Social networking the FOSS way
The Email Upgrade
Forget email: Bitmessage harnesses the power of public key cryptography to create a decentralized, trustless P2P communications protocol. Messages are virtually impossible to spoof or tap.
Users of the pseudonymous cryptocurrency Bitcoin will know that its strength lies in a blockchain – a decentralized ledger of transactions shared across thousands of computers. Since transactions are confirmed several times, it is highly unfeasible for anyone to forge an entry in the blockchain to give themselves a digital wagonload of Bitcoins. Nor is it very easy to steal coins from another user's digital wallet without their digital private key [1].
Like Bitcoin, Bitmessage uses a decentralized peer-to-peer (P2P) protocol. Instead of using a blockchain to record transactions, however, Bitmessage uses complex mathematics to validate and encrypt messages. In simplest terms Bitmessage works as a vast e-mail server, albeit one that is not controlled from any one central point [2].
Developer Jonathan Warren's official whitepaper on Bitmessage [3] goes into considerable detail on how this is achieved. As an average Linux user, it's sufficient to know that each user is assigned a virtual "address" (e.g., BM-2cSpVFB6cDxLLGUeLRy3pZTwYsujmpRzP7) that can be used to send and receive messages. Bitmessage users can have one or a number of these addresses (Figure 1).
As with Bitcoin, which works on the basis of "wallet addresses" to receive money, you only need to provide one of your Bitmessage addresses to a fellow user to communicate. This address is in fact a hash of a public key, and as such, it's much harder for a scammer to assume your identity by sending an email supposedly from your address.
Messages are transferred over a P2P network through users running the Bitmessage client PyBitmessage. The client's name is often shortened to just Bitmessage but is mentioned here to distinguish it from the Bitmessage protocol itself.
To prevent the network from being overrun by selfish users and spammers, a proof-of work must be completed for each message proportionate to its size. Just as Bitcoin users have access to all transactions, all Bitmessage users have access to all messages through their clients. However, they can only decrypt messages that have been sent to their own address.
Installing PyBitmessage
If terms like "partial hash collision" and "decentralized" fail to excite you, rest assured an in-depth knowledge of the protocol is not required to download and make use of Bitmessage's client.
Linux users can easily clone the Pybitmessage source code and run it in Python by following the instructions on the Bitmessage wiki [4]. You most likely will have the necessary prerequisites installed already on your system, such as python
and openssl
.
Once the software is downloaded, simply run the Python script with:
~/PyBitmessage/src/bitmessagemain.py
A pop-up appears explaining that PyBitmessage won't connect to anyone until you allow it. If you're happy to go ahead, click OK to continue. If you connect via a proxy or Tor, check Let me configure special network settings first before proceeding. (See the "Bitmessage+Tor" section for specific steps for connecting via Tor).
On the first run, PyBitmessage will generate a keys.dat
file. By default, this is stored in your ~/.config/PyBitmessage
directory. Make sure to keep backups of this file or use deterministic addresses (Figure 2).
The Bitmessage Identity
Click the New Identity button at the bottom left of the PyBitmessage window to open the wizard to generate new addresses. These can be used both to send and receive messages. The key to Bitmessage's security lies here.
Users of Bitcoin will be familiar with the concept of generating new wallet addresses after each transaction to make payments harder to trace. The concept is similar to Bitmessage addresses. Creating and abandoning addresses is encouraged because it makes it much more difficult for an adversary to read your communications if they don't know from where they originate.
The only downside to this is that you will need a secure way to exchange your new Bitmessage address with all your contacts each time you generate them. This isn't very burdensome when you consider that you can make as many addresses as you like.
You can generate addresses either by generating random numbers or by using a passphrase. Take the time to read through this window (Figure 2) carefully about the pros and cons of such an approach. The advantage of using deterministic addresses (i.e., those protected by a passphrase) is that if anything happens to your machine, you can recreate your addresses and retrieve all messages. This is done by going to File | Regenerate deterministic addresses.
If you do decide to use a deterministic address, make sure to choose a strong passphrase. For extra security, use a string of random words generated by Diceware [5]. Store these safely on paper or in your password manager.
If this sounds like too much trouble, have the system generate an address automatically for you using random numbers. Make sure to keep your keys.dat
file safe because, if it's lost or copied, your messages will be compromised.
Click OK when done to generate your addresses. By default, you will be assigned eight addresses, but you can change this as you see fit.
Ideally, have a friend go through the process separately on their machine at the same time as you, so you can send your first message.
Your First Bitmessage
The main PyBitmessage window will now appear with a number of addresses in the left-hand pane. The All accounts section aggregates all messages sent and received to all addresses. Below will be the unused addresses you generated earlier.
If you generated deterministic addresses, each will be listed as an unused deterministic address. If you generated random addresses, the Bitmessage address will display. Double-click on the name of one of these to give it a more human-readable name, such as Jane – Work. Click to highlight your name, and press Ctrl+C to copy your Bitmessage address to the clipboard.
If you want to set an avatar for your address, right-click on your name and choose Set avatar. From this menu, you can also disable an address, as well as set up an email gateway (see the "Email Integration" section).
Exchange your new Bitmessage address with your contacts and then click on the Send tab. Click Add Contact at the bottom left to add your friends. The Label field is used to provide a human-readable name (e.g., Joe), and the Address field holds the Bitmessage address.
Once your friend's address appears in the left-hand pane, right-click it for further options. You can set an avatar here if you want or stick with the one generated by PyBitmessage. Choose Send message to this address to prepare your first message. If you are setting this up alone, do this with the Bitmessage new releases address, although you shouldn't expect a reply anytime soon.
Now, move to the Send ordinary Message tab in the right-hand pane (see the "A Time to Live" box). Your recipient's Bitmessage address will appear in the From field. In the To field, select the address you set up previously – this will be easy to identify because it will have a friendly name and possibly an avatar.
A Time to Live
Sharp-eyed readers may have noticed the TTL slider at the bottom of the Send pane. Time to Live (TTL) is the length of time that the Bitmessage network will retain your message. By default, that period is 102 hours. You can adjust this if you like, but the longer you want the network to hold the message, the more work your computer has to do. Once a message has been confirmed as delivered, your computer won't have to do anything further; it will be saved onto your device.
The remaining Subject and body fields are self explanatory. Click Send to queue your message for delivery.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.