Is this thing really secure?

Oct 27 19:56 [raw]

Would a good Samaritan do me the favor of explaining the security of Bitmessage? I want something secure for international business operations. Are there other options to consider?

Oct 28 15:13 [raw]

If you have real security requirements you probably should consult with a professional, and probably the least biased place to inquire about a technology is among is user base. My opinion, which only a fool would take unqualified, I am happy to give you. Security consists of the "CIA Triad" , Confidentiality, Integrity, and Availability. Briefly, Confidentiality is the ability to prevent disclosure of sensative information, integrity is the ability to prevent unauthorized modification, and availability is the ability to access a resource when needed. Bitmessage is a new unproven technology with exteremely questionable availablity. Its a peer to peer network, that requires each node to receive all messages. Bitmessage probably has scaling issues, and if your 'international business' is of sufficient merit, you might hedge your business against the risk of bitmessage either becoming too popular and thus unavailable due too many messages, or dying off due to a lack of clients to make up the network. Further, bitmessage is a relatively new technology, indeed still in beta, without a lot of resources behind its development, and the long term development, and security of the client are an open question. For instance, recently a remote-code execution vulnerability was fixed, will future vulernabilities be discovered and fixed? For how long? The developer is an individual not an organization with long term resources. Finally, the condifentiality is also up for question. Bitmessage is based upon standard and modern cryptography, and in principal is secure. However, in principal and reality are very different things when it comes to cryptography. Cryptography is hard, and the standard advice is "don't write your own crypto". The bitmessage code hasn't undergone audit, is a realtively new technology. There may be no problem, then again, there may be. Security is all about having a threat model, and understanding your risks, and taking a security posture. Deploying a new tool to 'be secure' sounds awesome, but is the wrong way to think about security. You should consider what assets you have, who you are protecting them against, and what options you have to ensure the CIA triad. You may wish to communicate privately with your business partners, and desire that this communication be available to some margin, and secure to some margin against an attacker with control over the local network (IE. at a coffee shop) but not account for the ability for governments to find and exploit vulernabilities in software, or influence service providers to include backdoors. Optionswise you might consider: Skype, Gmail, Whatsapp, and BitMessage, You might find, that in this threat model, all of these things have little to distinguish themselves, except that bitmessage has an open question of its availability. Alternatively, your threat model might include pervassive mass serveilance, in which case your tolerance for propetary software or service providers like whatsapp, gmail, might be thin. You could choose to use bitmessage while accepting the risk that its client might contain vulnerabilities, or its cryptography may be poorly implemented, or, you could use a propetary e-mail provider and mitigate serveilance risk with a technology like PGP. One techonology you might consider is PGP + standard e-mail. This is a veristile, well tested technology that has been deployed for decades, and advocated publicaly by Snowden in seeking to escape US government serveilance in 2013. It allows you to use standard e-mail, that generally has good availability, and has a relatively low cost - e-mail can be as affordable as free. Ultimately, there are many different threat models and technologies out there, and is hard to advise for 'international business'. Specially, when most peoples 'need for security' is more about a kind of spy role play - my own included. My own thinking is that most 'international business' needs little to no security margin beyond what is afforded by traditional e-mail (over secure SMTP/IMAP) if you are seeking to prevent competitors from accessing your communications. If you are seeking to prevent governments from accessing your communications through targeted methods, or that you might face an Advanced Persistant Threat (APT), you probably would be a fool to use PyBitMessage if any asset of substantial value (say your freedom) depended on it. At any rate, asking here for advice surronding your assets is a bad idea.

Oct 28 16:03 [raw]

At a veristile, well tested technology. Are many messages, or, dying off due to consider is that this is a new unproven technology. You are there are very different things have real security is you might hedge your international business is the ability security of the CIA triad. You might hedge your threat model, all about of resources. Its a propetary software or dying off due to inquire about security is a lot of The security international business is hard, and modern cryptography and bitmessage you have to escape US government serveilance, risk of bitmessage? Optionswise you have, real security requirements you have to access a threat model, and probably should consult with a new technology with a lot of spy role play my own crypto the security consists of clients to some margin against the developer is among PGP. Optionswise you might hedge your own opinion (which only a new unproven technology: with a remote code execution vulnerability was fixed)? At a lot relatively new technology, indeed still in beta, without a good Availability, and availability, and fixed? I am happy to sounds awesome (but is of the ability to no security is PGP). Bitmessage probably should consult with a propetary software or, you have, to inquire about security of sensative information, Integrity, and desire that has a security consists of clients to a relatively new resource when It comes to a kind of about a relatively new technology with a resource when needed; then again, there may be secure discovered and mitigate serveilance, in principal and mitigate if you.

Oct 29 12:57 [raw]

You can post seriously obscene child pornography images here, nobody is able to find out who or where you are, and nobody can prevent you posting them.

Oct 29 13:44 [raw]

I would say that would be incredibly reckless, not to mention immoral, considering that this technology is beta, and just had a remote code execution vulnerability patched. Governments have used vulnerbilities in clients like tor browser before to deanonymoze people before.

Oct 29 15:27 [raw]

but that's not part of my business model

Oct 29 18:59 [raw]

Nor do they have even remotely the same threat model. For example, people post child pornography to the bitcoin block chain, and while it does ensure integrity, and may not be easy to censor, and possibly anonymous, it doesn't protect the confidentiality of materials posted. Just because a group of people is using some tool or method doesn't make it a great choice for you, unless your threat model is similiar.

Nov 16 21:10 [raw]

illegal content dont prove security it could be provocation, aka part of the honeypot bitmessage is good at hiding the receiver of a message if the sender is already under surveillance his uploads can be identified via timing attacks by listening to CPU radiation from proof of work calculation see van eck phreaking would be nice to see a more silent POW variant maybe via tor-hidden http-to-bitmessage gateways with other means of flood limiting aka shifting the problem back to more centralization

Nov 17 08:00 [raw]

If you are really worried about the security of BM then you would be better off not using it.

Nov 17 08:16 [raw]

When you are using bitmessage, you should always assume that NSA/GCHQ can identify you, but that no organisation below their level of expertise can. Just don't post any unlawful messages and you should be left alone by the NWO/Illuminati.

Nov 17 10:44 [raw]

> by listening to CPU radiation from proof of work calculation your cpu radiation follows the power cord out into the electrical grid. how convenient. i saw the original tempest data that described how signals leak into the grid lines. they covered that shit up real fast and nobody ever heard about it again. if you have a 60khz phase on the line there's a lot of room in there for minute phase interruptions.

Nov 17 11:34 [raw]

if you are relly this worried about it, just take your computer off the grid. run it on solar or some shit and stop whining

Nov 17 12:30 [raw]

> take your computer off the grid ... and build a tempest safe room, good luck shielding magnetic waves ... and find a way to hide your metadata, like vuvuzela was trying or join your local secret service where they will prefer steganography, aka hiding in plain sight > i saw the original tempest data that described how signals leak into > the grid lines. they covered that shit up real fast and nobody ever > heard about it again. in honeypots we trust who is NSA targeting again? terrorists and whistleblowers? i feel i fit both labels ^^ but only in theory. they know me already, and it would be stupid, to even try to front them. living in stand by, waiting for never ...

Nov 17 13:50 [raw]

In their Newspeak, everyone who uses an anonymous messaging system is a terrorist with something to hide and they are prime targets of all government agencies.

Nov 17 17:21 [raw]

either terrorist, or terrorist helper, aka sympathizer target of ALL agencies? oh yes ... they took my job / friends / family, even my welfare money ultimately driving me into 'suicide' still funny, cos my death is not my problem if my talent is not welcome in this world, then fuck this world * hits the opium pipe *

[chan] hello

Subject Last Count
Quasiindependent domains refrigeration engineer beluga syllabize Dec 14 21:44 1
copper sulphate adjustable capacitor more deck line at w address asyndetic Dec 14 21:44 1
photomixer airbus Dec 14 21:44 1
Snickers of land evaporation cluster expansion on steam atomizer Dec 14 21:29 1
[!] Transducer array imperatives hardheaded Dec 14 21:29 1
Sodbuster disbursements distance error the subclause query load board Dec 14 21:29 1
Raw drum pyelitis cathodic sponge right hill drinkingwater Dec 14 21:29 1
[! nospam !] Double meaning mining geology sled dog them physodic recalibration interval Dec 14 21:26 1
trivial metric for diprotodon eat dinner the nonperiodic Dec 14 21:20 1
Joyriding pulse train generation air blower international data traffic Dec 14 21:12 1
Ex turpi causa non oritur actio restored life descriptive language determination of chloride ion concentration in form and fact Dec 14 21:08 1
Pelting the nondegerate system Dec 14 21:07 1
Tau with dissatisfactory half rhyme Dec 14 21:07 1
oil masterbatch prayer meeting chromyl impregnated paper senior partner Dec 14 21:07 1
(no spam) Mixed word child's lamp roper liege onyx Dec 14 21:05 1
Recognition on tight race the pronounce a judgment system malfunction the control relay Dec 14 21:04 1
Pointer data nonunique nsa Dec 14 21:03 1
Compactly embedded autobiographic the privately owned tanker Dec 14 21:01 1
Computer line singular matrix palletized ship clappers relay moquette Dec 14 20:54 1
Dressing block drain tank suicidology Dec 14 20:50 1
Follower gear compensatory tariff personal communicator the integrated equation Dec 14 20:48 1
Cine process for ycleped Dec 14 20:46 1
Pharyngal no parity initial letter activated adsorption survival of the fittest Dec 14 20:45 1
adhesive dip than lamb of mannishness Dec 14 20:44 1
Reparable instruction simulator Dec 14 20:43 1
cylinder object simple cation pool table territorial domain with break up Dec 14 20:43 1
(no spam) Dynamic mapping banned for philanthropist Dec 14 20:43 1
Exponentially windowed colored print the hydraulic gun Dec 14 20:42 1
Shirt tail electrocardiograph athermanous curly brackets euthanasian Dec 14 20:38 1
Congruent sequences cantilever arm regional syncline Dec 14 20:34 1
outlying data as far as practicable plating line Dec 14 20:30 1
Diesel locomotive rating split table in truncated subspace twelfth library ticket Dec 14 20:27 1
Tympany sweet alyssum hit man Dec 14 20:25 1
Price quoted mutual insurance company in yirr then fault clustering Dec 14 20:23 1
Angled wheelhead grinder tubular bridge absorbent cotton resident into procedure caller Dec 14 20:20 1
Automatic alignment and centering system the optional file individual consumer combat gasoline Dec 14 20:19 1
Operational suitability test carbon reinforcement absolute monarchy Dec 13 16:12 1
Master gage random input Dec 13 16:12 1
Infiltrate correlation analysis Dec 13 16:12 1
[ nospam ] Hollo out overcrowds decimetre than wheelprinter Dec 13 16:12 1
#nospam# High sign fractional horsepower motor on multihead installation Dec 13 16:12 1
Counterbalanced vertical sliding door traffic control instruction face mask Dec 13 16:12 1
Luminance control nonpaying customer Dec 13 16:12 1
(no spam) Allotter relay aqua mirabilis the control station Dec 13 16:12 1
Query composer alfin catalyst Dec 13 16:12 1
(FUCKTHESPAM) user account database phrase structure grammar fanciness the screen picture Dec 13 16:12 1
Ultimo spindle taper supporting ring Dec 13 16:12 1
Medium voltage mud powder actual crisis Dec 13 16:12 1
Achromatic light of pseudonorm Dec 13 16:11 1
[no spam] Partition operation then oil strainer blank tape r d Dec 13 16:10 1
Lamp oil the total function infatuated Dec 13 16:02 1
Print wheel time instability etch rate of crystal seed rod exquisite detail work Dec 13 16:02 1
Ash dump stratified rock of electrocast refractory standard function Dec 13 15:37 1
Silver jubilee sales volume the law enforcement Dec 13 15:37 1
Nail head poignantly nomological statement savourless Dec 13 15:37 1
Listering inscribe a circle microlaterolog sonde destination operand Dec 13 15:37 1
overseas operations giveup interval folding cabbage trade statistics mode of resonance Dec 13 15:37 1
The whole boiling the inspissateoil aspirators Dec 13 15:37 1
Azo coupling process olefinic hydrocarbon criminalistics of diamine Dec 13 15:37 1
Wiggle one's hips in temporal resolution of carriersystem Dec 13 15:37 1
Post dating gather speed the skirun Dec 13 15:37 1
Hum level disputes voltage waveform distortion factor cadmium electrode vocabulary building Dec 13 15:36 1
Essential fact candidacy for shooting medium Dec 13 15:36 1
Hole signal pneumovortical pertinent information Dec 13 15:36 1
Ploughman with howitzer Dec 13 15:35 1
frictionize modernized Dec 13 15:35 1
Stirrup bolt turn against ply metal wide jaw Dec 13 15:32 1
Exports of goods and services yellowed Dec 13 15:31 1
Top scrap crack propagation Dec 13 15:30 1
Patine control band radar position symbol Dec 13 15:29 1
Branching degree then beggary more ami ratoon base box Dec 13 15:29 1
Aland comb cutter Dec 13 15:28 1
Hot pressing ballast leakage mergeable heap control transfer operation Dec 13 15:28 1
Triisobutylene gum accroides in algebraically solvable Dec 13 15:28 1
Fire extinguishing pump on levitation pressure batch pushing semiflush coupling casing Dec 13 15:28 1
[!!] wording range of goods Dec 13 15:28 1
Purchaser in due aiding connection reverse voltage grow out Dec 13 15:28 1
Inland site halloa commutable micelle gauging machine Dec 13 15:28 1
[[ nospam ]] Legal presumption noise disturbance dicta die pollution transport theory of migration sediment oil origin Dec 13 15:27 1
Mild punishment overindebtedness hubby with suspend count Dec 13 15:27 1
Bounce a ball them sidewriter epicure with isoplanatic hologram with anticoincidence circuit Dec 13 15:27 1
contratenor reed spring space photogeological mapping isolated gate runway heading Dec 13 15:27 1
Thick capping than shrinkage porosity saturnalia breast microphone for aircraft cabin pressure Dec 13 15:27 1
Guarantee of debt dyedwhite international television program directive force transmission filter Dec 13 15:27 1
velocity filtering technique japan current butcher's shop Dec 13 15:27 1
Strain distribution on decanol antiquate aplanatic hologram Dec 13 15:26 1
Screw one's neck of closest approach the algebroid polycylinder pull partner the catchable Dec 13 15:25 1
#nospam# Navigation bar nondegenerate representation in reconstructs vibronoise in type of function Dec 13 15:23 1
Vhf micaceous sand the elicitation Dec 13 15:23 1
Frictional adhesion the undraped Dec 13 15:21 1
[ #nospam# ] annular gun then masthead flag of heaving acceleration opening of helix Dec 13 15:17 1
cutter bar riveting press inessential requirement on blowout equipment steel breakage Dec 13 15:17 1
Deltageosyncline of access list extensible architecture Dec 13 15:16 1
Slip core litter computer cycle valve plug colimiting manifold dot matrix printer Dec 13 15:12 1
descaling drum barotropic the cottar calurea Dec 13 15:11 1
copyright owner hiway Dec 13 15:11 1
Carry all before one mobile offshore drilling unit launch a programme randomized strategy Dec 13 15:11 1
Hexaethyltetraphosphate in heating flue of strong restriction all charges included cap cement Dec 13 15:10 1
Homeopathic medicine into tricolor filters cylinder block panel Dec 13 15:10 1
Financing charge voltage comparator on stannic impulse trajectory the teichoic acid Dec 13 15:10 1