On 5/28/2015 7:34 PM, Jonathan Wilkes wrote:
On 05/26/2015 09:13 PM, Mike Ingle wrote:
I tried out Bitmessage and it did not seem to deliver without the
sender and recipient online. It's supposed to, it just didn't.
Waiting for key exchange.
Any response from the devs/forum when you reported the bug?
I would have had to do a lot more troubleshooting before I went and
complained about a bug. I was just testing it out between a couple of
VMs to understand how it works and feels, because I am working with
secure mail protocols and want to understand the existing ones. It
worked fine with both of them up simultaneously.
It's also a bandwidth pig due to its broadcast nature.
For those unfamiliar with Bitmessage, it is designed so that everyone
receives everything.
Within a two-day buffer, at least according to the white paper.
Why does it broadcast in this manner? Imagine that you wish to read
blog entries
of your 10 favorite bloggers, but you're afraid because 2 of the
bloggers may be
considered dangerous by your favorite state-sponsored spy agency.
Let's suppose you can choose one of the following methods to read
these blogs:
a) read the blogs as web pages, accessing them through Tor
b) read the blogs by subscribing to Bitmessage mailing lists
If you choose Tor and the spy agency has a _full_ view of the network
traffic, then they
can violate your reading privacy. They could-- for example-- record
you as a reader
of the 2 "dangerous" blogs, distinct from users who, say, only read
the 8 "harmless"
blogs.
This is pretty similar to receiving a Usenet feed in the old days, and
downloading all the messages so as to receive a few encrypted ones. That
makes for the best recipient privacy, at the cost of bandwidth. From
what I can tell, Bitmessage basically automates that process. If it
moved beyond the Darknet Markets crowd, success would kill it or at
least require compromising the broadcast-everything rule.
The project I'm working on is intended for large file distribution, and
to look-and-feel like email without the limits. It uses TLS, GPG, and
optionally Tor to provide strong privacy and pretty good anonymity. I
just think we need to get away from SMTP for secure communication.
Bitmessage is one extreme (broadcast everything), CM is on the other
(server based with no size limits) and SMTP has none of the advantages
of either. It is server based, has size limits, and exposes metadata.
If you choose to read from Bitmessage mailing list posts and the spy
agency has
a _full_ view of the network traffic, they cannot violate your reading
privacy wrt the
2 "dangerous" blogs. They can link you to "suspicious activity" due to
using
Bitmessage. But through traffic analysis alone they cannot separate
your reading habits
from people who use Bitmessage to only read the 8 "harmless" blogs. To
them it
just looks like everyone is downloading the same data. And because
reading a Bitmessage
mailing list doesn't require _any_ special request back to the
network, there's no way to tell
from traffic analysis which lists someone happens to be reading.
Bitmessage certainly has its share of issues, but I'm unaware of any
other extant piece of
software that has a feature like that.
-Jonathan
What about Bitmessage?
-Jonathan
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk