Social networking the FOSS way
Bitmessage + Tor
As impressed as you might be with the ability to send messages easily and securely, network monitoring can still show that you are connected to Bitmessage's P2P network. Although it wouldn't be possible to know the exact content of messages you send, traffic correlation could be used to identify you as the sender of a message. Your location is also glaringly obvious.
If you have already downloaded and installed Tor, make sure it's running and then head to Settings and click the Network Settings tab. Choose SOCKS5 from the Type drop-down menu. Leave Server hostname and Port at their default values (localhost and 9050).
Press OK and restart Bitmessage to connect via Tor. This will naturally take longer, but it will also make your Bitmessages as untraceable as when sending email via the Tor network. For the ultra-paranoid, Bitmessage can accept connections as a hidden Tor (.onion
) service. Specific instructions are available on the Bitmessage website [8].
Email Integration
Bitmessage is posited as a secure alternative to email. Speaking from experience, however, it's often difficult for privacy-minded individuals to bring others around to their point of view. As such, you have two ways to interface email with Bitmessage.
The first is easiest, but it does require some small expense. Right-click on any of your addresses in the Messages tab and select Email gateway. In the pop-up window, you will see the first option to register an email address. This is currently offered by the good people at Mailchuck. Enter your desired email address and click OK.
Bitmessage will send an Email gateway registration request to link your Bitmessage address with the email address you just created. With luck, you will receive a message to your Bitmessage Inbox stating that your registration request has been accepted. Make a note of the address to unregister the account.
Mailchuck also provides a relay address, explaining that you need to send email to that address, placing your recipient's email address in the subject line. Fortunately more recent versions of PyBitmessage do away with this. To send a message to an email address, simply head over to the Send tab. The From address is simply the Bitmessage address you registered with Mailchuck. Enter your recipient's email address in the To tab.
Although you are able to receive email free of charge, Mailchuck requires a small subscription fee of around one dollar a month, payable in Bitcoin, to send a message (Figure 5).
For those on a budget or who don't know how to get their hands on Bitcoins, the online Bitmessage Mail Gateway [9] offers a free webmail service for Bitmessage users. It allows you to create a human-friendly alias for your Bitmessage address and integrate with popular mail clients like Mozilla Thunderbird. More details are available on the site's FAQ.
Bitmessage Bummers
The moment any communications leave the Bitmessage network they are decrypted. This means sending email via the Mailchuck Gateway or receiving them via the Bitmessage Mail Gateway is no more or less secure than regular email. Try to encourage your contacts to join Bitmessage as well if you all want to communicate securely.
In terms of the PyBitmessage application itself, anyone in possession of the passphrase for your deterministic address or the contents of your keys.dat
file can read your messages and impersonate you. Try to install the program to an encrypted volume. You can further increase PyBitmessage's security by heading to Settings, clicking User Interface, and ticking the Run in Portable Mode checkbox.
Portable mode ensures that messages and any configuration files are stored in the same directory where PyBitmessage is running. By default, this is the PyBitmessage
folder in your home folder. Once portable mode has been enabled, you can then copy the entire folder to a separate device, such as a USB stick or an encrypted partition, and run it from there if you like.
Given how anyone running the PyBitmessage program can impersonate you and read your messages, one useful feature would be to protect the program and data files with a password. The developers have clearly focused on making sure that PyBitmessage is as functional as possible. As such, it may seem drab against more colorful messaging clients with downloadable skins. Head over to the Bitmessage Feature Request List if you have any suggestions [10].
Android users might want to install Christian Basler's Abit [11]. The app can recreate deterministic addresses from a passphrase or read the content of the keys.dat
, but it must be set in Full node mode to work properly. The demands on data and system resources are quite extreme for a mobile phone, so do not expect this to run as well as on your computer.
Bitmessage is not and to some extent cannot be moderated. This means you may see links to harmful or even illegal content. Messages by default are shown in rich text, so links to other websites will work, but you will see a warning message. Other types of HTML, such as images, will only be shown if you click to enable it specifically.
Take time to work through Bitmessage and its features to see if it's right for you. If you run into any difficulties, in the first instance, read through the website's FAQ [12].
Infos
- How does Bitcoin work?: https://bitcoin.org/en/how-it-works
- Coindesk: http://www.coindesk.com/bitmessage-is-the-bitcoin-of-online-communication/
- Bitmessage: https://bitmessage.org/bitmessage.pdf
- Bitmessage compiling instructions: https://bitmessage.org/wiki/Compiling_instructions
- Diceware: http://world.std.com/~reinhold/diceware.html
- BeamStat: https://beamstat.com
- Bitmessage address directory: https://bitmessage.org/forum/index.php?topic=1689.0
- Bitmessage as hidden service on Tor: https://bitmessage.org/wiki/FAQ#How_do_I_setup_Bitmessage_to_work_with_Tor
- Bitmessage Mail Gateway: https://bitmessage.ch/faq.html
- Bitmessage Feature Request List: https://bitmessage.org/wiki/Feature_request_list
- Abit – Android Apps on Google Play: https://play.google.com/store/apps/details?id=ch.dissem.apps.abit&hl=en
- Bitmessage FAQ: https://bitmessage.org/wiki/FAQ
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs