Social networking the FOSS way

Bitmessage + Tor

As impressed as you might be with the ability to send messages easily and securely, network monitoring can still show that you are connected to Bitmessage's P2P network. Although it wouldn't be possible to know the exact content of messages you send, traffic correlation could be used to identify you as the sender of a message. Your location is also glaringly obvious.

If you have already downloaded and installed Tor, make sure it's running and then head to Settings and click the Network Settings tab. Choose SOCKS5 from the Type drop-down menu. Leave Server hostname and Port at their default values (localhost and 9050).

Press OK and restart Bitmessage to connect via Tor. This will naturally take longer, but it will also make your Bitmessages as untraceable as when sending email via the Tor network. For the ultra-paranoid, Bitmessage can accept connections as a hidden Tor (.onion) service. Specific instructions are available on the Bitmessage website [8].

Email Integration

Bitmessage is posited as a secure alternative to email. Speaking from experience, however, it's often difficult for privacy-minded individuals to bring others around to their point of view. As such, you have two ways to interface email with Bitmessage.

The first is easiest, but it does require some small expense. Right-click on any of your addresses in the Messages tab and select Email gateway. In the pop-up window, you will see the first option to register an email address. This is currently offered by the good people at Mailchuck. Enter your desired email address and click OK.

Bitmessage will send an Email gateway registration request to link your Bitmessage address with the email address you just created. With luck, you will receive a message to your Bitmessage Inbox stating that your registration request has been accepted. Make a note of the address to unregister the account.

Mailchuck also provides a relay address, explaining that you need to send email to that address, placing your recipient's email address in the subject line. Fortunately more recent versions of PyBitmessage do away with this. To send a message to an email address, simply head over to the Send tab. The From address is simply the Bitmessage address you registered with Mailchuck. Enter your recipient's email address in the To tab.

Although you are able to receive email free of charge, Mailchuck requires a small subscription fee of around one dollar a month, payable in Bitcoin, to send a message (Figure 5).

Figure 5: The first time you attempt to send a message, you will receive a Bitcoin payment address. Shortly after paying your dollar for one month, you'll be able to send messages.

For those on a budget or who don't know how to get their hands on Bitcoins, the online Bitmessage Mail Gateway [9] offers a free webmail service for Bitmessage users. It allows you to create a human-friendly alias for your Bitmessage address and integrate with popular mail clients like Mozilla Thunderbird. More details are available on the site's FAQ.

Bitmessage Bummers

The moment any communications leave the Bitmessage network they are decrypted. This means sending email via the Mailchuck Gateway or receiving them via the Bitmessage Mail Gateway is no more or less secure than regular email. Try to encourage your contacts to join Bitmessage as well if you all want to communicate securely.

In terms of the PyBitmessage application itself, anyone in possession of the passphrase for your deterministic address or the contents of your keys.dat file can read your messages and impersonate you. Try to install the program to an encrypted volume. You can further increase PyBitmessage's security by heading to Settings, clicking User Interface, and ticking the Run in Portable Mode checkbox.

Portable mode ensures that messages and any configuration files are stored in the same directory where PyBitmessage is running. By default, this is the PyBitmessage folder in your home folder. Once portable mode has been enabled, you can then copy the entire folder to a separate device, such as a USB stick or an encrypted partition, and run it from there if you like.

Given how anyone running the PyBitmessage program can impersonate you and read your messages, one useful feature would be to protect the program and data files with a password. The developers have clearly focused on making sure that PyBitmessage is as functional as possible. As such, it may seem drab against more colorful messaging clients with downloadable skins. Head over to the Bitmessage Feature Request List if you have any suggestions [10].

Android users might want to install Christian Basler's Abit [11]. The app can recreate deterministic addresses from a passphrase or read the content of the keys.dat, but it must be set in Full node mode to work properly. The demands on data and system resources are quite extreme for a mobile phone, so do not expect this to run as well as on your computer.

Bitmessage is not and to some extent cannot be moderated. This means you may see links to harmful or even illegal content. Messages by default are shown in rich text, so links to other websites will work, but you will see a warning message. Other types of HTML, such as images, will only be shown if you click to enable it specifically.

Take time to work through Bitmessage and its features to see if it's right for you. If you run into any difficulties, in the first instance, read through the website's FAQ [12].

The Author

Nate Drake is a freelance journalist specializing in cybersecurity and retro tech.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Welcome

    As I have mentioned in the past, I continue to find it amazing that the high-tech world can go through the ritual of condemning privacy violations and NSA-style government spying, and at the same time celebrate life in the consumer-cloud paradise, where all data resides on a server controlled by a corporation and privacy is mined continuously as part of the basic business model.

  • Evolution Email

    We show you how to manage your email more efficiently with the lightweight Evolution email client.

  • Enigmail

    Combining the Enigmail add-on and the GnuPG encryption software gives Thunderbird users a powerful tool for encrypting and signing email.

  • Email Suites

    We examine the strengths and weaknesses of four popular mail clients: KMail, Evolution, Thunderbird, and Claws Mail.

  • Encrypting Email

    The leading email applications include new features for helping users secure and authenticate their mail messages, but each tool has a different approach to handling tasks such as signing and encryption. This article describes how to add encryption and digital signatures to the Thunderbird, Kmail, and Evolution mail clients.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95