Bitmessage TRULY UNSECURE

BM-2cXHKd2P4anPSEVkMg47RDX1TDXXWaiWX2
Dec 17 17:57 [raw]

I am sorry to communicate to all users: bitmessage is truly unsecure because exposes all known nodes ipaddresses, keys and contents. setting up a node just collect enough infos to know everyone, everywhere,everycontent.

[chan] general
Dec 17 18:02 [raw]

so now we know it.

[chan3] general
Dec 17 18:04 [raw]

Exposure of node IPs is prettymuch required for any type of decentral networking, because you can't connect if you don't know anyone. moot point. The public key messages are still encrypted, it doesn't give you anything useful if you didn't already know the address that it means. Content is also encrypted, and can only be decrypted if you have the respective address. If youd' call the content on a PUBLIC channel insecure, you're severely confused about what "public" means. Sooooo, try again with any actual info?

[chan] general
Dec 17 18:19 [raw]

if i know your ip i can come to your house. i can browse your keys.dat, and i can browse your messages.dat (sqllite format) where your messages are stored NOT encrypted.... example from my messages.dat file.... BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8rRe: fuck me I have 80 connections1513422087The recent loss of net neutrality will take care of that, they'll throttle BM for you.

[chan] general
Dec 17 18:27 [raw]

Many users now use Bitmessage via Tor, and only allow incomming connections via Tor, which makes the "I have yo IPs" extremely useless. But IF you could find some actual node IP, you could come to my house, if you had any means to get from IP to physical address, which you don't. Even if you did, you have no means to actually enter my house. Even if you had those, my harddrive is encrypted, so the file IS secured. And what's quoting a public message from a public channel supposed to show? That you can use an sqlite dumping tool? It doesn't link to the node that posted it. In fact, it doesn't tell you shit.

[chan] general
Dec 17 18:28 [raw]

If you come to my house you'll get a 12 gauge shotgun up your asshole!

[chan] general
Dec 17 18:31 [raw]

What this guy said

[chan] general
Dec 17 18:40 [raw]

I am sorry to communicate that govern agents were able to knock on doors of several Tor users, i will not say when and where to protect my unprotected identity! I am sorry to communicate IP to physical address is extremely easy task in most part of the globe. Govern agents enter house with just a simple authorization. and last I am sorry to communicate that sha256 will be publicly violated soon....so pls dont collect too many coins....

[chan] general
Dec 17 18:46 [raw]

what is truly unsecure about it?

[chan] general
Dec 17 18:49 [raw]

Repeat after me: "Decentral networks are impossible without knowing IP addresses." If that's a problem to you, why are you still here? What you're describing is that goverment thundercunts can just fuck you over if they want to anyway. It doesn't matter one fucking bit if you're using anything like Bitmessage. If they want to end you, they will. If that WERE as big a problem, why are any Bitmessage users still here? Or Freenet? Or anyone who uses the DHT for BitTorrent? Or anyone using IPFS? Or anyone using ANY OTHER DECENTRAL NETWORK that could contain content the feds don't want? Even if it only makes the life of goverment shit slightly harder, it still protects against the malice of any bitch-ass company or pathetic script kiddy, which is already a huge improvement over not using it. What is your point? Do you even have one?

[chan] general
Dec 17 19:01 [raw]

your ip address is how you connect to the internet, dimwit. without it you can't use the internet. if you're worried about your ip, set up the tor proxy settings in your bitmessage client. don't be stupid.

[chan] general
Dec 17 19:05 [raw]

you can also get my boot up your ass and my fist squishing into your cock sucker.

[chan] general
Dec 17 19:45 [raw]

you are right but my main concern is about keys.dat and messages.dat. any file belonging to a "secure" application MUST be encrypted by a key stored OUTSIDE the system.

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Dec 17 19:49 [raw]

There is some contributed code for encrypting keys.dat but I'm not happy about it as it encrypts the whole file and then you can't edit it anymore, there should be other options. messages.dat can be encrypted using sqlcipher but someone needs to code it and it has to be tested on all the platforms. Peter Surda Bitmessage core developer

[chan] general
Dec 17 19:54 [raw]

based on what paranoid delusion do you say this? the keys and messages are on your computer. they are not on the network and they are not accessible to the network. if someone has access to your keys.dat you have bigger problems than bitmessage. please start making sense or just buzz off. you are trying to scare newbies with your FUD.

[chan] general
Dec 17 20:00 [raw]

Isn't that what trolls are doing?

[chan3] general
Dec 17 20:01 [raw]

Option is, under Linux, to use ~/Private as encrypted storage for key.dat. Or to use full disk encryption. Both cases do have data secured "at rest", runtime can be readable. This could be no different than using encryption in the DB, since this is required by the application as readble. I would be more concerned about possible remote code execution inside bitmessage to get this information...

[chan] general
Dec 17 20:09 [raw]

Thank you Peter for your right words (finally). If i can humbly suggest a possible solution: EVERYTIME you start bitmessage user must enter a long and strong passphrase, not as a password to validate a login, but as a passphrase the application uses to encrypt and decrypt ".dat files". If you type a wrong passphrase you get access but you will see only "messed up" contents. Before closing the application code will just blank memory cells that contain the passphrase. ANYWHERE in ANY code that claims itself secure should be a comparison (if this = that then ok else no). Security is incompatible with easy of use. So no more direct editing of ".dat" files, no more application "autostart". Regards

[chan] general
Dec 17 20:14 [raw]

the whole world waited for your truely moronic suggestion: EVERYTIME you start bitmessage user must enter a long and strong passphrase and while we at it - why not do it 5 times in a row ? idiot.

[chan] general
Dec 17 20:23 [raw]

yes i sounded totally moronic but surely your answer add nothing intelligent to this discussion.

[chan] general
Dec 17 20:37 [raw]

> Security is incompatible with easy of use. So no more direct editing of ".dat" files, no more application "autostart". Oh brother. You're talking about security by obscurity. And not by obscurity to the attacker, but obscurity from the very end user, to whom nothing should ever be obscure! If an attacker has access to your keys.dat he probably already owns a couple listening sockets on your system, probably has already installed a key logger and rootkit, so all this worry about encrypting the file is moot. Ease of use and easy comprehension of what's under the hood is security. Why reinvent the wheel? Move on from all this stuff about encrypting the keys file (fuck, 3+ years jabbering about it). Implement a streams protocol so the application will scale to millions of users, then market the fuck out of it. Make sure you have your patreon, paypal, and altcoin donation buttons, run a kickstarter, write to inquire about some foundation and university grants, and keep moving. I'm worn out reading this same stuff over and over, guys. If you want to help Peter, submit a scaling streams implementation and a marketing plan. I don't have time right now or I would. And I do now how to scale this to millions of users, but it would require a drastic change in the addressing scheme and connection logic to do it my way so I'll not go there. Peter's idea of a bloom filter is right, but I'm thinking of a bloom filter in reverse; your address is a key that modifies the global bloom filters, matched to object inventories and node pools so you can zero right in on 100 or so nodes that should have your messages. If you're worried about code injection, simply separate all the application logic so that only API calls can use the data files, and you can socket your API credentials however you want, through whatever network, tunnel, wire, or cable you want, for maximum security. But obfuscating and making the parts under the hood more obscure to the end user is not security. By analogy Tor does not encrypt your hidden services keys and addresses. By default it's in the clear. If someone has a side channel into that data, it's usually not through the application; it's through a bigger security breach and that bigger breach is the real problem, ya know rootkits, loggers, memory dumps, hardware back doors, wide open firewalls, lots of running services, operating system back doors, etc.

[chan] general
Dec 17 20:39 [raw]

> long and strong hmmm

[chan] general
Dec 18 07:14 [raw]

Why the suggestion to use an encrypted partition or FDE is a bad idea: An encrypted partition can be rubberhose attacked with a court order, for example, to search for CP or terrorist materials. Decrypt or go to jail. An encrypted keys.dat file is small enough to be physically unable to contain prohibited materials (pictures or videos), so there's no probable cause for a court order. It may even pass unnoticed if the attacker is not targetting Bitmessage specifically. Hope this helps. Stay safe out there.

[chan] general
Dec 18 12:13 [raw]

Here is a good news for those interested. There is a way you can earn money without stress contact (Sarkpaya Gokhan) for a blank [ATM CARD]today and be among the lucky ones who are benefiting from this cards. This PROGRAMMED blank ATM card is capable of hacking into any ATM machine,anywhere in the world. I got my already programmed and blanked ATM card to withdraw the maximum of $5,000 daily for a maximum of 30 days via {globalhacktech at gmaildotcom.. I am so happy about this because i got mine last week and I have used it to get $240,000.00 Sarkpaya Gokhan Hackers is giving out the card just to help the poor and needy and he ALSO OFFER FINANCIAL ASSISTANCE. get yours from Sarkpaya Gokhan Hackers today. Kindly contact them by Email.. These opportunity comes once.. Life wouldn't give you what you want unless you fight for it. If you have a slightest doubt, contact me at globalhacktech at gmaildotcom

[chan] general
Dec 18 12:19 [raw]

There is 100% chance that this is a scam.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
Free XMPP Server Apr 20 10:19 6
Acronyms for NT ??? Apr 20 08:18 7
Where is bleep from bittorrent? Apr 20 08:18 2
In need of muliplatform commandline file encryption tool Apr 20 07:47 10
Ending White Slavery Apr 20 06:02 1
▌│█║▌║▌║ Chaos Management: So You Wanna be a Nazi ║▌║▌║█│▌ Apr 20 05:41 1
ephue Apr 20 05:08 2
Satellites Are Fake - Just Another NASA Hoax Apr 20 01:46 10
i am bored Apr 19 23:36 5
Attn: Beneficiary Apr 19 22:31 2
572B87DF7CD971256320B748254D0A51 Apr 19 19:37 1
The Polish Air Force aircraft TU-154M with the President of Poland Lech Kaczyński was destroyed in the air as a result of several explosions. Apr 19 16:40 2
(no subject) Apr 19 16:37 10
why did NASA erase the original moon landing tapes? Apr 19 14:19 2
The old believe everything, the middle-aged suspect everything, the young know everything. - Oscar Wilde Apr 19 14:11 2
Satellites Do Not Exist As Described Apr 19 13:35 2
[chan] 411: DARKNET DIRECTORY ASSISTANCE Apr 19 03:25 1
Why white males should use bitmessage and encourage their token negro friends to use it too Apr 19 03:19 1
i breast feed my son Apr 18 23:21 3
GNG is not GNU. Apr 18 23:21 1
ETERNITY EXPLAINED Apr 18 23:21 1
Earth girls are easy Apr 18 23:17 1
Programming Mother Fucker Apr 18 23:17 2
Nikola Tesla, inventor of radio, microwave, was a Flat Earther Apr 18 23:12 1
Interview w/ Former NASA Employee Turned Flat Earther Apr 18 23:12 1
NASA AND FACEBOOK TRICKED YOU - Must Watch!!! Apr 18 23:12 1
Eric Dubay: Dinosaurs Never Existed! Apr 18 23:12 1
This video blocked in 51 countries. Apr 18 23:09 1
Hypocrisy alarm... Richard Stallman charging money for (restricting) speech: Apr 18 23:07 1
Space may be liquid🌅 Apr 18 23:07 1
Gravity is a mystical force invented by Freemasons. Apr 18 23:05 1
How to Receive the Gift of the Holy Spirit. Apr 18 23:05 1
Internet privacy, funded by spooks: A brief history of the BBG Apr 18 23:03 1
IVANKA TRUMP IS A MAN EASY SEEN AND BRITISH ISRAEL LOVES IT Apr 18 23:03 1
Satanic Pedophilia Network Exposed in Australia — It Starts at the TOP, Just Like in the USA and UK Apr 18 23:03 1
Easter Under Attack in Muslim countries Apr 18 23:00 1
Hair In Space : The NASA Illusion Apr 18 22:56 1
Julian Assange and Pedophile Baby Farms Apr 18 22:56 1
WHY ARE THERE SO MANY DIFFERENT CHURCHES? Apr 18 22:56 1
PROOF GPS Satellites Do Not Exist Apr 18 22:55 1
90% of Linux users are hypocrites Apr 18 22:54 1
Flat Earth - Bible Truth in an Unstable World Apr 18 22:49 1
Why is Australia upside down? And which way is downside up? Apr 18 22:49 1
Child Sex Tourism Apr 18 22:47 1
Whorlando Homocaust Apr 18 22:45 1
ILLUMINATI Melania Trump is a tranny man - Duration: 4:03. Michelle X 3,717 views. 4:03. Lucille Ball. Man. Hellywood SRA Satanic Tranny Cult. Apr 18 22:45 1
the lunar landings were a psyop hoax Apr 18 22:42 1
Conversation with satan Apr 18 22:41 1
The Moon Is ONLY 70 Miles Wide! Apr 18 22:40 1
Report Pedophiles to Authorities Apr 18 22:39 2
ISIS murders more Egyptian Christians Apr 18 22:38 1
Can Old Covenant Worship Laws Become New Covenant Spiritual “Shadows”? Apr 18 22:38 1
> some DoD intern Apr 18 22:37 1
White males don't understand. Apr 18 22:35 1
Consider this problem. Apr 18 22:35 1
A satellite engineer explains the truth about satellite operations Apr 18 22:32 1
Flat Earth Codes Apr 18 22:32 1
European elites hate Jesus Christ and Christians, kiss Mohammed's ass Apr 18 22:30 1
meteors are stars Apr 18 22:29 1
This pilot admits to know the earth is FLAT Apr 18 22:29 1
John McAfee "Bitcoin to $500K" Apr 18 22:29 1
Dunderheads in an imaginary mathematical universe Apr 18 22:29 1
Steve Jobs was female Apr 18 22:28 1
FLAT EARTH, why is there even a debate? ✞ Apr 18 22:23 2
Programming, Motherfucker. Do you speak it? Apr 18 22:23 2
Restrict Information (FREE, FREE, FREE) Apr 18 22:18 1
Hoax, hoax, hoax, Re: Satellites Are Fake - Just Another NASA Hoax Apr 18 20:41 1
Miley Cyrus and Christina Aguilera are Men! (proof) Apr 18 20:09 1
BIGGER THAN FLAT EARTH - SHOCKING VIDEO, UNCOVERING THE DECEPTION OF THE WORLD Apr 18 19:28 1
Antarctica - Sorry We're Closed! Our Hidden Flat Earth Apr 18 19:20 1
Buzzfeed is drinking the flat earth antidote Apr 18 19:18 1
Before there was Flat Earth Man.... Apr 18 19:18 1
Do you still believe we went to the moon? - Flat Earth Man Apr 18 18:51 1
Welcome to the Satellite Hoax - Flat Earth Man Apr 18 18:44 1
UK Column News - 18th April 2018 Apr 18 16:22 2
Collaborative blog Apr 18 11:45 2
Something About the Space X Launch Nobody's Talking About Apr 18 11:45 1
This program saved me thousands of $ Apr 18 11:02 5
Buying computer equipment in Germany/EU with crypto Apr 18 10:21 2
Religious mania Apr 18 06:59 6
how to get movies Apr 18 06:56 17
NUKED Apr 18 03:21 21
JESUIT CONTROLLED PUTIN EXPOSED Apr 17 22:24 1
The Largest Cult in the world: GNU/GPL Apr 17 22:13 1
In surveying advertised secure communication protocols I've come to the conclusion that despite its warts Bitmessage is the only viable option. Apr 17 22:00 1
This is EXACTLY how NASA fakes everything Apr 17 21:55 2
The Homosexual Perversion: A Jewish Criminal Simhke for the Postmodern Corporate Conformist Apr 17 21:55 1
Sandy Hook Victims a Ritual Sacrifice Cover Up? Apr 17 21:42 1
DONT POST ON CHAN W/ YOUR BM ADDRESS Apr 17 21:36 2
Great Lakes Prove Flat Earth Apr 17 21:16 1
fuck you, you whiny pussy Apr 17 20:46 1
Child Abduction Rapid Deployment (CARD) Teams Apr 17 20:36 1
you are an obedient baby fagmason. Apr 17 20:33 1
Fake Moon Landing | As Seen On TV | Movies & Television Apr 17 20:16 1
UK Column News - 17th April 2018 Apr 17 16:05 2
034998B26E902814ECBC76AAE27431CD Apr 17 15:16 1
Get bitcoin while browsing web. Apr 17 13:00 4
A33CE5B06E3049BA2A2F66FDC0B9F866 Apr 17 11:39 1
"There Wasn't A Single Corpse": Russia Claims 'White Helmets' Staged Syria Chemical Attack Apr 17 07:22 5
Lets look at the name more closely in columns of 4 Apr 17 02:48 3