digits and numbers and looks something like this – GxaWfasFdaXFgglkaskjfdaXds.
I enter this address in the “to:” field of my send tab to send her the message, once I click send my public key is added to the message and it’s signed with my private key hence verifying that the message really is from me.
Then, the message is further encrypted with Olivia (the receiver’s) public key making sure only that person can read it.
Then, the computer initiates a “Proof of work” process; next the message is bundled up with the expiration time (which you can set) and the “Proof of Work”.
And only then is this message sent out to the public network; this network is made of “nodes” which basically mean users, each user is a part of the network (yes, you too) and has a copy of each message sent out to the public message pool.
Worry not, your messages are still secure, that’s because each user downloads all the messages on the message pool, but is only able to decrypt those messages which are signed using his/her public key!
So all the other messages which he/she can’t decrypt clearly aren’t intended for him/her.
So basically, what you do is type your message, send it. Done! The other user (receiver) receives the message and reads it. While all of the above-mentioned process happens automatically in the background.
Does Bitmessage support TOR?
Well as you might already know, Tor is the hallmark of anonymity and privacy especially on the Deep/Dark web. Hence for anything marketing itself as an anonymity toolkit such as BitMessage, Tor support is obviously expected, isn’t it?
Fortunately, BitMessage does support Tor. And not just in one but two ways. For starters, it can be set to use Tor as a proxy for its connections.
If you simply wish BitMessage to use Tor, all you need to do is click on settings > network settings.
For the details, enter/select the following:
- Type: SOCKS5
- Server hostname: localhost
- Port: 9050.
You can also route the traffic via TOR it if you’ve downloaded the TOR browser bundle. Follow the exact same steps mentioned above, simply change the Port to 9150.
After making the changes (either one of them) simply restart the BitMessage client to make the changes effective.
Why it’s Better than E-mail or PGP?
At the very beginning of this article, I said it’s better than the standard communication protocols or methods available, let me back my talk up.
First of all, the message is encrypted “end to end”, from the sender to the receiver and it’s not visible to the network; which is true for PGP but not the case with E-mails.
Also, the “metadata” meaning who sent the message, date and time and other such data is not hidden with PGP or E-mail but it is with BitMessage.
Let’s say you’re not a tech-geek, and just a common citizen on planet Earth trying to keep his privacy.
With E-mail, the U.S govt. (and most other govts.) have the power to subpoena the metadata.
So, basically, even if your E-mail provider is a very decent guy, they wouldn’t violate a subpoena just to save you, an average user, right?
On the other hand, with Bitmessage, this power is taken away from the govt.
Bitmessage is decentralized. No one “owns” or controls Bitmessage. So, who does the govt. serve the subpoena to? Exactly, no one.
Then, if I compare its benefits to PGP, PGP even though is anonymous, at times can be its own greatest enemy.
With PGP, messages are singular, exclusive and aren’t mixed with messages from other people as Bitmessages are.
And, PGP-signatures, when signed with private keys, can be used to prove that a certain message belongs to a certain person. Given that, the key has already been established beyond doubt to belong to the individual.
This is another problem you don’t have with Bitmessage.
Bitmessage still isn’t fully developed yet, hence, I’d recommend not switching to it just yet. But, it sure stands a worthy competition to E-mail and PGP.
Is BitMessage 100% Secure?
We’ve been singing praise-songs for BitMessage for quite some time now. But let’s address the Elephant in the room, is it 100% secure? Well, nothing is. And in the case of BitMessage it has been well-proven.
BitMessage v0.6.2 was recently the target of a Remote Code Execution vulnerability. How deep did the penetration go? Even though officially only “some users” were effected, the list also included BitMessage developer Peter Šurda’s BitMessage address.
This only leads us to question, if one of the lead developer could be compromised, it’s not as iron-clad as it initially seemed. Although the team promptly released 0.6.3.2 which is the most recent release from BitMessage so far.
In case you do not wish to upgrade, they’ve confirmed that older versions (0.6.1) are unaffected and users could totally downgrade their versions.
They also posted a Reddit thread back in 2014 (nearly 6 years ago) looking for an independent security researcher. That thread is still not updated but the audit is probably still incomplete as the need for an audit is still posted on their homepage.
So while BitMessage is generally considered pretty secure, and even used by Darknet Markets such as DarkMarket for notifications and messages I’d say do be cautious while using it. I
Also because, even though it’s 100% open-source this only means that the code is backdoor-free. Or that it really does what it claims to without any strings attached. But that doesn’t mean there can’t be vulnerabilities and loopholes in the code itself. So even though from the company’s side, third-party attackers and hackers may still manipulate open-source code in various ways.
It’s safe, just not impervious to attacks and breaches.
Is Using BitMessage Illegal?
A very standard, commonly occurring question.
Especially, considering how BitMessage seems to be used not just by DNMs, but also individual vendors and darknet shop owners.
So, is using BitMessage illegal?
Not at all.
The app “can be” and “is” used for quite a few illegal purposes. Yes.
But, that doesn’t make you an accomplice.
And that surely doesn’t make the entire app/service illegal.
What someone else does with an app, is their sole responsibility.
Even Gmail or Facebook are used for illegal activities. But, Gmail or Facebook themselves aren’t illegal now, are they?
Bottomline, using BitMessage isn’t illegal.
But, regardless, BitMessage is end-to-end encrypted. So, whatever content you share or participate in, remains pretty private and anonymous to begin with.
Final Words on BitMessage
So that’s a wrap folks, I believe I’ve made clear what the program is; and how to use BitMessage.
Note that it also features a “blacklist” where you can simply add an address to stop them from being able to message you.
That about covers the program; it’s lightweight, simple, easy to use and pretty secure, do let me know what you think of Bit message and your opinion about the program in the comments.