It's the year of information privacy: First, there was Edward Snowden's revelation of the National Security Agency's (NSA) surveillance program. Then, there was Google's recent legal filing stating those who send emails to Gmail users have no legitimate expectation of privacy. Because of these and similar events — and the resulting concerns about data privacy — many people want to know how they can keep government agencies and third parties from snooping on their personal inboxes.
What is Bitmessage?
Bitmessage is a decentralized, trustless peer-to-peer (P2P) communications protocol used to send encrypted messages to another person or to many subscribers, such that users need not have any concept of public or private keys to use the system.
Translation: Your private messages stay private — no technical wizardry required. Using the Bitmessage client, messages stay secure, identities are masked, senders can't be spoofed and prying eyes will have a very hard time gaining access to your inbox. And unlike similar encryption software, Bitmessage encrypts and hides all data, and makes it very difficult for government agencies and third parties to access that data.
According to the software's white paper "Bitmessage: A Peer-to-Peer Message Authentication and Delivery System," government agencies' "overcollecting" of data from phone calls and messages has led to the need for a secure messaging system that doesn't rely on third-party services that have easily accessible servers, especially under legal duress. However, current programs —such as Pretty Good Privacy, an email encryption and decryption software — are too difficult for novices to use.
"Bitmessage aims to provide the same message security that other older encryption schemes continue to provide, but without requiring users to understand how public-key cryptography works," said Jonathan Warren, developer of Bitmessage and author of the white paper.
Furthermore, while similar services hide only the content of your messages, Bitmessage also hides metadata — such as sender information — and doesn't store information on centralized servers.
"Unlike other services, Bitmessage has no servers; all data is held for a limited amount of time in a bitcoinlike peer-to-peer network," Warren said.
How Bitmessage works
Here's how Bitmessage works: Users form a P2P network using the Bitmessage client. To send and receive secure messages, each user creates a Bitmessage address made up of a pair of two keys — a public key used for encryption and a private key for decryption. As explained in this Bitmessage primer, the two keys are mathematically related such that data encrypted by a particular sender's public key can be decrypted only by the intended receiver's private key.
To keep messages secure and ensure they are sent to the correct users, there are additional background processes — such as key mapping, data hashing, message "signing" and providing "proof-of-work"— all of which essentially prove to the receiver and the system that you wrote the message being sent.
Although the process may sound intimidating for those without a technical background, Bitmessage is not at all difficult to use, Warren said. Although it's not currently integrated into any email or instant-messaging system, the stand-alone software has a relatively familiar and user-friendly interface.
"Bitmessage doesn't require users to learn any new concepts —if they can give a friend their Bitmessage address and their friend can type it into their own Bitmessage client, then it is very difficult to use the software incorrectly," Warren said.
Bitmessage is available on all operating systems and can be downloaded from Bitmessage.org.