Discussion:
Bitmessage - Escape the mixmaster planation.
(too old to reply)
anon
2024-05-18 07:28:43 UTC
Permalink
On Tue, 14 May 2024 17:23:09 +0200 (CEST)
Nomen Nescio <***@dizum.com> wrote:

<snip>
discussion of anonymous remailers.
Bitmessage is the next generation of secure, private communication. It is a secure replacement for insecure and unreliable anonymous remailers. You have no way to know if your remailers are run by storefront shop keepers. Remailers are unreliable. Remailers are suspect. You have no idea who is running the peers in your chain. You have no way to know if they are trustworthy. Bitmessage fixes these problems.

Get Bitmessage: https://bitmessage.org
Bitmessage Reddit: https://reddit.com/r/bitmessage

Bitmessage uses modern, secure cryptography to hide your identity in a encrypted flood protocol. It uses dandelion to randomize your message injection paths. It hides non-content metadata from eavesdroppers. Bitmessage is the next generation of mixmaster and usenet rolled into one easy-to-use application. Bitmessage is decentralized and trustless, unlike mixmaster which requires you to trust remops. Bitmessage security is easy to verify, unlike remailers, for which no security can actually be verified.

Bitmessage allows you to anonymous broadcast yourself to anonymous readers. Bitmessage empowers you to create secret channels for which no eavesdropper can even discern your participation. Bitmessage enables private messaging such that senders, recipients, and eavesdroppers can't discern where the messages originate.

Escape the mixmaster plantation storefront. Find your anonymous freedom with the Bitmessage underground railroad.
Nomen Nescio
2024-05-18 10:34:18 UTC
Permalink
Post by anon
Bitmessage is the next generation of secure, private communication.
Nevertheless you're NOT using Bitmessage to post this message.
So what's wrong with it?

Btw, this Usenet posting was forwarded by the new OmniMix 2.7.3 release,
which grants us _indetectable_anonymous_bidirectional_standard_e-mail_
communication.
Stefan Claas
2024-05-18 10:55:13 UTC
Permalink
Post by Nomen Nescio
Post by anon
Bitmessage is the next generation of secure, private communication.
Nevertheless you're NOT using Bitmessage to post this message.
So what's wrong with it?
It is up to remops to allow this.

https://github.com/stefanclaas/mailchuck2mix
--
Regards
Stefan
Stefan Claas
2024-05-18 11:27:07 UTC
Permalink
Post by Stefan Claas
Post by Nomen Nescio
Post by anon
Bitmessage is the next generation of secure, private communication.
Nevertheless you're NOT using Bitmessage to post this message.
So what's wrong with it?
It is up to remops to allow this.
https://github.com/stefanclaas/mailchuck2mix
The other way around is also possible:

https://github.com/stefanclaas/mail2chan
--
Regards
Stefan
Nomen Nescio
2024-05-18 13:40:01 UTC
Permalink
Post by Stefan Claas
Post by Stefan Claas
Post by Nomen Nescio
Post by anon
Bitmessage is the next generation of secure, private communication.
Nevertheless you're NOT using Bitmessage to post this message.
So what's wrong with it?
It is up to remops to allow this.
https://github.com/stefanclaas/mailchuck2mix
https://github.com/stefanclaas/mail2chan
And the gateway gets hold of your plain text message? Just wondering.
Stefan Claas
2024-05-18 14:20:46 UTC
Permalink
Post by Nomen Nescio
Post by Stefan Claas
Post by Stefan Claas
Post by Nomen Nescio
Post by anon
Bitmessage is the next generation of secure, private communication.
Nevertheless you're NOT using Bitmessage to post this message.
So what's wrong with it?
It is up to remops to allow this.
https://github.com/stefanclaas/mailchuck2mix
https://github.com/stefanclaas/mail2chan
And the gateway gets hold of your plain text message? Just wondering.
Yes, same as mail2news gateways for Remailers.
--
Regards
Stefan
anon
2024-05-18 21:37:39 UTC
Permalink
On Sat, 18 May 2024 12:55:13 +0200
Post by Stefan Claas
Post by Nomen Nescio
Post by anon
Bitmessage is the next generation of secure, private communication.
Nevertheless you're NOT using Bitmessage to post this message.
So what's wrong with it?
It is up to remops to allow this.
Cut out the remop middle man. Escape the mixmaster plantation. Find your true anonymous freedom with Bitmessage.

Privacy - it's what's for dinner. Use Bitmessage so you don't become a meal.
Stefan Claas
2024-05-18 22:25:14 UTC
Permalink
Post by anon
On Sat, 18 May 2024 12:55:13 +0200
Post by Stefan Claas
Post by Nomen Nescio
Post by anon
Bitmessage is the next generation of secure, private communication.
Nevertheless you're NOT using Bitmessage to post this message.
So what's wrong with it?
It is up to remops to allow this.
Cut out the remop middle man. Escape the mixmaster plantation. Find your true anonymous freedom with Bitmessage.
Privacy - it's what's for dinner. Use Bitmessage so you don't become a meal.
Well, I use Remailers since the early 90s and Bitmessage for a couple of years
now and I would not use Omnimix nor the original Bitmessage client for sensitive
things, to become not a meal, so to speak.[1]

Please check out my diagram.png[2] on GitHub and tell me what is bad about
using Mixnetworks with Bitmessage, *if* the user creates outfiles with
YAMN or Mixmaster, on a second offline device, not connected to the
Internet, and transfers the outfile with a 3.5 inch disk to the online
computer, where the user can then inject the outfile to a native mix client,
in order to send it to a Bitmessage user or a chan?

That was the reason why I ran a mail2chan Gateway in the past. Wish
others would do the same and run a mail2chan Gateway again!

If the Bitmessage client, maybe a CLI Version, would allow us to create
BM payload offline and then inject it later via an online computer, well
that would be very very nice!!!

[1] I guess, since Pegasus and others appeared, a couple of years ago,
everybody would agree that it may not be a wise decision to create
messages, for anonymous communications, directly on an online device.

[2] Loading Image...
--
Regards
Stefan
SugarBug
2024-05-19 10:38:27 UTC
Permalink
On Sun, 19 May 2024 00:25:14 +0200
Stefan Claas <***@tilde.club> wrote:

<snip>
Post by Stefan Claas
If the Bitmessage client, maybe a CLI Version, would allow us to create
BM payload offline and then inject it later via an online computer, well
that would be very very nice!!!
One could encrypt the message with PGP on a air-gapped machine then transfer the PGP-encrypted ciphertext to the networked Bitmessage machine. Even better would be a secret shared key using a cascade of symmetric ciphers. In reality there would be two 'addresses' per party: the Bitmessage address and the PGP key or secret cipher key.

Also it is very easy to dump a encrypted Bitmessage object from the messages.dat file, then import it on another machine. So one could run Bitmessage with keys on a air-gap machine to generate the message, dump the encrypted sqlite object, then import that sqlite object on the connected machine (with no chan or address keys in keys.dat) and start up Bitmessage to let it connect to the network and synchronize.

It would not be difficult to write a command-line script to perform this sqlite swap, eliminating many of the individual steps.

There is also a command in the Bitmessage API to send a pre-encrypted Bitmessage payload. You would need to dig in the source code to see how it works.
--
www.sybershock.com | sci.crypt | alt.sources.crypto | alt.lite.bulb
Stefan Claas
2024-05-19 13:16:10 UTC
Permalink
Post by SugarBug
On Sun, 19 May 2024 00:25:14 +0200
<snip>
Post by Stefan Claas
If the Bitmessage client, maybe a CLI Version, would allow us to create
BM payload offline and then inject it later via an online computer, well
that would be very very nice!!!
One could encrypt the message with PGP on a air-gapped machine then transfer the PGP-encrypted ciphertext to the networked Bitmessage machine. Even better would be a secret shared key using a cascade of symmetric ciphers. In reality there would be
two 'addresses' per party: the Bitmessage address and the PGP key or secret cipher key.
But this would not work for chans and if two parties communicate one could still see
to whom you send messages, with your online computer.
Post by SugarBug
Also it is very easy to dump a encrypted Bitmessage object from the messages.dat file, then import it on another machine. So one could run Bitmessage with keys on a air-gap machine to generate the message, dump the encrypted sqlite object, then
import that sqlite object on the connected machine (with no chan or address keys in keys.dat) and start up Bitmessage to let it connect to the network and synchronize.
It would not be difficult to write a command-line script to perform this sqlite swap, eliminating many of the individual steps.
If I remember correctly, all the blobs in messages.dat are encrypted, when parsing, right?
Post by SugarBug
There is also a command in the Bitmessage API to send a pre-encrypted Bitmessage payload. You would need to dig in the source code to see how it works.
Years ago their was a really nice Python API client written by someone. But I no longer
have this client. It could be a good start to modify as needed.
--
Regards
Stefan
D
2024-05-19 11:31:18 UTC
Permalink
Post by Stefan Claas
Post by anon
On Sat, 18 May 2024 12:55:13 +0200
Post by Stefan Claas
Post by Nomen Nescio
Post by anon
Bitmessage is the next generation of secure, private communication.
Nevertheless you're NOT using Bitmessage to post this message.
So what's wrong with it?
It is up to remops to allow this.
Cut out the remop middle man. Escape the mixmaster plantation. Find your true anonymous freedom with Bitmessage.
Privacy - it's what's for dinner. Use Bitmessage so you don't become a meal.
Well, I use Remailers since the early 90s and Bitmessage for a couple of years
now and I would not use Omnimix nor the original Bitmessage client for sensitive
things, to become not a meal, so to speak.[1]
Please check out my diagram.png[2] on GitHub and tell me what is bad about
using Mixnetworks with Bitmessage, *if* the user creates outfiles with
YAMN or Mixmaster, on a second offline device, not connected to the
Internet, and transfers the outfile with a 3.5 inch disk to the online
computer, where the user can then inject the outfile to a native mix client,
in order to send it to a Bitmessage user or a chan?
That was the reason why I ran a mail2chan Gateway in the past. Wish
others would do the same and run a mail2chan Gateway again!
If the Bitmessage client, maybe a CLI Version, would allow us to create
BM payload offline and then inject it later via an online computer, well
that would be very very nice!!!
[1] I guess, since Pegasus and others appeared, a couple of years ago,
everybody would agree that it may not be a wise decision to create
messages, for anonymous communications, directly on an online device.
[2] https://github.com/stefanclaas/mail2chan/blob/main/Diagram.png
Doesn't bitmessage have scalability issue? It's been years since I last
looked into it, but doesn't it send every message to every node?

Also, is it still active? I remember seeing some security incident, and
then nothing happened with the client for a long time.
Stefan Claas
2024-05-19 13:19:11 UTC
Permalink
Post by D
Doesn't bitmessage have scalability issue? It's been years since I last
looked into it, but doesn't it send every message to every node?
Correct, when a lot of people would use it and it sends to every node.
Post by D
Also, is it still active? I remember seeing some security incident, and
then nothing happened with the client for a long time.
Well, yes it is still an active community, but not so big. About the
incident, this was also fixed long ago. The client for Linux and Windows
is still being updatet, but you don't see it on the Wiki. I currently
do not have the download URLs handy.
--
Regards
Stefan
D
2024-05-19 20:57:44 UTC
Permalink
Post by Stefan Claas
Post by D
Doesn't bitmessage have scalability issue? It's been years since I last
looked into it, but doesn't it send every message to every node?
Correct, when a lot of people would use it and it sends to every node.
Post by D
Also, is it still active? I remember seeing some security incident, and
then nothing happened with the client for a long time.
Well, yes it is still an active community, but not so big. About the
incident, this was also fixed long ago. The client for Linux and Windows
is still being updatet, but you don't see it on the Wiki. I currently
do not have the download URLs handy.
Oh, that's interesting! Where does the community interaction take place?
I've looked at the wiki and thought the project was dead. Glad to hear
that there's still some action! =)
Stefan Claas
2024-05-20 07:43:59 UTC
Permalink
Post by D
Post by Stefan Claas
Post by D
Doesn't bitmessage have scalability issue? It's been years since I last
looked into it, but doesn't it send every message to every node?
Correct, when a lot of people would use it and it sends to every node.
Post by D
Also, is it still active? I remember seeing some security incident, and
then nothing happened with the client for a long time.
Well, yes it is still an active community, but not so big. About the
incident, this was also fixed long ago. The client for Linux and Windows
is still being updatet, but you don't see it on the Wiki. I currently
do not have the download URLs handy.
Oh, that's interesting! Where does the community interaction take place?
I've looked at the wiki and thought the project was dead. Glad to hear
that there's still some action! =)
You can find the bitmessage community in chan bitmessage. Last year was a posting
here which lists other chans.

<https://groups.google.com/g/alt.privacy.anon-server/c/uJmZM7x6JOo/m/b4isFyOYBAAJ>

You can of course create your own (private) chans, for communications with friends.
--
Regards
Stefan
D
2024-05-20 13:49:27 UTC
Permalink
Post by Stefan Claas
Post by D
Post by Stefan Claas
Post by D
Doesn't bitmessage have scalability issue? It's been years since I last
looked into it, but doesn't it send every message to every node?
Correct, when a lot of people would use it and it sends to every node.
Post by D
Also, is it still active? I remember seeing some security incident, and
then nothing happened with the client for a long time.
Well, yes it is still an active community, but not so big. About the
incident, this was also fixed long ago. The client for Linux and Windows
is still being updatet, but you don't see it on the Wiki. I currently
do not have the download URLs handy.
Oh, that's interesting! Where does the community interaction take place?
I've looked at the wiki and thought the project was dead. Glad to hear
that there's still some action! =)
You can find the bitmessage community in chan bitmessage. Last year was a posting
here which lists other chans.
<https://groups.google.com/g/alt.privacy.anon-server/c/uJmZM7x6JOo/m/b4isFyOYBAAJ>
You can of course create your own (private) chans, for communications with friends.
Hmm, pro-tip. If you want to grow bitmessage engagement, open a channel
somewhere that doesn't need bitmessage in order to participate. Then it
tends to become a channel preaching to the choir.

Or is there a web archive/interface somewhere as well? That would be nice!
=)
Stefan Claas
2024-05-20 14:18:39 UTC
Permalink
Post by D
Post by Stefan Claas
Post by D
Post by Stefan Claas
Post by D
Doesn't bitmessage have scalability issue? It's been years since I last
looked into it, but doesn't it send every message to every node?
Correct, when a lot of people would use it and it sends to every node.
Post by D
Also, is it still active? I remember seeing some security incident, and
then nothing happened with the client for a long time.
Well, yes it is still an active community, but not so big. About the
incident, this was also fixed long ago. The client for Linux and Windows
is still being updatet, but you don't see it on the Wiki. I currently
do not have the download URLs handy.
Oh, that's interesting! Where does the community interaction take place?
I've looked at the wiki and thought the project was dead. Glad to hear
that there's still some action! =)
You can find the bitmessage community in chan bitmessage. Last year was a posting
here which lists other chans.
<https://groups.google.com/g/alt.privacy.anon-server/c/uJmZM7x6JOo/m/b4isFyOYBAAJ>
You can of course create your own (private) chans, for communications with friends.
Hmm, pro-tip. If you want to grow bitmessage engagement, open a channel
somewhere that doesn't need bitmessage in order to participate. Then it
tends to become a channel preaching to the choir.
Or is there a web archive/interface somewhere as well? That would be nice!
=)
Years ago there was beamstat.com, a web page where you could see and read all known
chans and posting to them was at the beginning also allowed, via the web-interface.
--
Regards
Stefan
Stefan Claas
2024-05-20 15:01:50 UTC
Permalink
Post by Stefan Claas
Years ago there was beamstat.com, a web page where you could see and read all known
chans and posting to them was at the beginning also allowed, via the web-interface.
Maybe interesting for some of you.

If you right-click on your BM-address, on the left pane,
you can get a free Mailchuck email address from that Gateway.

It can then be used, for example, as a Remailer reply address,
or as email address for registering at WWW sites.

If you have BTC you can get a paid Mailchuck account, which
allows sending emails, from within the BM-client.

--
Regards
Stefan
Stainless Steel Rat
2024-05-26 14:36:11 UTC
Permalink
Post by Stefan Claas
Post by Stefan Claas
Years ago there was beamstat.com, a web page where you could see and read
all known chans and posting to them was at the beginning also allowed,
via the web-interface.
Maybe interesting for some of you.
Might be, if it were still in existence.
Post by Stefan Claas
If you right-click on your BM-address, on the left pane, you can get a
free Mailchuck email address from that Gateway.
It can then be used, for example, as a Remailer reply address,
or as email address for registering at WWW sites.
It's good for a nymserver reply-block address. My understanding is that any
email has to be collected and locally saved within about 8 days, or else it
is liable to disappear from the BitMessage network. Depending on one's use-
case, that can be either a bug or a feature.
Post by Stefan Claas
If you have BTC you can get a paid Mailchuck account, which allows sending
emails, from within the BM-client.
Kinda redundant, when there are plenty of free, even Tor-based email
services around.

Stainless Steel Rat

D
2024-05-21 18:13:10 UTC
Permalink
Post by Stefan Claas
Post by D
Post by Stefan Claas
Post by D
Post by Stefan Claas
Post by D
Doesn't bitmessage have scalability issue? It's been years since I last
looked into it, but doesn't it send every message to every node?
Correct, when a lot of people would use it and it sends to every node.
Post by D
Also, is it still active? I remember seeing some security incident, and
then nothing happened with the client for a long time.
Well, yes it is still an active community, but not so big. About the
incident, this was also fixed long ago. The client for Linux and Windows
is still being updatet, but you don't see it on the Wiki. I currently
do not have the download URLs handy.
Oh, that's interesting! Where does the community interaction take place?
I've looked at the wiki and thought the project was dead. Glad to hear
that there's still some action! =)
You can find the bitmessage community in chan bitmessage. Last year was a posting
here which lists other chans.
<https://groups.google.com/g/alt.privacy.anon-server/c/uJmZM7x6JOo/m/b4isFyOYBAAJ>
You can of course create your own (private) chans, for communications with friends.
Hmm, pro-tip. If you want to grow bitmessage engagement, open a channel
somewhere that doesn't need bitmessage in order to participate. Then it
tends to become a channel preaching to the choir.
Or is there a web archive/interface somewhere as well? That would be nice!
=)
Years ago there was beamstat.com, a web page where you could see and read all known
chans and posting to them was at the beginning also allowed, via the web-interface.
Oh had no idea! Will have a look! =)
Loading...