I’ve been testing Bitmessage for a few days now. It’s intended to be an alternative or a replacement for email.

To use it, you download the client, create a bunch of addresses which you advertise or keep secret or hand out to your pals, and just let the program sit there until you get a message. Your CPU usage will increase for awhile. You can slip me a message at BM-2D8Yi4uq9EaqH85iSdevgCaV9DTWDuH1ig.

I’ve been pondering what to do about email for a long time. Email is broken in at least two ways:

  1. Email is centralized: you have to sign up for an account on a specific server. You hope that server is reliable and that the people running it are trustworthy.
  2. Email is inherently insecure. Sending an email is like sending a postcard.

I’ve thought off and on about that second problem ever since I experimented with PGP in the late 90s. PGP’s approach was to use regular email and manually encrypt the text of the message. But it made no attempt to solve the first problem: you still had to get an account on someone else’s server (or devote large amounts of time and cognitive overhead to running your own, and usually leaving sloppy trails of money all over the place). If you care enough about privacy and liberty to use encryption in the first place, this creates something of a poser for you.

In short, at the most basic levels, the very design of traditional email makes it hard to use securely.

With Bitmessage, everything is encrypted and it’s not all that hard to use. I can see it getting much better adoption than PGP/GnuPG ever did. But more than that, you’re no longer relying on anyone else’s servers in order to receive messages. You could always set up your own email server, but it’s, shall we say, extremely nontrivial to do so in a secure, reliable manner: guarding yourself against spammers, setting up DNS records, getting a static IP address, etc. With Bitmessage you start up the software, it automatically finds and connects to peers on the network, and it’s off to the races. No money or personally identifying info changes hands (meaning actual privacy and anonymity are possible) and there’s no special configuration to do.

Caveat emptor. Bitmessage is new and it hasn’t had a security audit, so you should really treat it as a toy or proof-of-concept. All the same, give it a shot.

I agree with your two points, but any system involves tradeoffs. Communication is inherently insecure—to one degree or another. Any communication (electronic or paper) which passes through a third party is more insecure than communication which is done face-to-face. But even face-to-face communication has the risk of being overheard or the second party betraying the communicator either by circumstance or malice.

I am glad to see the creation of Bitmessage because I think more options for communication is always a good thing. Unfortunately, after I looked over Bitmessage it was clear to me that, as it stands, it won’t replace email. For the technologically illiterate it is still too complicated. The masses have clearly demonstrated they prefer ease of use over privacy or security. For myself, I admit I am uneasy over the “always on” feature of acting as a server for messages. Sure, its not supposed to be possible to use the bitmessage software for malicious attacks on the computers running it, but at this stage I feel that in trying to close one can of worms (the insecurity of email) another can of worms may be opened.

I will watch the continued development of Bitmessage with interest. If the technology matured, I would be interested in seeing it built into email clients like Thunderbird so a person could continue to receive unsecure emails and bitmessages in the same location locally.

Rundy ·

Regarding Rundy’s comment above, let’s be clear and distinguish between several related issues here.

  • “I agree…but any system involves tradeoffs.” Of course this is true, but how is it relevant? If anything, it seems to me that we now have email, in which no thought at all was given to the security/convenience tradeoff (fixes having been merely bolted on at a later stage), and Bitmessage, in which the considerations involved with that tradeoff are at the center of the protocol’s design.
  • I’m not sure whether Rundy means Bitmessage is complicated to use, or that it has a complicated design, or both. Complicated to use — how? Complicated design — is it more complicated than the conglomeration of SMTP, IMAP, TLS, and POP protocols we all use every day?
  • I’m looking for a distinction between inherent un-useability and un-useability as currently implemented. I.e., is Bitmessage inherently complicated in a way that several decades of UI design iterations will find impossible to overcome? Is email more useable because it offers a friendlier metaphor, or because it has decades’ worth of accumulated familiarity?
  • When I wrote “security” in the original article, I was thinking more in the sense of privacy (a valid, or even default, sense, when talking about communication) — i.e., hardening the message vs. the machine. The machine is a concern as well, but not more so than in a traditional email client, and something we look to the advantages of security audits and open-source peer review to mitigate.

I suppose being true to this site's stated principles would mean emailing these concerns to Rundy and offering him the chance to edit/clarify his comment before having it published. But since this a mere blog post I finally decided the resulting discussion would be just as useful if it took place in public.

Joel (Author) ·

  • The idea was that since there is a tradeoff between ease of use and privacy/security one could graph the relationship and then mark a sweet spot where these two points are balanced. The suggestion was that, in the terms of this hypothetical graph, traditional email is too far to one end and Bitmessage too far to the other. The point of contention, of course, is that everyone would weight the graph differently.
  • I meant complicated to use by the average public. I do not consider that a barrier of entry for myself. I have set up Linux, Apache (with attendent mailserver), and MYSQL locally, so installing and using Bitmessage myself would be quite trivial. But I realize my skill-set, and tolerance of the technical, puts me in a very small minority. Most of the populace only tolerates one-click install and simplistic use. Your Bitmessage “address” itself is sufficent to turn away most. That address tells the average person Bitmessage is too complicated without them having to even attempt to install the program.
  • You ask, “I’m looking for a distinction between inherent un-useability and un-useability as currently implemented.” My opinion is that as currently implimented will not be used by the general public. I feel it is too early in the life of Bitmessage to offer an opinion of what it might be—but I think I can safely say that if Bitmessage were to have any hope of going mainstream it would need a UI interface to make it function on the frontend like email.

I hope that clarifies.

The average non-technical end-user of email does not feel like it is broken in any sufficently meaningful way. People complain, but people are lazy, and the status quo suits them well enough becuase the problems in email do not seem to significantly impact the life of the average user. One can argue whether this impression is accurate, but the fact that most people feel this way is a huge hurdle for Bitmessage, or any other communication method that would supplant email.

The curious thing to me is the fact that ISP and internet email companies are not trying to create and deploy an improvment on email. Current protocol is horribly out-dated and the ease with which the system is spammed creates massive (and costly) headaches for the companies which handle email. I am surprised they haven’t found sufficent monetary incentive to create a better solution.

That said, I suspect if a solution were invented by ISPs and internet email companies I doubt it would be weighted toward the privacy of users.

Rundy ·